Vanilla Release Notes

2016 Cloud Releases

In 2016, VIP releases were every other month. Other customers received updates on an ad-hoc basis.

December

Add full IPv6 support.
Add and improve addon icons.
Add meta tags for discussion links to generate Twitter cards (when added to tweets).
Add settings to Dashboard for category max display depth.
Add some padding to HTML tables in posts (improve legibility).
Add support for our new CDN.
Add accessibility attributes to Customize Theme.
Add pager to log views.
Improve category headings detection and table view support.
Improve markup of category settings page.
Ensure password editing fields toggle appropriately.
Allow removal of button from HTML email.
Restore Theme Preview functionality (except for Mobile 2014).
Default to secure cookies if “ForceSSL” is set and using HTTPS.
Skip validating discussion title when a draft is saved.
Improve markup and make further enhancements to Dashboard v3.
Restrict upload filename to be per post instead of by entire discussion.
Allow uploading a Photo when creating a new category.
Avoid auto-scrolling to top when in comment embed.
Confirm that user wants to delete images before deleting (in Dashboard).
Update documentation links for Social Connect addons.
Replace “Hide Category” with “Mute Category” option.
Allow new messages to accept a subject parameter (if enabled) via URL.
Fix delete message button (in Dashboard).
Fix delete ban button (in Dashboard).
Fix category depth calculation in subcommunities.
Fix IP filtering on user management page
Fix heading categories sometimes being wrapped in an anchor.
Fix dashboard pager next button when there are 0 results.
Fix the user photo in search.
Fix extra <br> tags in plain text emails.
Fix issue where nav is cut off on category add/edit.
Fix wrong heading for “activity” on profile page
Fix activity notifications falsely flagging as sent when it was skipped.
Fix ICO transparency issue after upload (in Dashboard).
Fix permission check for Change Log page to allow moderators (Moderation.Manage).
Fix avatar cropping in profile.
jsConnect: Add warning to jsConnect dashboard when provider is in test mode.
jsConnect: [Security] Add content-type to callback endpoint to prevent potential XSS.
Badges: Add badge name as alt text to badge images.
Badges: Add the ability to edit thresholds for some badges.
Polls: Fix results percentage.
Polls: Fix cancel button.
Polls: Hide category dropdown when already inside a category.
Polls: Fix auto-selecting first child category in category dropdown.
Q&A: Fix auto-selecting first child category in category dropdown.
Reactions: Add inform message to Reactions enable toggle (in Dashboard).
Reactions: Fix RSS view when BestOf is configured as tiles.
Reactions: Fix customizations reverting after database updates.
Reactions: [Security] Add missing CSRF protection on “react” endpoint.
Reactions: Fix reactions popup possible overlap.
Reactions: Translate reaction names in navigation breadcrumbs.
MailChimp: Fix issue with synchronizing lists.
Profile Extender: Fix checkbox display on registration.
Ignore: Fix failure to unignore user if their ignore privileges have been revoked.
Groups: Fix search in groups when the category is not viewable.
Warnings & Notes: Fix extra line after quote.
Civil Tongue: Add support for groups and group events.
Salesforce: Remove from options on profile social connect.
Split/Merge: Make the System user the new discussion’s author when splitting comments.
SAML: Allow SAML to accommodate differently-configured XML responses.
SimpleAPI: Fix situations where other addons could conflict with API endpoints.

