Release Notes
Quarterly VIP releases contain all numbered releases within said quarter.
Sometimes bug fixes are backported to the current release, meaning they show up in production earlier than the date noted.
Vanilla 2.5.0.1 (Wednesday, December 20)
- Fix link to the last comment in a discussion (the timestamp link on the discussions table view).
- Groups: Fix issue where clicking Quote could lead to a permission error in Group-related discussions.
- Fix issue that could lead to the discussion title being omitted from notification email subject lines.
Vanilla 2.5 (Wednesday, December 6)
New Features:
- Add a native API to Vanilla (“API version 2.0”) that conforms to industry standards.
- API v2 adds per-user access token support.
- API v2 currently covers: Users, Categories, Posting, Groups, and Reactions.
- Add in-dashboard, tailored documentation for API v2 that recognizes enabled addons.
- Add public API v2 documention to Vanilla’s documentation site.
New Addons:
- Salesforce OAuth2 Single Sign-On.
- Resolved v2: allow moderators to coordinate coverage for reviewing all new discussions.
- CSS Class Whitelist: Allow admins to whitelist CSS classes for custom styling needs.
Changes & Additions:
- Groups: Optionally expand leaders privileges to create events, edit comments and edit discussions.
- Groups: Properly exclude moderators/admins from leaderboard.
- Add icons to some addons that were missing one.
- Change the email placeholder for deleted users to use the .invalid TLD.
- Optimize category sorting in the dashboard to improve performance.
- Improve how Vanilla handles redirects to enhance security and reliability.
- Improve how Vanilla’s OAuth2 handling works to enable more custom workflow scenarios.
- Change Vanilla’s cookies to use JWT.
- Improve UX of creating new poll options.
- Hide system-created tags in the sidebar Popular Tags module.
- Improve load time of Participated Discussions addon by optimizing its data querying.
- Make HtmlawedPlugin (our HTML filtering engine) part of core.
- Add ability to filter category dropdowns by allowed discussion type.
- Smarty templates now allow use of Vanilla’s categoryUrl, discussionUrl, userUrl, and commentUrl functions to build URLs.
- Add
spellcheck="true" to discussion title input box to enable browser-level spellchecking. - Logging: When deleting a user, store the old user name & which user did the deletion.
- Format emojis and mentions links with full URLs to accommodate API v2.
- Increase the complexity of email confirmation tokens.
- Clear password reset info when updating password or email.
- Add support for Get Satisfaction imports to the Redirector addon.
- Updated a number of external dependencies.
- Add ‘pptx’ as a default allowed file extension.
- Add option to hide promoted content module if no results are found.
- Allow table-related HTML elements to have classes in posts.
- Improve styling for Close buttons in inform messages on mobile.
- Add ability to force re-authentication for a sensitive action.
- Customize Theme: Remove link to open source documentation.
- Begin tracking the date & time an invitation is accepted.
- Allow quoting usernames with dots.
- Improved UI for Warnings & Notes settings page.
- Remove quotes in the promoted content module.
Accessibility improvements:
- Removed tabindexes from forms to keep natural tab order.
- Made various accessibility improvements to Reactions.
- Improve accessibility of MeBox (the main icon-based dropdown menus by your avatar).
- Improve accessibility of other flyout menus.
Reliability improvements:
- API v2 is fully unit tested.
- Add conflict support to addons (addons can now declare other addons they conflict with to disallow dual use of know problem combinations).
- Use dependency injection to instantiate addons.
- Add ability for addons to include unit tests.
- Implement independent schema validation.
General Fixes:
- Fix marking a registration in the spam queue as “not spam” skipping the applicants queue when that registration method is enabled.
- Fix guests’ inability to switch to full site from mobile theme.
- Fix muted categories when using Mixed layout.
- Fix addons inability to affect permissions checks before a notification is sent.
- Fix max recipient check on private messaging.
- Fix translations for guests in Who’s Online addon.
- Fix several translations to accommodate gendered translation.
- Fix inserting images on mobile.
- Fix alignment issues in BBCode.
- Fix double encoding of BBCode code block contents.
- Fix ability to require email confirmation when no unconfirmed role exists.
- Add permission check to /settings/tagging to resolve blank view if a guest found it.
- Fix Tag.Tag and Discussion.DateLastComment errors when recalculating counters (support tool). Fix deleting a revision on a popular discussion also deleting the original record.
- Embedded forums: Fix the URL for discussions’ notifications.
- VanillaPop: Notify only roles that have permission to view the target category.
- Twitter: Bind OAuth token to the user requesting it.
- Fix typo in Twitter Emoji Set.
- Fix @mentions in Internet Explorer 11.
- Prevent discussions from being truncated when inserted in the log table.
