Release 2019.008 - HL Vanilla Community
<main> <article class="userContent"> <p><em>Release 2019.008 was first deployed to Vanilla Cloud on Thursday, June 27th 2019</em></p><h2 data-id="features">Features</h2><h3 data-id="security-improvements-w-hsts">Security Improvements w/ HSTS</h3><p><em>Note: This feature was also applied in a patch to 2019.007.</em></p><p>This Vanilla release improves security by allowing sites to enable stricter security on their domains.</p><p>This feature is now <strong><em>on by default</em> </strong>and means that once a user has visited a site over <code class="code codeInline" spellcheck="false" tabindex="0">https://</code> their browser will always use <code class="code codeInline" spellcheck="false" tabindex="0">https://</code> for this domain in the future. This is a more secure mechanism for enforcing <code class="code codeInline" spellcheck="false" tabindex="0">https://</code> than redirects, and prevents user from accidentally browsing the insecure version of a site.</p><p>Various configuration options and their descriptions can be found on the <strong>Security</strong> page in the Vanilla dashboard.</p><div class="embedExternal embedImage display-large float-none"> <div class="embedExternal-content"> <a class="embedImage-link" href="https://us.v-cdn.net/6030677/uploads/372/PFUXA19C5FYX.png" rel="nofollow noreferrer noopener ugc" target="_blank"> <img class="embedImage-img" src="https://us.v-cdn.net/6030677/uploads/372/PFUXA19C5FYX.png" alt="image.png" height="744" width="1972" loading="lazy" data-display-size="large" data-float="none"></img></a> </div> </div> <h2 data-id="knowledge-base">Knowledge Base</h2><ul><li>Add aliases endpoint to articles API v2 resource <a href="https://github.com/vanilla/knowledge/pull/1047" rel="nofollow noreferrer ugc">vanilla/knowledge#1047</a></li></ul><h2 data-id="bug-fixes">Bug Fixes</h2><p><strong>API v2</strong></p><ul><li>Update media resource management permission to Garden.Community.Manage <a href="https://github.com/vanilla/vanilla-patches/pull/572" rel="nofollow noreferrer ugc">vanilla/vanilla-patches#572</a></li></ul><p><strong>Rich Editor</strong></p><ul><li>Fix incorrect editor selection handling (<a href="https://github.com/vanilla/vanilla/pull/8967" rel="nofollow noreferrer ugc">vanilla/vanilla#8967</a>)</li></ul><p><strong>Ideation</strong></p><ul><li>Fix moving an idea to a non ideation category. <a href="https://github.com/vanilla/vanilla/pull/8952" rel="nofollow noreferrer ugc">#8952</a> <a href="https://github.com/vanilla/internal/pull/1891" rel="nofollow noreferrer ugc">#1891</a></li></ul><p><strong>Ranks</strong></p><ul><li>Fix passing of RankID directly to endpoints. <a href="https://github.com/vanilla/vanilla/pull/8975" rel="nofollow noreferrer ugc">#8975</a></li><li>Fix ability to bypass ranks posting by saving a draft. <a href="https://github.com/vanilla/internal/pull/1885" rel="nofollow noreferrer ugc">#1885</a> <a href="https://github.com/vanilla/vanilla/pull/8946" rel="nofollow noreferrer ugc">#8946</a></li></ul><h4 data-id="keywordblocker">KeywordBlocker</h4><ul><li>Fix adding numbers to keywordBlocker flags userIDs. <a href="https://github.com/vanilla/internal/pull/1890" rel="nofollow noreferrer ugc">#1890</a></li></ul><p><strong>Terms of use manager</strong></p><ul><li>Fix terms of user manager to display properly. <a href="https://github.com/vanilla/internal/pull/1883" rel="nofollow noreferrer ugc">#1883</a> <a href="https://github.com/vanilla/vanilla/pull/8928" rel="nofollow noreferrer ugc">#8928</a></li><li>Simplify showing and hiding name and password. <a href="https://github.com/vanilla/internal/pull/1911" rel="nofollow noreferrer ugc">#1911</a></li></ul><h4 data-id="categories">Categories</h4><ul><li>Fix category following for members. <a href="https://github.com/vanilla/vanilla/pull/8979" rel="nofollow noreferrer ugc">#8979</a></li></ul><h4 data-id="polls">Polls</h4><ul><li>Fix category discussion type not respected when creating a poll. <a