Fork me on GitHub
Important security fix: 2.1.10, released 4 May.

Vanilla Released

ToddTodd Chief Product Officer Vanilla Staff
edited March 2012 in Releases
This discussion is related to the Vanilla addon.

This release fixes a security hole in Vanilla that can leave your forum open to XSS attacks. There are also a couple of other minor fixes included with this release. We strongly recommend updating to this version of Vanilla.


  • 2012-03-26 Partially fix #1330 by checking the format field on models.
  • 2011-09-28 Fixed canonical url in /categories/*.
  • 2012-03-16 Fixed canonical url bug when looking at a category.

If you are running Vanilla 2.0.18+ and want the files to fix the security hole you can do the following:

  1. Download Vanilla
  2. Replace the following files on your site:

    • applications/dashboard/locale/en-CA/definitions.php
    • library/core/class.validation.php
    • library/core/functions.validation.php


Sign In or Register to comment.