Vanilla Forums 2.8.1
28 March 2019
Vanilla Forums version 2.8.1 is now available (security release).
Upgrading to Vanilla Forums 2.8.1
Vanilla Forums 2.8.1 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Vanilla Forums updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Vanilla Forums install to test the 2.8.1 upgrade prior to applying it live. Get started managing your Vanilla Forums installations with Installatron
What's New in Vanilla Forums 2.8.1
Vanilla 2.8.1 contains multiple security and bug fixes. Please upgrade immediately.
Security
- Fix stored XSS when deleting a tag
- InThisDiscussion Plugin: Fix XSS in username field
- Tagging: Fix Adding tags to discussions without proper permission
- Check Discussion permissions when flagging a discussion
- Fix: Bypassing trusted domains to post links using Right-to-left unicode character
- Fix XSS at add user/reveal password
- Fix: manipulating conversationID can shut down further new conversations
Bug Fixes
- Fix responsive theme support for keystone.
- Fix keystone NewFlyouts feature flag not directly tied to the theme being enabled.
- theme-boilerplate ThemeHooks removed. No longer necessary.
- Keystone no longer forces itself as the mobile theme.
- Fix keystone javascript error for signed out users (preventing refresh on signin).
- Fix Advanced Editor flyouts on mobile with keystone. Thanks @MichaelTyson for assistance with debugging this.
- Fix clearing of rich editor for conversations and activity
- Fix formatting of notifications & emails for the following post formats: Rich, BBCode, Markdown
- Fix undo/redo actions for embeds while creating rich posts
- Fix a bug causing partially loaded rich embeds from crashing the page.
- Pockets: Fix typo in pockets permissions
- Fix casing of pockets CSS class location
- Fix installation on windows. Thanks @austins (github username)
- Put back missing cache folder