Fork me on GitHub
Current release is 2.1.6 (21 Nov 2014).

Users who have not yet upgraded to 2.1 should get security release (1 Nov 2014). We will stop providing these security releases to 2.0 at the end of this year.

Security Update: Vanilla

ToddTodd Chief Product Officer Vanilla Staff
edited April 2013 in Releases

Even though Vanilla 2.1 is just around the corner we are still supporting 2.0.18.* installations. To this end we've released an important security update that should be applied immediately to anyone running 2.0.18.*. The new version can be found here.

If you don't wan't to overwrite every single file then the one file that needs to be changed is here (raw download here).

This is an important security update so please update your installation.


  • 2013-04-05 Check for FilterForm() before calling it.
  • 2013-04-04 Disable the ability to call functions in escaped sql strings.
  • 2013-03-22 Switch update checks to json to prevent object injection hacks.
  • 2013-03-02 Make sure the admin password is hashed when inserting the admin user on an already installed Vanilla.
  • 2012-12-12 Fix Facebook plugin for the 5 Dec 2012 Facebook update.
  • 2012-10-13 Add class attributes for all the menu item elements.
  • 2012-10-13 Ignore eclipse project files.
  • 2012-09-11 Add the cache-control logic from the 2.1 branch.
  • 2012-04-11 Add the proper username parameter to profile/edit.
  • 2012-04-11 Filter activity, discussion, and comment forms.
  • 2012-03-26 Added Gdn_Model->FilterForm() to help prevent user from posting unauthorized database values.
  • 2012-04-11 Fixed security hole where on profile/picture and profile/preferences. Allow moderators to change users' pictures from the profile page.
  • 2012-04-03 Added joomla password hashing.


Sign In or Register to comment.