Vanilla Forums 2.1.1
4 August 2014
Vanilla Forums version 2.1.1 is now available (security release).
Upgrading to Vanilla Forums 2.1.1
Vanilla Forums 2.1.1 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Vanilla Forums updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Vanilla Forums install to test the 2.1.1 upgrade prior to applying it live. Get started managing your Vanilla Forums installations with Installatron
What's New in Vanilla Forums 2.1.1
- HtmLawed was upgraded to close an XSS vector (thanks to Psych0tr1a for responsibly disclosing this to us & to HtmLawed for a fast patch in response).
- Multiple XSS exploits were fixed (thanks to @x00 for responsibly disclosing and both he and @businessdad for assistance in making our patches as bulletproof as possible).
- Fixed a Twitter SSL bug (thanks @Adrian for the patch).
- Fixed a missing permission check in the sorting utility (thanks @R_J for the patch).
- cleditor was patched to fix a crippling IE11 bug.
- Profile Extender was upgraded and a security flaw in it was fixed.
- Fixed a bug in Announcing while starting a discussion.
- Corrected the default theme README.
- Backported GDN_UserAuthenticationProvider.IsDefault so the latest version of jsConnect will work with 2.1.1.
- Fixes a theme screenshot bug (thanks @hgtonight‌ for the patch).