Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with Facebook Sign In with Google Sign In with OpenID Sign In with Twitter
Sign In Apply for Membership

Categories

In this Discussion

Who's Online 14

6apxatCurtisOdenRippericgillettelortabac +9 guests

Vanilla 1.1.5 release candidate 4

DinoboffDinoboff
in Vanilla 1
Vanilla 1.1.5 will fix some XSS and CSRF vulnerability. You can try it already by installing Vanilla 1.1.5 release candidate 4. For more information about the vulnerabilities, see Vanilla 1.1.5 releases notes (draft).

Upgrading instructions (draft):
http://lussumo.com/upgrade

The official release is planed for 22nd of September. Let us know if find any bugs or need us to add some delegation.

Vanilla 1.1.5-rc4:
http://vanilla-friends.googlecode.com/files/vanilla-1.1.5-rc4.zip

Don't install it on a live forum!!!
«1

Comments

  • fmimosofmimoso
    Posts: 177
    You removed all the carriage returns and I can't do a diff with the new one line CSS files... that sucks, I have a customized theme. Where can I see what were the changes in the CSS files, if possible? Thanks. :)
  • DinoboffDinoboff
    Posts: 1,880
    The uncompressed css files are in themes/vanilla/styles/default/src.

    There is also a src folder in js/
  • SimonbSimonb
    Posts: 111
    Still does not like it if you don't have a db password which my localhost does not. I have to add
    $Configuration['DATABASE_PASSWORD'] = ''; to the conf/database.php even when it asked me in the install file.

    Other than that it seems to be running A okay. Not any visual chance is there?

    Ps how do you get on the vanilla development team?
  • WallPhoneWallPhone
    Posts: 2,301
    It was decided to show a warning about the blank password--we didn't want the user to be ignorant of the problem and we didn't want to accept blank passwords without batting an eye. So you see a warning message that you have to read with instructions that you had better follow before being able to proceed. You're on the right track to be a developer--you basically prove yourself with add-ons and offering help in the community forums.
  • miczmicz
    Posts: 12
    Will you release also a changed-only-files package with the final 1.1.5 release? mic
  • DinoboffDinoboff
    Posts: 1,880
    @micz: I will host a changed-only-files package on Vanilla-friend.

    Update: You can now download the changed-only-files package. The upgrade package doesn't have the css and js source files.
  • [-Stash-][-Stash-]
    Posts: 2,610
    Great work guys, nice to see some fixes coming down the pipe, looking forward to giving it a test as soon as I get a moment :)
  • SimonbSimonb
    Posts: 111
    I don't wish to be rude, but why had vanilla not had a update in some time. Other forums seem to be adding new features every other day. This is not a hit a vanilla.
  • [-Stash-][-Stash-]
    Posts: 2,610
    I'm guessing, but I'd imagine it's due to it getting features added "every day" through it's extensions and because it mainly worked well already ie. not too much needed fixing!

    Vanilla's not about tonnes of features!
  • DinoboffDinoboff
    Posts: 1,880
    @Simonb: We are just fixing bugs. Vanilla is just a basic forum that should allow developers to build a forum that looks like and does exactly what they want. Its a long time I haven't look at other forum but at the time they were very difficult to customize and to strip down.

    I wish someone would make a full feature forum based on Vanilla, so that people who like vanilla design but are not developers have a ready to use solution.

    From what I read, Vanilla 2 that Mark is working on should give more power to extension developer (in 1.x, some part can't easily be modified because they are loaded before the extensions) with a better api, and will focus on scalability. It will probably have less features; a feature like whispers make caching impossible.
  • miczmicz
    Posts: 12
    @dinoboff: thanks.
  • gulftechgulftech
    Posts: 4
    Thanks guys for fixing this issues. I appreciate the fact that you gave due credit also. Good work Vanilla! :)
  • squirrelsquirrel
    Posts: 253
    w00t! I'm useful! *flex*

    Thanks for giving credit (no matter how small the contribution).
  • pbearpbear
    Posts: 231
    Vanilla++ :)

    Thanks for doing the legwork for the update!
  • sirlancelotsirlancelot
    Posts: 408
    Yes, even though my contribution was small, thanks for remembering :)
  • mattucfmattucf
    Posts: 62
    Ditto. I feel a bit guilty that you guys were nice enough to credit me, when all I did was suggest a minor change. :)
    a feature like whispers make caching impossible
    How so? Just filter the whispers from the cached copy. Even if there's a hundred whispers in the discussion, which I assume is really stretching it, it's no big in terms of memory or CPU cycles.