- Fix error caused by using editor in embedded site under iOS.
- Fix “delete draft” text to use a symbol instead and sidestep translation needs.
- Fix configuring cookie persistence options (in code).
- Fix scenario where Vanilla would ignore query parameters on the homepage.
- ZenDesk: Fix HTML rendering on the body of text sent over the API.
- Q&A: Fix default tag text.
- Q&A: Fix to work with per-category point tracking.
- User Point Booster: Fix to work with per-category point tracking.
- SAML: Do not set missing fields when connecting.
- Badges: Fix “Give Badge” textarea height.
- Various other security enhancements and bug fixes.
Q2 release 6 (Thursday, June 29)
- Improve load time of Vanilla Statistics dashboard summaries.
- Triple-A theme: Added missing icons for Reactions.
- Dashboard: Font tweaks for right panel.
- Dashboard: Fix inaccurate toggle position for embedding URLs in Posting Settings.
- Dashboard: Fix ‘Badge Requests’ menu showing users in wrong section.
- Dashboard: Fix username disappearing from the dashboard user edit form on failed save.
- Wysiwyg: Fix doubly encoding code blocks.
- Posting: Fix alignment issues in BBCode.
- Posting: Fix magic Vanilla formatting in BBCode code tags.
- Posting: Fix embedding Twitch video.
- Posting: Fix plural vs singular translation for minimum post length error message.
- Embed: Fix forum scrolling position issues & disable auto-scroll.
- Signatures: Fix settings validation in Dashboard.
- Signatures: Fix translation of error message for images.
- Role Titles: Fix addon not loading when enabled.
- Drafts: Fix drafts being assigned to the Root category by default.
- Civil Tongue: Add filtering to activity & notifications.
- OAuth2 SSO: Add support for refresh tokens.
- Q&A: Adding question link to accepted answer notification
- Zendesk: Fix miscellaneous connection issues.
- Editor: Fix image URL prompt on posts being clipped on mobile
- Private messages: Fix recipient being added a second time to the same conversation.
- Users: Replace deleted users mail placeholder to use ‘invalid’ TLD.
- Analytics: Remove contributors from active users count to show an accurate participation rate.
- Addons: Show a notification if turning on one addon forcibly enables another addon as a dependency.
- Addons: Added icons for a number of addons that lacked one.
- Polls: Fix redirect when the spam filter is triggered.
- Subcommunities: Fix URL generation for discussions and comments for external use, as in emails and breadcrumbs. They were sometimes non-canonical.
- Banning: Fix ban rule counters, which were incorrectly including admins and moderators in their count, even though they were blocked from being banned.
- Improve how redirects are handled in Vanilla to be safer and more consistent.
Q2 release 5 was skipped.
Q2 release 4 (Wednesday, May 24)
- Add Apple touch icon support as a core feature.
- Add link to docs from Customize Theme page in Dashboard.
- Fix minor translation issues in Advanced Search and Signatures addons.
- Fix categories with custom permissions created with the API not having file uploads by default.
- Fix toolbar staying hidden after previewing comment.
- Fix multiple minor text parsing issues introduced by fixing the formatters in 2017-Q2-2.
- Fix double spacing in Wysiwyg posts when embedding is allowed.
- Add translations for “leaving the forum” warning.
- Fix new post count not being displayed on Participated Discussions page.
- Skip flood control checks for editing.
- Fix Advanced Search autocomplete on sites in a subdirectory.
- Fix non-ASCII items not being added to menus (we only allowed English word characters in some menus).
- Fix a category’s latest post not being updated when moving or deleting a discussion.
- Fix Spoof permission check on manual spoof page.
- Fix redirect problem when toggling from mobile to full site and back.
- Stop page from scrolling when selecting an avatar with Avatar Stock.
- Allow admins to not set “Remember Me” by default over SSO.
- Allow addons to declare a docs page and show a link to it on the Addons list.
Q2 release 3 was skipped.
Q2 release 2 (Wednesday, Apr 26)
- Multiple menus in the Dashboard’s Settings tab were renamed or reorganized.
- Banner → Branding
- Homepage → Layout
- Advanced → Posting
- Created “Security” menu group.
- Re-grouped several pages under different headings.
- Tagging addon was removed. Its features are now a part of our core offering. No user-facing functionality was changed.
- Removed our use of Google’s CDN for jQuery and a Dashboard font.
- Improved our ability to translate the word “Vote” in its various contexts (noun vs. verb).
- Exempt moderators and admins from the new flood control checking on private messages.
- Improve handling for mentions on usernames with underscores.
- Improve our text parsing pipeline to be more consistent in the order we process elements (mentions, filtering, etc) for different formatters (Markdown, BBCode, etc).
