Vanilla Forums 2.6
28 May 2018
Vanilla Forums version 2.6 is now available (major release).
Upgrading to Vanilla Forums 2.6
Vanilla Forums 2.6 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Vanilla Forums updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Vanilla Forums install to test the 2.6 upgrade prior to applying it live. Get started managing your Vanilla Forums installations with Installatron
What's New in Vanilla Forums 2.6
Security
- Prevent activity record data from leaking in AJAX response.
- Fix XSS in Editor attachment viewer.
- Fix XSS is SSO connection screen.
- Regenerate confirmation code when changing email address.
- Require confirmation of manually-entered emails during SSO.
- Fix permission check on private conversation participants adding messages.
- Fix permission-based email leaking in private conversations.
- Fix permission problem in "getRecord" function.
- Fix ownership checking of drafts before allowing overwrite.
- Blacklist the 'download' attribute from user-generated content.
- Fix our use of cURL to not allow non-HTTP redirects.
Highlights
- Users may now "Follow" categories.
- Recent Discussions page may be filtered to only show discussions from followed categories.
- This feature must be enabled in the Dashboard.
- Enabling it adds a new menu to the Recent Discussions page, so theming conflicts should be checked.
- We removed the old "Mute" function for categories to make room for this new feature.
API v2
- New addon "API v2 Docs" (in plugins/swagger-ui) is now part of the default package and on by default in new installs.
- It adds API documentation to the Dashbord menu.
- The API documentation auto-builds when accessed, giving you custom docs that are specific to what addons you currently have enabled on your site.
- Add API v2 support for search.
- API change for Q&A addon: A discussion that is a Question can no longer be updated or deleted from the discussion endpoint. It must use the new Ideation or Q&A endpoints. This prevents loss of data integrity for their current status.
- API: Add pagination information to response headers for multiple endpoints.
- API: Add filtering by archived status to categories endpoint.
- Allow the API v2 to authenticate with API v1 access tokens.
- API docs: Parameters of type 'enum' now correctly list all values that are accepted.
Bug Fixes
- Fix ability to delete items in moderation logs.
- Fix spider crawling errors for non-existent pages.
- Fix image upload button not always appearing in Advanced Editor and Signature editing.
- Fix filter menus showing for guests on Recent Discussions and categories root.
- Add "none found" message to category pages with no categories.
- Fix image cropper overflow when editing avatars.
- Fix broken links to theme documentation from dashboard.
- Update redirection after adding a category.
- Update System user's default avatar.
- Rename database column GDN_Session.DateExpire to DateExpires to match conventions and fix structure update problem.
- Fix translations for file upload error messages.
- Fix Google+ SSO link to signin.
- Make 'image upload' button on by default in Editor.
- Fix user search by IP not returning results
- Adjust comment editing permission checks to avoid re-querying the database unnecessarily.
- Multiple accessibility improvements.