HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Vanilla 2.1.6 released

LincLinc Detroit Admin

This is an important security upgrade for all forums.

Download it: http://vanillaforums.org/addon/vanilla-core-2.1.6

7 file changed. See the code diff.

Summary:

  • Security: Fixes an SQL injection vector.
  • Security: Adds a PDO option to harden against SQL injection.
  • Security: Improves the security of password resets by increasing token length and limiting them to 1 hour expiration.
  • Adds vBulletin 5.1 password hashing to allow seamless password migrations. All previous versions continue to be supported.

Thanks to the team at ZeniMax Online Studios for disclosing the password reset issue and SQL injection vector.

«13

Comments

Sign In or Register to comment.