Hosting Vanilla Forums

2.3.1
 (security release)
14 May - 14MBWhat's New

A critical upgrade to the PHPMailer library to prevent remote code execution.

Mitigation of a medium-level exploit of the HTTP_HOST header.

Additional minor fixes.

Read more: http://open.vanillaforums.com/discussion/33498/critical-security-release-vanilla-2-3-1






2.3
 (major version)
15 March - 14MBWhat's New

Vanilla 2.3 requires PHP 5.4 which is a change from earlier versions.

Read more: http://open.vanillaforums.com/discussion/32822/vanilla-2-3-is-now-available






2.2.1
 (security release)
10 May 2016 - 14MBWhat's New

Sets email default to text. This is future-proofing for HTML emails being added in 2.3.
Fix RSS feed when using table layout (thanks to korelstar).
Fix breadcrumbs when Vanilla is installed in a sub-directory (thanks to korelstar).
Fix translation bug in Captcha.
Fix where an error could be thrown on certain 404 pages.
Fix redirect after deleting an activity.


Security Patches

Upgrade htmLawed library to 1.1.21 (security fix). Thanks to psych0tr1a for responsibly disclosing this.
Fix condition where a filename could be echoed back to user (unsanitized output).

Read more: http://vanillaforums.org/discussion/32109/vanilla-2-2-1-now-available






2.2
 (major version) (security release)
17 November 2015 - 14MBWhat's New

Add Advanced Editor (HTML5 full drag-and-drop WYSIWYG).
Remove cleditor (not secure).
Add Emoji and an Emoji Extender addon to create your own sets.
Add Google+ SSO.
Add Section 508 support (accessibility improvements).
Add support for controllers in plugins.
Add spam checking & more flood control in Conversations.
Upgrade PHP Markdown and split out Vanilla Markdown customizations.
Add the Garden.Community.Manage permission for community managers.
Allow Unicode in mentions and usernames.
Allow using utf8mb4 databases (to allow Unicode emoji characters).
Added support for Twitch.tv, Hitbox.tv, and SoundCloud.
Add new social icons.
Add new class to handle event logging.


Security Patches

Fix issues with fetchPageInfo() implementation.
Implement public stashes.
Protect transient key from JSONP.
Protect transient key on profile pages.
Don't allow SSO with empty secrets.
Remove htmlEntityDecode() endpoint.
Improve addon testing / enabling / disabling security.
Add validation to .org feed pulling.
Protect discussions from unauthorized split/merge.
Add output filtering to a few places.

Read more: http://vanillaforums.org/discussion/31121/vanilla-is-proud-to-present-version-2-2



display more versions