Hosting Vanilla Forums

3.3

28 October - 80MBVanillicon

You'll see a new avatar after this update.



Rich Editor

Rich quotes of Discussions now display the user profile image.

All rich quotes now use the improved expand/collapse UI from reported posts.

Multiple images can now be uploaded at the same time.

Fix a bug where nested lists in Rich Editor would render improperly after being posted. vanilla#9332



Bug Fixes

Fix emoji suggestions not displaying.

Update Vanillicon email hashes.

Fixed a bug causing javascript not to execute in older browsers.

Fix notifications not being sent to participating users.

Fix invalid/expired state token error when signing in.

Update Twitter addon to use platform's share links.

Fix dashboard category name rendering.

Improve URL handling in API v2 /media/scrape endpoint.

The time formats for some locales have been changed to the 24-hour format in accordance to their locale standards.

Fix unicode character handling in "leaving" page links.

Fix photo ID encoding in Getty Images embeds.

Fix preemptively join conversations.

Read more: https://open.vanillaforums.com/discussion/37683/vanilla-3-3-is-now-available






3.2
 (security release)
4 September - 80MBSecurity

Fix possible request forgery using Facebook Social Connect sharing

Fix invitation codes not expiring after use

Fix users being able to dismiss a non-dismissable message

Fix passing post URL in request when flagging a post

Fix enumeration via user availability endpoints in private communities

Fix ability to send invitations when site not configured for invitation registration

Fix category validation in embedded comment posts

Fix ability to manually set ID when creating an invitation

Fix quote folding settings not requiring authenticated postback



Highlights

Add React-based embed system (Embedded content gets a major facelift!)

Update OAuth2 addon to be OIDC compliant (This may be a breaking change if your OAuth 2.0 provider is not also OIDC compliant.)

Fix category validation when moving a discussion 

Add notifications to users quoted in rich posts 

Add active user sorting in mention list 

Fix toggling verified status on user profile not properly refreshing 

Fix slow pruning of access token tables with a high number of rows 

Fix changing window hash sometimes causing infinite loop 

Fix moderation queue alignment on mobile 

Add re-orienting of images uploaded with media API 

Add new mobile dropdown style 

Fix rendering rich posts with empty bodies 

Fix Emoji support for Windows 

Update padding in Message component flexible 

Add route instance caching to RouteHandler 

Update user content list styles 

Update error reporting to include E_USER_WARNING 



Rich Text Editor

Add newline to bottom of editor on click 

Add alt-text input for images to Rich Editor 

Fix min length validation 

Fix editor paragraph positioning 

Prevent editor crash with mention inside of inline code

Read more: https://open.vanillaforums.com/discussion/37556/vanilla-3-2-is-now-available






3.1
 (major version) (security release)
11 July - 70MBThis release patches multiple medium severity security issues.



Security

Fix invitation limits not being enforced

Remove dynamic RemoteUrl detection code to fix XSS vulnerability (note: This could potentially be breaking change for sites that were improperly configured using a method deprecated 7 years ago)

Fix potential security vulnerability in serveFile() method

Fix Right to Left override character scrambling URL on leaving page

Improper Access Control - API V2 media endpoint

Fix Path disclosure

Publish WordPress addon security fixes

Fix unprivileged setting of QnA status when adding or editing comments

Add additional rate limiting to some Vanilla sign-in URLs

Add rate limiting to SSO connect endpoint



Highlights

Full Content Rendering for Moderation/Spam Queue



Bug Fixes

Update media resource management permission to Garden.Community.Manage

Fix incorrect editor selection handling

Fix Rich Editor responding slowly in some browsers

Fix clicking on Rich Editor mentions being able to crash the editor

Fix Css bug when creating a spoiler

Fix terms of user manager to display properly.

Simplify showing and hiding name and password.

Fix category following for members.

Fix Rich Post formatting while using search without Advanced Search.

Fix broken format when reporting a post

Ensure users can view their own profile information even if they do not have the moderator level permissions to view other users personal information

Fix category discussion type not respected when creating a question.

Add boilerplate/keystone theming styles fixes

Add state token support to Gdn_OAuth2

Add ability to set standard target after registration by invitation

Escape the title in Gdn_Theme::logo()

Remove file path from some upload error messages

Read more: https://open.vanillaforums.com/discussion/37418/vanilla-3-1-is-now-available






3.0.2

24 June - 60MB
bug fixes

Read more: https://open.vanillaforums.com/discussion/37360/vanilla-3-0-is-now-available-updated-3-0-2



display more versions




3.0.1
 (major version)
17 June - 60MBHighlights

New Rich Editor features and improvements.

100s of bug fixes.

Many medium-severity security issues reported via our HackerOne campaign are now resolved.

Improved default cache headers.

Deprecated some old classes, and removed some already deprecated ones.

Laid the groundwork for a new drafts & reaction systems.

Image upload limits.

Improvements to the Keystone theme.

Google SignIn.

Better SEO and performance w/ the DeferredLegacyScripts flag.

Read more: https://open.vanillaforums.com/discussion/37360/vanilla-3-0-is-now-available-updated-3-0-1