- SAML: Improve handling of
Target parameter for redirects to follow the SAML spec. - Fix page title translations for “Quotes” and “Online” profile settings pages.
- Fix category syncing issue in Hub/Node setups.
- Fix an issue preventing the deletion of groups.
- Fix the counter of items awaiting moderation to also include “pending” (premorderation) items.
Q2 release 1 was skipped.
Q1 release 6 (Thursday, Mar 30)
This is the cutoff for the spring release for VIPs. All Q1 changes below are included in it.
- Customize Theme: Create a CSS-only saving mode to avoid template overwrites whenever possible.
- Reporting: Use the Reactions.Flag.Add permission to know if we can report a post.
- Categories: Fix setting default category on a new discussion when categories are disabled.
- Categories: Fix issues with last post calculations that arose from recent optimizations.
- Comments: Prevent use of embedded comments if embedding is not enabled globally.
- Profiles: Fix user comment and discussion counts not being updated when posts restored.
- Profiles: Remove inline styles on upload picture button.
- SSO: Fix connections that trigger spam filters to be handled correctly on our side.
- Subcommunities: Ensure that cannonical URLs respect the default subcommunity.
- Subcommunities: Fixed interaction with Sitemap addon so that sitemap indexes are built correctly (1 per each subcommunity).
- Mentions: Fix possible HTML conflicts.
- MeModule: Fix arrow and alerts in settings dropdown.
- Messages: Fix Message toggle not removing/adding message immediately.
- Ideation: Make ideas restore from queues correctly.
- Formatting: Stop adding target=”_blank” to links by default. Previously it was done inconsistently depending on formatter and other conditions. We have an addon available if this is something you want to enforce (Link Types).
- Formatting: Update htmLawed (the HTML purifier library) to 1.2.
- Formatting: Add option to send users to “Leaving” page when clicking external links.
- Avatar Pool: Add option to name avatars.
- Zendesk: Update API endpoint usage. This fixes several potential issues with the integration as the old API was deprecated.
- VanillaPop: Collapse newlines in comment emails.
- Profile Extender: Fix potential user duplication in CSV exports.
- Warnings: Add tooltip to the Warning link.
- Disqus: Remove redirect_uri to comply with their new security rules. This may mean some users do not return to exactly the page they started on after signing in.
- Trusted Domains: Add optionally explicit wildcard matching for subdomains.
- Private Communities: Make login error messages purposefully obscure to prevent sniffing of usernames. There is a reasonable expectation of privacy when an entire community is set to “Private” mode that does not otherwise exist.
- Advanced Stats: Add deprecated warning in dashboard. Our Analytics system replaced this old addon a while ago. It will go away completely after June 1.
- Tagging: Reworked as a core feature because other addons rely on it. The addon now only toggles “discussion tagging” for users.
- Themes: Improve filtering of themes in the Dashboard to avoid showing unwanted themes.
- Install: Generate updated default discussions on a fresh forum. We rewrote all our stub content and added more to help new forum owners.
- Install: Use utf8mb4 encoding by default (native emoji-ready!) on a fresh forum. Existing forums will not get this update at this time.
- Framework: Rework the event manager, schema & routing objects, and added dependency injection for API v2.
- Framework: Clear the addon cache automatically.
- Framework: Finish migration of all dependencies to Composer.
- Framework: Add missed translation on notFoundException.
- Security: Fix scenario where a seamless, embedded SSO connection with jsConnect could be compromised.
- Security: Make multiple, low-priority enhancements identified via secure audits.
Q1 release 5 was skipped.
Q1 release 4 (Wednesday, Mar 1)
- Categories: Add category filtering to settings page.
- Categories: Remove “Track points separately” from category options unless Reactions has been configured to support it.
- Reactions: Adds settings page to configure per-category point tracking.
- Reporting: Use permission Reactions.Flag.Add to allow restriction of reporting to certain users. If you are not already using Reactions, it will default to all users, which was how it previously worked.
- Dashboard: Hide version number because it is not relevant (and misleading) to cloud customers.
- Pockets: Add easier enable/disable toggles.
- Addons: Improve error reporting for easier troubleshooting.
- Categories: Fix issue where child categories could be redundantly displayed in certain theme views. (#5195)
- Comments module: Add discussion titles. (This module is not used on most forums).
- Pockets/Customize Theme: Fix errors in code editor.
- Framework: Remove OAuth 1.0 library from core.
- Minor security fixes. (Minor means they were technically flaws, but to our knowledge no useful exploit could be derived from them.)
- API: architectural updates to facilitate upcoming v2.
Q1 release 3 (Thursday, Feb 16)
- Roles: Fix linked user count on roles page. It was not correctly leading to a list of users filtered by that role.
