Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Update your Vanilla Forums
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Update your Vanilla Forums

Howdy,

We've just released 2.1.13, which addresses multiple security issues issues found during a self-initiated audit. Update should be applied immediately to all forums running the 2.1 release branch (or earlier). You can find full details on what changes were made and how to upgrade here.

More info:
http://vanillaforums.org/discussion/31046/vanilla-2-1-13-security-updates

Thanked by 2netomx Nyr
«13

Comments

  • @Mun said:
    jbiloh ;) ^^

    I think we need @sysadmin

    Thanked by 1netomx
  • @Nekki said:

    I think I need you ;)

  • @Mun said:
    I think I need you ;)

    Well ain't you just the sweet talker

    Thanked by 3netomx GM2015 BensDaMan
  • @Nekki said:
    Well ain't you just the sweet talker

    Mum got in your pants pretty quick, I didn't know you were that easy ;)

    Thanked by 2GM2015 NexHost
  • So much love in this thread!

  • NyrNyr Community Contributor, Veteran
    edited November 2015

    This is getting ridiculous. I don't know where to start:

    • Two weeks ago, they released another security update. They needed to release FOUR different revisions until all the regressions introduced in the security update were fixed. This did take them several days.
    • New update released some days ago and today another revision is submitted to fix one more regression. So a total of four revisions needed in two weeks just to fix fucking security updates.
    • I didn't get a notification about this new security update because they didn't care to tag the release in GitHub. There isn't any reliable way to get security notifications from them.

    Guys: don't use Vanilla Forums for any project you are planning to start, really. The codebase is crap, the security side is crap too and the developers aren't qualified to ship a production ready product.

    Thanked by 1doughmanes
  • ATHK said: Mum got in your pants pretty quick, I didn't know you were that easy ;)

    >

    Awkward typo

    Thanked by 3GM2015 trewq BensDaMan
  • I moved away from Vanilla forums around a year and a half ago due to the issues that kept happening.

  • Who uses Vanilla forums anyway.

  • @IceCream said:
    Who uses Vanilla forums anyway.

    I'm getting rusty, I can't tell if that's sarcasm or not.

  • @IceCream said:
    Who uses Vanilla forums anyway.

    Stares at screen .

    Thanked by 2netomx Nomad
  • IceCreamIceCream Member
    edited November 2015

    @Umcookies said:
    I'm getting rusty, I can't tell if that's sarcasm or not.

    What is sarcasm?

  • @IceCream said:
    What is sarcasm?

    Its an icecream flavour :)

    Thanked by 1Falzo
  • In my country we make sarcasm with fermented cabbage. Every Sunday the whole family gets together for sarcasm.

    Thanked by 2netomx Four20
  • @Mun, @IceCream, @Nyr What do you suggest as alternatives?

  • NyrNyr Community Contributor, Veteran

    @TWo said:
    Mun, IceCream, Nyr What do you suggest as alternatives?

    Flarum looks decent.

    Thanked by 1TWo
  • @Nyr said:
    Flarum looks decent.

    Will look into it. Thanks.

  • @TWo said:

    Fluxxbb is also amazing, they are migrating it into flarum though.

    Thanked by 1TWo
  • vote for discourse forum

  • @mgilang said:
    vote for discourse forum

    Kinda meh, buggy, heavy on resources.

  • joepie91joepie91 Member, Patron Provider
    edited November 2015

    Discourse has a lot of the right ideas, but unfortunately 1) it's written in Ruby (which means it is a nightmare to deploy), and 2) it requires Javascript to be enabled to use it (even just to read), which is unacceptable for a forum.

    Thanked by 1netomx
  • dedicadosdedicados Member
    edited November 2015
    Two weeks ago, they released another security update. They needed to release FOUR different revisions until all the regressions introduced in the security update were fixed. This did take them several days.
    New update released some days ago and today another revision is submitted to fix one more regression. So a total of four revisions needed in two weeks just to fix fucking security updates.
    I didn't get a notification about this new security update because they didn't care to tag the release in GitHub. There isn't any reliable way to get security notifications from them.
    

    Guys: don't use Vanilla Forums for any project you are planning to start, really. The codebase is crap, the security side is crap too and the developers aren't qualified to ship a production ready product.

    sounds like WHMCS

    xD

    Thanked by 2netomx tux
  • NeoonNeoon Community Contributor, Veteran

    phpbb3

  • Flarum is cool, but I'm waiting until it's a bit more feature-complete before deploying it. Discourse is a resource hog (and then some!), but it's pretty stable and flexible once you get it up and running.

    Thanked by 1Rolter
  • Nyr said: Guys: don't use Vanilla Forums for any project you are planning to start, really. The codebase is crap, the security side is crap too and the developers aren't qualified to ship a production ready product.

    And yet, despite many, many attempts I don't seem to be able to convince some people that we should switch from Vanilla to a more mature, secure, and stable product.

    This product is going to bite us in the ass again sooner or later and all I can do at that point is say "I told you so" and try to iron things out for the people that wouldn't listed to me.

  • @mpkossen as of current there is no good way to migrate to another forum. So start from scratch as well.

  • @Mun said:
    mpkossen as of current there is no good way to migrate to another forum. So start from scratch as well.

    Writing a migration script should be worth the effort IMHO. What's worse: having to spend 16-32 hours on writing a migration script or having your forum owned again and your reputation blown to pieces?

    I believe there is at least one solution with an importer that can then export to other solutions. Migrations aren't easy, they never are. But at some point it is worth the effort.

    Thanked by 1Rolter
  • @mpkossen I'm not saying it isn't worth it. I'm saying that after I looked for a proper migration solution that I couldn't find any. Something to consider as part of the move (that will happen eventually).

  • @Mun said:
    mpkossen I'm not saying it isn't worth it. I'm saying that after I looked for a proper migration solution that I couldn't find any. Something to consider as part of the move (that will happen eventually).

    Sorry, didn't mean to sound cross in my reply. I agree though, migration isn't easy.

Sign In or Register to comment.