Vanilla Release Notes

Release 2019.008

Release 2019.008 was first deployed to Vanilla Cloud on Thursday, June 27th 2019

Features

Security Improvements w/ HSTS

Note: This feature was also applied in a patch to 2019.007.

This Vanilla release improves security by allowing sites to enable stricter security on their domains.

This feature is now on by default and means that once a user has visited a site over https:// their browser will always use https:// for this domain in the future. This is a more secure mechanism for enforcing https:// than redirects, and prevents user from accidentally browsing the insecure version of a site.

Various configuration options and their descriptions can be found on the Security page in the Vanilla dashboard.

Knowledge Base

Add aliases endpoint to articles API v2 resource vanilla/knowledge#1047

Bug Fixes

API v2

Update media resource management permission to Garden.Community.Manage vanilla/vanilla-patches#572

Rich Editor

Fix incorrect editor selection handling (vanilla/vanilla#8967)

Ideation

Fix moving an idea to a non ideation category. #8952 #1891

Ranks

Fix passing of RankID directly to endpoints. #8975
Fix ability to bypass ranks posting by saving a draft. #1885 #8946

KeywordBlocker

Fix adding numbers to keywordBlocker flags userIDs. #1890

Terms of use manager

Fix terms of user manager to display properly. #1883 #8928
Simplify showing and hiding name and password. #1911

Polls

Fix category discussion type not respected when creating a poll. #1882

QnA

Fix category discussion type not respected when creating a question. #715

AdvancedSearch

Fix category specific search. #210

Subcommunities

Allow subcommunities to see all categories visible to the user when posting a discussion. #212

Migrate API from v1 to v2 #1901

Emoji Extender

Fix some case sensitivity issues with emoji extender vanilla/vanilla#8910
Fix broken emoji extender event name vanilla/vanilla#8947

Vanilla

Add boilerplate/keystone theming styles fixes vanilla/vanilla#8870
Fix some entry/connect AJAX errors vanilla/vanilla#8916
Fix password reset redirect vanilla/vanilla#8924
Fix height of titleBar buttons/the me box flyout position vanilla/vanilla#8935
Add state token support to Gdn_OAuth2 vanilla/vanilla#8949
Add ability to set standard target after registration by invitation vanilla/vanilla#8950
Fix some AJAX forms not properly redirecting vanilla/vanilla#8955
Add advanced search check to mobile search box vanilla/vanilla#8960
Escape the title in Gdn_Theme::logo() vanilla/vanilla#8971
Remove file path from some upload error messages vanilla/vanilla-patches#579

Security

Note: The first 2 fixes were also applied in a patch to 2019.007.

Content security policy frame ancestors header #8970
Add timing attack mitigation to /entry URLs vanilla/vanilla-patches#571
Add additional rate limiting to some Vanilla sign-in URLs vanilla/vanilla-patches#573
Add rate limiting to SSO connect endpoint vanilla/vanilla-patches#578

Developer

Update garden-http to version 2 vanilla/vanilla#8912