- Discussions: Fix permission check in discussion count getting.
- Settings: Allow empty value for color picker in forms.
- Logging: Update category discussion and comment counts when restoring a record from logs.
- Logging: Display IP address on blocked registrations.
- Profiles: Fix issue where JSON is not rendered at API endpoint when
ShowActivities is false. - Dashboard: Hide images in the feed on dashboard homepage.
- Dashboard: Add datepicker dashboard homepage stats (VanillaStats addon).
- Comments: Add a recent comments module. It can be used with custom theming.
- Users: Improve password requirement message.
- Users: Validate password constraints on the reset password form. Previously, password requirements were only checked at registration.
- Categories: Modify how permissions are evaluated to allow more granular changes in the future.
- Subcommunities: Use canonical discussion and comment URLs on search and profiles.
- Discussion Excerpt: Add excerpts to discussion lists everywhere.
- Badges: Add badge request count to MeModule settings dropdown.
- Badges: Ignore users who already have badge when giving to a list of users.
- Q&A: Add translation for accepted answer activity.
- Polls: Tighten voting permissions to only those who can comment.
- Groups: Remove group association from discussions when moving them to another category so a permission issue is not triggered.
- Groups: Delete group’s discussions and comments when a group is deleted.
- Framework: Improve how our third-party Markdown library is used (unfork, use Composer).
- Framework: Add EventManager, ArrayContainer, and other preliminary work for API v2.
- Framework: Improve addon error reporting.
Q1 release 2 (Tuesday, Jan 31)
- Civil Tongue: Censor discussion titles in Recent Discussions list.
- Conversations: Tighten maximum recipients allowed: 5 for new users, 50 for verified users, and unlimited for moderators.
- Dashboard: Add settings and improve help text on the “Avatars” dashboard settings page.
- Avatar Pool: Settings are now on the “Avatars” page.
- Online: Fix issue where Online module could cache and display in the wrong language.
- Editor: Close editor dropdowns when the user clicks outside of a dropdown.
- Editor: Add spoiler and code styles to WYSIWYG preview.
- Editor: Mentions auto-complete now quotes all usernames that need it automatically.
- Editor: Fix Markdown list parsing that caused a minor styling glitch.
- Q&A: Fix point-awarding interactions with Reactions. Accepting and declining answers could previously have unexpected results.
- API: Allow JSON access to profile when Profile.ShowActivity is disabled.
- Categories: Add a
CanDelete flag to categories (prevents Social Group category deletion which breaks Groups). - Categories: Fix issue where subcategories could be orphaned when their parent was deleted.
- Categories: Make the category deletion process clearer about what content will be removed and how.
- Login: Improve password requirements message.
- Logs: Add week day, time, and timezone to the moderation logs.
- Logs: Do not spam-check owner account.
- Addons: Add “Configured” messages to addons media view to denote whether an addon was been fully configured on their settings page.
- Addons: Added icons for 3 addons.
- Addons: Fix issue where an addon incorrectly registering permissions could break other permissions.
- Mobile: Fix too-large images in mobile theme settings page.
- Analytics: Hide the category dropdown where not relevant.
- SAML: Allow admins to create a data map for SAML responses.
- Subcommunities: Fix canonical URLs on discussion and category pages.
- Maintenance: Improve maintenance mode so it can be automatically used during future database updates.
- Maintenance: Moved media handling and tagging from addons into core.
- Maintenance: Moved several library dependencies out of core (deleted 35,000 lines of code).
Q1 release 1 (Tuesday, Jan 17)
- Categories: Better sync modern category view to be the same as the table view. This insures “Display As” settings are used consistently between different layout options.
- Banning: Prevent user’s visit information from being updated if banned. This is an enhancement to banned behavior.
- Logging: Add logged events for failed logins, password requests, and password reset failures. This is for advanced logging only.
- Quotes: Fix the Quote button not appearing in some cases. This was a user-facing bug.
- Themes: Give themes ability to set their layout options in their “about” info. This is for theme developers.
- Drafts: Fix “Incorrect integer value” error on draft save when no category selected. This was a regression bug in drafts.
- Search: Fix search not returning results from categories with “Hide from recent discussions” selected.
- JWT SSO: Improve support and fix minor issues in some connections.
- Reactions: Fix inaccuracies in voting UI when user exceeds 1000 votes.
- Facebook: Add support for Facebook’s “state” token during SSO. This is a security enhancement.
- Groups: Add groups and events support to Keyword Blocker. The plugin can now send these items to the Moderation Queue for approval.
- Badges: Fix issue where recently manually created badges could not be requested.
- Ideation: Make notifications clearer.
- Dozens of low-level bug fixes.