Vanilla Forum is a powerful community publishing platform, and it comes with a great set of features designed to make the experience and the community experience easy and as pleasant and appealing as possible.
During the last few years, the Vanilla Forum has been widely adopted, seeing more intense development and adoption, even surpassing previous community favorite phpBB.
The system is very loved and has seen usage as a support forum, mainly to its simplified topic display, a recognizable feature, distinct and present only to the Vanilla Forum.
Along with this new found glory, the number of themes and plugins has also grown, providing webmasters with lots of tools to customize and adapt Vanilla to their own needs.
What is new in this release:
- Fixes a SSRF (server-side request forgery) vulnerability.
- Removed unused WordPress functions.
- Removed unused method RenderAlternate.
What is new in version 2.1.8p2:
- Security:
- Fix for CSRF potential in posting & editing discussions.
- Fix for allowing unauthorized Format changes to discussions (possible XSS vector when combined with the above CSRF).
- Harden Gdn_Database against MySQL injection attacks by closing possible multiple-query-per-statement vector.
What is new in version 2.1.6:
- Security:
- Fixes an SQL injection vector.
- Adds a PDO option to harden against SQL injection.
- Improves the security of password resets by increasing token length and limiting them to 1 hour expiration.
- Adds vBulletin 5.1 password hashing to allow seamless password migrations. All previous versions continue to be supported.
What is new in version 2.1.4:
- Security: An Insecure Direct Object Reference was fixed that allowed unauthorized comment editing.
- Security: Potential CSRF vectors were closed, including one that could allow account hijacking.
- Fixes issue where enabling cleditor would permanently allow style parameter in comments.
- Fixes issue notifying users of new comments in certain cases where they did not have permission to then view them.
- Fixes OpenID bug effecting Google Sign In.
- Multiple community-contributed bug fixes.
What is new in version 2.1.3:
- 3 newly discovered XSS vectors were fixed.
- The timezone bug introduced in 2.1.1 is fixed.
- Fixes invalid DeliveryType in plugins management.
What is new in version 2.1.2:
- 3 newly discovered XSS vectors were fixed.
- The timezone bug introduced in 2.1.1 is fixed.
- Fixes invalid DeliveryType in plugins management.
What is new in version 2.1.1:
- HtmLawed was upgraded to close an XSS vector.
- Multiple XSS exploits were fixed.
- Fixed a Twitter SSL bug.
- Fixed a missing permission check in the sorting utility.
- cleditor was patched to fix a crippling IE11 bug.
- Profile Extender was upgraded and a security flaw in it was fixed.
- Fixed a bug in Announcing while starting a discussion.
- Corrected the default theme README.
- Backported GDN_UserAuthenticationProvider.IsDefault so the latest version of jsConnect will work with 2.1.1.
What is new in version 2.0.18.9:
- Use SafeRedirect() instead of Redirect() in the discussion controller.
- Added TrustedDomains() and SafeRedirect().
- Don't allow user id override on post.
- Fixed Flagging security flaw
- Filter discussion title on categories/all
- Comment notifications should only be sent to people with the "NewComment" preference set.
- Twitter: Change api version to 1.1.
- Tagging: Fix xss bug in tagging.
- Do not add linebreaks twice on search.
What is new in version 2.0.18.8:
- Check for FilterForm() before calling it.
- Disable the ability to call functions in escaped sql strings.
- Switch update checks to json to prevent object injection hacks.
- Make sure the admin password is hashed when inserting the admin user on an already installed Vanilla.
- Fixed Facebook plugin for the 5 Dec 2012 Facebook update.
- Added class attributes for all the menu item elements.
- Ignore eclipse project files.
- Added the cache-control logic from the 2.1 branch.
- Added the proper username parameter to profile/edit.
- Filter activity, discussion, and comment forms.
- Added Gdn_Model->FilterForm() to help prevent user from posting unauthorized database values.
- Fixed security hole where on profile/picture and profile/preferences. Allow moderators to change users' pictures from the profile page.
- Added Joomla password hashing.
What is new in version 2.0.18.4:
- This release fixes a security hole in Vanilla that can leave your forum open to XSS attacks.
Requirements:
- PHP 5.2 or higher
- MySQL 5 or higher
- Apache 2 or higher
- PDO_MySQL module
- PHP Data Objects module
- PHP GD module
- PHP cURL module
Reacties niet gevonden