September

New Dashboard! This changed every page in the moderator/admin backend, including all addon settings pages.
Add navigation memory to the Dashboard. It will now preserve menu collapsing states & your page within each section between visits.
Add “Flat Categories” feature and optional navigation module. This allows browsing hundreds of categories as an alphabetical directory.
Improve how categories are managed in the Dashboard.
Categories now default to type “Nested” and must have a type assigned.
Add full recipients list to Badges. Click the “Given” number from “Badges” in the Dashboard.
Add new “Post Numbering” addon (by request only, currently).
Add new “Role Tracker” addon (by request only, currently).
Add ability to convert discussions to “ideas” (if Ideation is enabled).
Add ability to configure warnings in Warnings & Notes addon.
Add redirects for Lithium and Ning community imports (Redirector addon).
Add support for vBulletin 3 & 4 showthread.php?p={POSTID} URL redirects.
Allow “Location” and “Title” to be edited from User Edit.
Fix Profile Extender’s handling of non-ASCII characters in field names.
Refactored how we handle all requests (dispatcher).
Update MailChimp addon to use v3 of their API and support MailChimp “groups”.
Update Facebook addon to use versioned endpoint.
Fix “Mark All Viewed” endpoint to prevent accidental or malicious triggering and fix its redirect.
Fix Bootstrap3 theme color schemes “paper” and “sandstone”.
Remove “SafeStyles” option (previously deprecated).
General addon code maintenance done on: Groups, Reactions, Ranks, Polls, SAMLSSO, and Badges.
Fix issue with embedding where you could stay scrolled down when changing page.
Add username validation to /message/add endpoint (when pre-filling “To:” field via URL).
Fix conflict between Discussion Photos addon and Ideation addon.
Add ability for Smarty templates to access isMobile function, userAgentType function, homepage_title function, and Homepage (boolean variable).
Fix issue where default role settings weren’t transferred from old system correctly.
Add additional line break to welcome email.
Do not wrap images in a div if they are already in an anchor to fix potential clicking issue.
Fix autocomplete dropdown display in modals with Bootstrap3 theme.
Add the post that a user was warned for in the email notification.
Do not serve empty (or comment-only) CSS files from Custom Theme feature.
Fix photos’ URL for /user/summary API endpoint.
Fix quotes that are done on a user with spaces in its name.
Fix tabindex for comments, conversations, discussions (for keyboard navigation around page).
Add announcements to discussions RSS (in posting order).
Block adding banning rules that would HAL-9000 the entire crew, like *.*.
Fix the basic (not advanced, which had no issue) search pager.
Do not revalidate username on edit if no change on user edit.
Do not send noindex meta on error pages to prevent legit pages from being un-indexed.
Increase the priority of custom.css to be higher.
Fix log link showing when no log exists.
Allow “Unanswered Questions” page title to be translated (Q&A addon).
Add support for alternate SAML document structures (SSO).
Enforce max tags limit on the front end and cleanup tag validation.
Encode slashes in usernames when creating profile links.
Allow comment drafts to be orphaned (instead of removed) when their discussion is deleted and rework drafts view.
Unregister plugins immediately after it has been disabled instead of waiting until the next page request.
Hide email preferences when email is disabled globally.
Hide the RSS icon from categories that are type ‘Categories’ since they contain no discussions.
Trim all control characters from discussion title (helps prevent broken or blank titles).
Fix scenario where discussion title could be blank.
Fix user search to allow numeric usernames as long as it’s an exact match.
Akismet will now validate your key before accepting it (Cloud customers do not require their own key; it is optional).
Improve Akismet addon description and deprecate TypePad option (no longer offered by TypePad).
Hide Participated menu for guests (Participated addon).
Let welcome email fallback to HomepageTitle when the site’s name is not set properly.
Turn off autocomplete on text fields when editing users in dashboard (to prevent accidental data insertion).
Improve how table layouts choose their column widths according to the content in them.
Improve Q&A and how it interacts with Subcommunities, especially displaying an Unanswered count per community.
Change H2s for H1s for a few edit profile pages.
Improve consistency in module (widget) titles (usually H4) so they are properly configurable.
Add invited user data to user exports.
Fix button height in Share This widget.
Add OAuth2 library to core product for building custom implementations more easily.
Fix potential duplicate rank promotion notifications.
Change the priority order of the SimpleAPI plugin so Subcommunities does not interfere with API calls.