    Question: I noticed some PHPDocumenter work in the feature list...is that the way of the future? While I was working on that bit of API documentation I did for the wiki, I kept thinking, "this is not the proper place for this."
  • DinoboffDinoboff
    Posts: 1,880
    We are primarily adding them for IDEs like PDT.
    image
    image

    When working on the api documentation, you can write in-line doc (using svn as a base) and send me a patch.
  • SubJunkSubJunk
    Posts: 657
    You said the full release was scheduled for the end of the month, how far has the expected release date been pushed back? (if it isn't coming out today)
  • DinoboffDinoboff
    Posts: 1,880
    Probably on Monday.

    ps: I just updated the preview package.
  • squirrelsquirrel
    Posts: 253
    Lots of files have this:

    @version 1.1.4-rc2

    when it should be this:

    @version 1.1.5-rc2
  • DinoboffDinoboff
    Posts: 1,880
    The versions of Vanilla, People and Framework are not in sync. Vanilla 1.1.5 use People 1.1.4 and Framework 1.1.4
  • DinoboffDinoboff
    Posts: 1,880
    I just add Vanilla 1.1.5-rc3:
    http://vanilla-friends.googlecode.com/files/vanilla-1.1.5-rc3.zip.

    Please review it, especially if you can test it with mysql 3.23 or with a custom authenticator.
  • [-Stash-][-Stash-]
    Posts: 2,610
    Does 1.1.5rc3 have the new password hashing?
  • DinoboffDinoboff
    Posts: 1,880
    yep, don't install it on a live forum!!!
  • NcdlekNcdlek
    Posts: 22
    When i tried to start a new discussion with non-latin characters it works but all non-latin characters fails (?) and when i tried to search something with non-latin characters i get this error. ---------------------------------------------------------------------------- A fatal, non-recoverable error has occurred Technical information (for support personel): Error Message An error occurred while retrieving search results. Affected Elements CommentManager.GetCommentSearch(); The error occurred on or near: Illegal mix of collations (latin1_swedish_ci,IMPLICIT) and (utf8_general_ci,COERCIBLE) for operation 'like' For additional support documentation, visit the Lussumo Documentation website at: lussumo.com/docs ----------------------------------------------------------------------------
  • jukkajukka
    Posts: 2
    Hi, I am a new user in this community. Since last month I have started using Vanilla Forum, and I like it very much. I first used v. 1.1.4, then 1.1.5rc1 and currently I use version 1.1.5 rc2. Today I tried to update manually new files which came with 1.1.5 rc3. I used WinDiff to find out which files were modified and then updated those files on my server. After updating files, I got the following error message when I tried to log in: ------ A fatal, non-recoverable error has occurred Technical information (for support personel): Error Message The "PasswordHash" class referenced by "PasswordHash" does not appear to exist. Affected Elements ObjectFactory.NewObject(); For additional support documentation, visit the Lussumo Documentation website at: lussumo.com/docs ------ I decided to go back again to 1.1.5. rcc2 version. As soon as a hash problem is fixed, I can try to make a new test.
  • DinoboffDinoboff
    Posts: 1,880
    @jukka: check library/People/People.Class.PasswordHash.php is not missing.

    @Engin: Can you check the the encoding of your tables, using phpMyAdmin for example.
  • DinoboffDinoboff
    Posts: 1,880
    @Engin: Can you add before line 35 of library/Framework/Framework.Class.SqlSearch.php $this->UserQuery = strtolower(trim($this->UserQuery));


    It should look like that:
    function BreakKeywords() {
    $this->UserQuery = strtolower(trim($this->UserQuery));
    $Keywords = explode(' ', $this->UserQuery);
  • jukkajukka
    Posts: 2
    >> Dinoboff:
    >> @jukka: check library/People/People.Class.PasswordHash.php is not missing.

    Thanks a lot for quick reply and I am sorry for making such a mistake. I did not realize a new file. I just looked over rcc3 files which were altered compared to vanilla version rcc2.

    I replaced again modified files in my Vanilla rcc2 forum with Vanilla rcc3 files and then added PasswordHash.php file. Then I could log in by using my existing user account. I also created a new user and I could log in with that user too. Everything seems to work very well. I took a quick look to other functionality and I did not find any problems. I will continue testing and write back if I have any other problems or other findings.
  • [-Stash-][-Stash-]
    Posts: 2,610
    1.1.5rc3 worked fine for me, I just deleted everything except for the conf and extensions directories and uploaded all the new files.
This discussion has been closed.