Release 2019.009 was first deployed to Vanilla Cloud on Wednesday, July 10th 2019
Moderation/Spam Queue Improvements
The Moderation Queue and Spam Queue now display full user content, allowing for easier triaging.
Full post formatting is now displayed, including Images, GIFs, and Rich Embeds making moderation of your Vanilla Forum easier than ever!
Additionally the moderation toolbar now sticks the top of the page so you don't have to scroll back up to it to take action.
Knowledge Base Analytics Support
Knowledge base now supports Advanced Analytics with charts and tracking for the following data:
- Total articles added
- Total "Helpful" reactions
- Total articles updated
- "Helpful" reactions by day
- Top articles with the most "Helpful" reactions
- Top users with articles having the most "Helpful" reactions
- Top users who have created the most articles
- Fix Rich Editor responding slowly in some browsers - vanilla#9012
- Fix clicking on Rich Editor mentions being able to crash the editor - vanilla#9012
- Fix Css bug when creating a spoiler - vanilla#9014
- Fix 422 errors when making an api v2 call to /discussions - support#548
- Update Subcommunities to redirect discussions viewed from the incorrect subcommunity - multisite#213
- Fix incorrect building of url when using subcommunities and hub/node together - multisite#214
- Ensure users can view their own profile information even if they do not have the moderator level permissions to view other users personal information - vanilla#8993
- Fix Rich Post formatting while using search without Advanced Search.
This release patches multiple medium severity security issues.
- Fix invitation limits not being enforced patches#541
- Remove dynamic RemoteUrl detection code to fix XSS vulnerability (note: This could potentially be breaking change for sites that were improperly configured using a method deprecated 7 years ago) - patches#585
- Fix potential security vulnerability in
serveFile() method - patches#581
- Fix Right to Left override character scrambling URL on leaving page - patches#582
- Improper Access Control - API V2 media endpoint - patches#545
- Fix Path disclosure - patches#203
- Publish WordPress addon security fixes - wordpress-vanilla#31
- Fix unprivileged setting of QnA status when adding or editing comments - addons-patches#33
Starting in this release, various internal infrastructure headers are no longer being used in the application and have been removed from
Gdn_Request - patches#574.
TSLint -> ESLint
Starting in this release the frontend codebase is now validated with ESLint instead of TSLint.