July

New plugin: Role Tracker (aggregates discussions with posts by users in particular roles).
New plugin: Welcome Post (invites newly registered to start an intro discussion immediately).
Upgrade to Smarty 3 templating engine for custom themes. It’s a little bit stricter, faster, and more secure than Smarty 2 was.
Further improve scaling for large numbers of categories. Faster page loads!
Add option to exclude moderators and/or admins from leaderboards.
Move profile thumbnail editing to same page as photo uploading.
OpenID: Prevent bad rendering when URL is invalid.
Don’t show Google+ login when enabled but not configured.
Add support for inline (async) forms for future Vanilla use.
Keep attachments when a discussion becomes a comment via Split/Merge.
Automatically update CSRF token with async requests. This is so we can invalidate them more frequently in the future, improving our security.
Add the ideation page as a target for messages.
Add the categories page as a target for messages.
Set a limit on the page number in Best Of (it helps performance to not let pages go infinitely high).
Fix edge cases where notifications preferences would not display completely.
Tighten security of Target parameter during sign in to disallow bad redirects.
Refresh the page after announcing a discussion.
Markdown: Allow starting lists without a newline.
Change how IP addresses are logged and allow IPv6 (no more 0.0.0.2 placeholder addresses appearing).
Remove the invite feature from the Getting Started page.
Remove site logo from Deflector theme footer.
Fix Cyrillic character recognition in CivilTongueEx, allowing
Fix Ideation crashing /discussions/promoted.
Fix default translation of “Post Discussion”.
QnA: Fix “unanswered” status for discussions converted to questions by an admin.
Hub: Add synchronize for subcommunities and default locale.
Fix emoji menu not being properly dismissed.
Hide “Dismiss” option on announcements from guests because it didn’t actually do anything.
Add CSRF prevention and remove redirect from Mark All Viewed option.
Encode mail subject properly (UTF-8).
Fix broken reaction pagination on profile pages.
Fix emoji and mention from rendering inside WYSIWYG code blocks.
Add $Homepage Smarty variable that is true/false depending on if you are on the homepage.
Fix double encoding Open Graph title tag. This would have shown up as extra ampersands in Facebook shares and the like.
Hub: Do not sync category permissions for an overridden role.
Hub: Add optional landing page.
Switch to separate library for password hashing. We’re compartmentalizing some features like this to make maintenance easier.
We completed some very large projects to carefully rework several parts of our framework to get ready for API v2, but there’s no outward effect of this for you.

May

Upgrade to reCaptcha 2 (“NoCaptcha”).
Make “NBBC” our new BBCode parsing library by default (no more plugin).
Add ability for SAML SSO to not be the default login method.
Allow moving a discussion between subcommunities.
Add support for switching subcommunities.
Improve category scaling.
Make activities self-prune after 2 months to improve performance.
Always redirect to the first page after saving a discussion.
Add analytics tracking for Q&A’s accepted answers (coming soon to analytics).
Allow censoring content in conversation message notifications.
Allow censoring poll votes in comments.
Fix a number of edge cases where certain actions could block other actions without a page refresh.
Fix condition where category announcements disappeared from recent discussions page.
Add caching for the default authentication provider.
Improve security in signin redirects.
Improve use of ‘Alt’ CSS class, which will be removed eventually (now redundant with current CSS specs).
Add option to configure a redirect after logout on Auth0 plugin.
Update Triple-A and Bootstrap 3 themes.
Fix issue where Vimeo and Instagram embeds overflow out of the Best Of Tiles.
Fix where SplitMerge addon may be unable to save split discussion with “Html” format.
Fix the love bug (various problems with < 3 in user-generated content).
Prevent unneeded recurring updates in dashboard’s database updater.
Fix Gravatar’s use of system default avatar.
Add optional rating parameter to Gravatar.
Fix GitHub signin and API permission issues.
Fix new discussion button showing in subcommunity when user has no permission.
Allow the Photo field to be set in /profile/edit.
Only use CommentID for spam check if available.
Fix incorrect permission being checked in some category management actions.
Groups: Simplify & fix event timezone handling.
Make initial spoiler text the same colour as its background.
Fix RSS title encoding.
Add the ability to capture a user’s time zone.
Fix LinkedIn “profile connect” feature.
Move Recaptcha into a plugin
Add support for Instagram embeds in Mobile 2014.
Do more image optimizations.
Fix Safari issue where back button wouldn’t refresh the page.
Fixes issue where people can quote a post and see uncensored content.
Remove gender from user-facing elements like registration.
Prevent “Messages” from being displayed when you do not have view permission.
QnA: Return the correct number of questions for a subcommunity.
Switch YouTube links to https.
Fix mention issues including using an ‘@’ in the middle of two words.
Fix PNG compression issues in file uploads.
Fix some minor issues that could make spoilers malfunction.
Add a safety feature to avoid too-big database changes all at once.
Allow any user with moderate permission to add discussions and events in a group.
Fix aggressive span stripping in the HTML purifier.

