Vanilla Forums 2.1.7
9 January 2015
Vanilla Forums version 2.1.7 is now available (security release).
Upgrading to Vanilla Forums 2.1.7
Vanilla Forums 2.1.7 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Vanilla Forums updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Vanilla Forums install to test the 2.1.7 upgrade prior to applying it live. Get started managing your Vanilla Forums installations with Installatron
What's New in Vanilla Forums 2.1.7
- Security: Fix for CSRF potential in posting & editing discussions.
- Security: Fix for allowing unauthorized Format changes to discussions (possible XSS vector when combined with the above CSRF).
- Security: Harden Gdn_Database against MySQL injection attacks by closing possible multiple-query-per-statement vector.
- Fix for "u.Photo isn't in GROUP BY" Fatal Error (thx @Shadowdare)
- Fix for detecting locales in enabled application (thx @hgtonight)
- Fix for IS NULL WHERE clauses (thx @imnotjames)
- Added a new "Class Gdn not found" exception if ini files are out of date to avoid obscure errors