href="https://github.com/vanilla/internal/pull/1882" rel="nofollow noreferrer ugc">#1882 </a></li></ul><p><strong>QnA</strong></p><ul><li>Fix category discussion type not respected when creating a question. <a href="https://github.com/vanilla/addons/pull/715" rel="nofollow noreferrer ugc">#715</a></li></ul><h4 data-id="advancedsearch">AdvancedSearch</h4><ul><li>Fix category specific search. <a href="https://github.com/vanilla/multisite/pull/210" rel="nofollow noreferrer ugc">#210</a></li></ul><h4 data-id="subcommunities">Subcommunities</h4><ul><li>Allow subcommunities to see all categories visible to the user when posting a discussion. <a href="https://github.com/vanilla/multisite/pull/212" rel="nofollow noreferrer ugc">#212 </a></li></ul><h4 data-id="linkedin">LinkedIn</h4><ul><li>Migrate API from v1 to v2 <a href="https://github.com/vanilla/internal/pull/1901" rel="nofollow noreferrer ugc">#1901</a></li></ul><p><strong>Emoji Extender</strong></p><ul><li>Fix some case sensitivity issues with emoji extender <a href="https://github.com/vanilla/vanilla/pull/8910" rel="nofollow noreferrer ugc">vanilla/vanilla#8910</a></li><li>Fix broken emoji extender event name <a href="https://github.com/vanilla/vanilla/pull/8947" rel="nofollow noreferrer ugc">vanilla/vanilla#8947</a></li></ul><p><strong>Vanilla</strong></p><ul><li>Add boilerplate/keystone theming styles fixes <a href="https://github.com/vanilla/vanilla/pull/8870" rel="nofollow noreferrer ugc">vanilla/vanilla#8870</a></li><li>Fix some entry/connect AJAX errors <a href="https://github.com/vanilla/vanilla/pull/8916" rel="nofollow noreferrer ugc">vanilla/vanilla#8916</a></li><li>Fix password reset redirect <a href="https://github.com/vanilla/vanilla/pull/8924" rel="nofollow noreferrer ugc">vanilla/vanilla#8924</a></li><li>Fix height of titleBar buttons/the me box flyout position <a href="https://github.com/vanilla/vanilla/pull/8935" rel="nofollow noreferrer ugc">vanilla/vanilla#8935</a></li><li>Add state token support to Gdn_OAuth2 <a href="https://github.com/vanilla/vanilla/pull/8949" rel="nofollow noreferrer ugc">vanilla/vanilla#8949</a></li><li>Add ability to set standard target after registration by invitation <a href="https://github.com/vanilla/vanilla/pull/8950" rel="nofollow noreferrer ugc">vanilla/vanilla#8950</a></li><li>Fix some AJAX forms not properly redirecting <a href="https://github.com/vanilla/vanilla/pull/8955" rel="nofollow noreferrer ugc">vanilla/vanilla#8955</a></li><li>Add advanced search check to mobile search box <a href="https://github.com/vanilla/vanilla/pull/8960" rel="nofollow noreferrer ugc">vanilla/vanilla#8960</a></li><li>Escape the title in Gdn_Theme::logo() <a href="https://github.com/vanilla/vanilla/pull/8971" rel="nofollow noreferrer ugc">vanilla/vanilla#8971</a></li><li>Remove file path from some upload error messages <a href="https://github.com/vanilla/vanilla-patches/pull/579" rel="nofollow noreferrer ugc">vanilla/vanilla-patches#579</a></li></ul><h2 data-id="security"><strong>Security</strong></h2><p><em>Note: The first 2 fixes were also applied in a patch to 2019.007.</em></p><ul><li>Content security policy frame ancestors header <a href="https://github.com/vanilla/vanilla/pull/8970" rel="nofollow noreferrer ugc">#8970</a></li><li>Add timing attack mitigation to /entry URLs <a href="https://github.com/vanilla/vanilla-patches/pull/571" rel="nofollow noreferrer ugc">vanilla/vanilla-patches#571</a></li><li>Add additional rate limiting to some Vanilla sign-in URLs <a href="http://github.com/vanilla/vanilla-patches/pull/573" rel="nofollow noreferrer ugc">vanilla/vanilla-patches#573</a></li><li>Add rate limiting to SSO connect endpoint <a href="https://github.com/vanilla/vanilla-patches/pull/578" rel="nofollow noreferrer ugc">vanilla/vanilla-patches#578</a></li></ul><h2 data-id="developer">Developer</h2><ul><li>Update garden-http to version 2 <a href="https://github.com/vanilla/vanilla/pull/8912" rel="nofollow noreferrer ugc">vanilla/vanilla#8912</a></li></ul> </article> </main>