March

New addon: Ideation (vote on ideas) - Contact your CSM for more details
New addon: Microsoft Account SSO
New addon: CAS SSO
New addon: Keyword Blocker (send posts with certain keywords to mod queue)
New addon: Necro Posts (labels recently-revived discussions)
New addon: User Points Booster (allow awarding points for discussions or comments)
New addon: Whitelist (provide an IP whitelist for site access)
HTML emails now available.
Applicants list is now asynchronous with improved UI.
Spoilers added as core feature with updated formatting.
Automatic bans (from Banning rules) can now be reversed.
Reactions will now always show on all devices, instead of on-hover for larger screens (“desktop”).
Sign In form now auto-focuses on Username field.
Fix newest comment data for zero-comment discussions in table view.
Post excerpts (as in search) now have a minimum length of 32 even if a double-return is found first.
Remove line breaks in meta description.
Added events to support new analytics system.
Fix styling of ‘/me’ posts.
QnA: Allow users to accept their own answer.
Reactions: Add an option to allow users to react to their own posts.
Add advanced editor options to New Poll screen.
Fix plus signs in URLs, especially usernames / profiles.
Improve SSO workflow for existing usernames.
Rework discussion sorting and filtering architecture.
Add no-store header to profiles so read/unread status updates on Back button.
Pockets: fix repeating pockets between discussions, and enable on table view.
Subcommunities: Fix category dropdown filtering when in a subcommunity.
Hide editor toolbar when previewing.
Fix double-deletion of comment drafts when posting, which could cause a Javascript error.
Fix scenario where Quotes could interfere with Spoilers.
Vanillicons: Now defaults to v2.
NBBC: Fix scenario that could break search results formatting.
Fix opaque photo cropping box.
Fix and unify logic for determining permission to edit a user’s photo.
Allow quotes to be collapsed in reported posts.
Allow collapsing of quotes with alternate formatting.
Make even deeply-nested quotes minimally legible.
Update dropdown menu rendering in several places.
Update number formatting for discussion & comment counts on All Categories page.
Update stock themes for Ideation.
Groups: Allow anyone who can edit an event to also delete it.

January

Restore no-store header to discussion & category lists (fixes “read” markers not updating on “Back”).
Improved formatting of Vanilla Comments in certain input formats.
Updated Smarty template parsing library.
Fix an issue in draft saving.
Fix spam deletion error.
Update Editor to use files’ real names when downloading.
Fix RSS feed when table view is in use.
Remove deprecated form field name prefixing.
Add more category data to VanillaPop emails.
Update gifv embed to prefer WebM.
Various low-level fixes for PHP 7 compatibility.
Fix CSRF check when deleting a ban.
Close open redirect & fix flood control in database updating endpoint.
Improve security in how Vimeo is embedded.
Add Wistia embed.
Enforce POST data for several endpoints.
Improve theme compatibility with Groups.
Automatically remove spaces around Banning rules to prevent bad data being entered.
Improve image resizing to always use highest quality images possible.
Fix Facebook SSO: retrieval of email address, avatar distortion, & name overwriting.
Remove “dashboard” namespace from several dashboard URLs.
Fix several MySQL strict mode errors.
Remove livequery jQuery extension and all remaining uses of it.
Remove base64 encoding from all asynchronous requests.
Allow setting of avatar via API.
Allow category permissions to be set via API.
Allow certain configurations to be set depending on permission level.
Re-add user count to the user list whenever possible based on size of table.
Give full formatting bar to Activity form.