Vanilla Release Notes

Release 2019.009

Release 2019.009 was first deployed to Vanilla Cloud on Wednesday, July 10th 2019

Moderation/Spam Queue Improvements

The Moderation Queue and Spam Queue now display full user content, allowing for easier triaging.

Full post formatting is now displayed, including Images, GIFs, and Rich Embeds making moderation of your Vanilla Forum easier than ever!

Additionally the moderation toolbar now sticks the top of the page so you don't have to scroll back up to it to take action.

Knowledge Base Analytics Support

Knowledge base now supports Advanced Analytics with charts and tracking for the following data:

Total articles added
Total "Helpful" reactions
Total articles updated
"Helpful" reactions by day
Top articles with the most "Helpful" reactions
Top users with articles having the most "Helpful" reactions
Top users who have created the most articles

Bug Fixes

Rich Editor

Fix Rich Editor responding slowly in some browsers - vanilla#9012
Fix clicking on Rich Editor mentions being able to crash the editor - vanilla#9012
Fix Css bug when creating a spoiler - vanilla#9014

Ideation

Fix 422 errors when making an api v2 call to /discussions - support#548

Subcommunities

Update Subcommunities to redirect discussions viewed from the incorrect subcommunity - multisite#213
Fix incorrect building of url when using subcommunities and hub/node together - multisite#214

MeBox

Ensure users can view their own profile information even if they do not have the moderator level permissions to view other users personal information - vanilla#8993

Search

Fix Rich Post formatting while using search without Advanced Search.

Reporting

Fix broken format when reporting a post internal#1912

Security

This release patches multiple medium severity security issues.

Fix invitation limits not being enforced patches#541
Remove dynamic RemoteUrl detection code to fix XSS vulnerability (note: This could potentially be breaking change for sites that were improperly configured using a method deprecated 7 years ago) - patches#585
Fix potential security vulnerability in serveFile() method - patches#581
Fix Right to Left override character scrambling URL on leaving page - patches#582
Improper Access Control - API V2 media endpoint - patches#545
Fix Path disclosure - patches#203
Publish WordPress addon security fixes - wordpress-vanilla#31
Fix unprivileged setting of QnA status when adding or editing comments - addons-patches#33

Developer Notes

HTTP Headers

Starting in this release, various internal infrastructure headers are no longer being used in the application and have been removed from Gdn_Request - patches#574.

HTTP_X_FORWARDED_HOST
HTTP_X_CLUSTER_CLIENT_IP
HTTP_X_ORIGINALLY_FORWARDED_PROTO

TSLint -> ESLint

Starting in this release the frontend codebase is now validated with ESLint instead of TSLint.