It has come to my attention that there was a very serious security hole in Vanilla <= 0.9.2.5.

Despite the fact that we are on the cusp of the next big upgrade to Vanilla 0.9.3, this hole is so serious that I have decided to release one more patch to the old Vanilla core. I very highly recommend upgrading all forums out there as soon as possible.

The upgrade should be very painless:

1. Download the latest version of vanilla at getvanilla.com. The file you receive should be vanilla.0.9.2.6.zip.
2. Upload the /controls and /library folders up to your vanilla installation, overwriting the old ones.
3. For your own personal records, you may want to update your appg/settings.php file and change your agVANILLA_VERSION to 0.9.2.6.

Many thanks to cory for finding and reporting these issues before they could give us any nightmares.

--EDIT--

If you are concerned about the specific files that have been updated, here is a list of the specific files and lines that have been altered:

library/Vanilla.Search.class.php

Lines 158 & 169

library/Utility.Parameters.class.php

Line 21

controls/search.php

Line 229

I *believe* that is everything, but I may have forgotten to write down a change, which is why I still recommend doing the full overwrite of those two folders. Unless you've done some customization like leemarrett, replacing the folders entirely shouldn't affect your installation's functionality (besides patching the XSS hole, of course).