This upgrade patches an xss vulnerability discovered in the update checker.

To upgrade, download the new Vanilla-1.1.8 package from getvanilla.com and replace the following files in your 1.1.7 installation:

ajax/updatecheck.php
appg/version.php

This upgrade is only related to the installer. Upgrading will only be necessary if you need to (re)install Vanilla.

To upgrade, download the new Vanilla-1.1.7 package from getvanilla.com and replace the following files in your 1.1.6 installation:

appg/version.php
setup/installer.php
setup/mysql.sql

After downloading the new Vanilla-1.1.6 package from getvanilla.com, the following files should be replaced in your 1.1.5a installation:

comments.php
termsofservice.php
ajax/sortcategories.php
ajax/sortroles.php
ajax/switch.php
appg/database.php
appg/settings.php
appg/version.php
js/global.js
js/jquery.js
languages/English/definitions.php
library/Framework/*
library/People/*
library/Vanilla/Vanilla.Class.CategoryManager.php
library/Vanilla/Vanilla.Class.DiscussionManager.php
library/Vanilla/Vanilla.Control.CategoryForm.php
library/Vanilla/Vanilla.Functions.php
setup/installer.php
setup/mysql.sql
setup/style.css
themes/comments.php
themes/people_foot.php
themes/vanilla/styles/default/people.css
themes/vanilla/styles/default/vanilla.css

After downloading the new Vanilla-1.1.5a package from getvanilla.com, the following files should be replaced in your 1.1.5a installation:

appg/version.php
library/Framework/Framework.Class.IntegrityChecker.php
library/Framework/Framework.Class.DirectoryScanner.php
library/People/People.Class.UserManager.php
setup/installer.php

Vanilla 1.1.4 contained XSS and CSRF vulnerabilities and should be patched. After downloading the new Vanilla-1.1.5 package from getvanilla.com, the following files should be replaced in your 1.1.5 installation:

comments.php
termsofservice.php
ajax/blockcategory.php
ajax/sortcategories.php
ajax/sortroles.php
ajax/switch.php
ajax/switchextension.php
ajax/updatecheck.php
appg/init_ajax.php
appg/init_people.php
appg/init_vanilla.php
appg/md5.csv
appg/settings.php
appg/version.php
js/global.js
js/jquery.js
js/vanilla.js
languages/English/definitions.php
library/Framework/Framework.Class.AsyncUploader.php
library/Framework/Framework.Class.Context.php
library/Framework/Framework.Class.Control.php
library/Framework/Framework.Class.Delegation.php
library/Framework/Framework.Class.DirectoryScanner.php
library/Framework/Framework.Class.Email.php
library/Framework/Framework.Class.IntegrityChecker.php
library/Framework/Framework.Class.ObjectFactory.php
library/Framework/Framework.Class.SqlBuilder.php
library/Framework/Framework.Class.SqlSearch.php
library/Framework/Framework.Class.XmlManager.php
library/Framework/Framework.Control.Head.php
library/Framework/Framework.Control.UpdateCheck.php
library/Framework/Framework.Functions.php
library/People/People.Class.Authenticator.php
library/People/People.Class.PasswordHash.php
library/People/People.Class.Session.php
library/People/People.Class.User.php
library/People/People.Class.UserManager.php
library/People/People.Control.Leave.php
library/People/People.Control.SignInForm.php
library/Vanilla/Vanilla.Class.Comment.php
library/Vanilla/Vanilla.Class.CommentManager.php
library/Vanilla/Vanilla.Class.Discussion.php
library/Vanilla/Vanilla.Class.DiscussionManager.php
library/Vanilla/Vanilla.Control.CommentGrid.php
library/Vanilla/Vanilla.Control.DiscussionForm.php
library/Vanilla/Vanilla.Control.IdentityForm.php
library/Vanilla/Vanilla.Control.Menu.php
library/Vanilla/Vanilla.Control.PasswordForm.php
library/Vanilla/Vanilla.Control.SearchForm.php
library/Vanilla/Vanilla.Functions.php
setup/installer.php
setup/upgrader.php
themes/account_preferences_form.php
themes/categories.php
themes/comment_form.php
themes/comments.php
themes/discussion.php
themes/discussion_form.php
themes/discussions.php
themes/menu.php
themes/people_foot.php
themes/people_signout_form_nopostback.php
themes/search_results_comments.php
themes/search_results_users.php
themes/settings_update_check_validpostback.php
themes/vanilla/styles/default/people.css
themes/vanilla/styles/default/utility.css
themes/vanilla/styles/default/vanilla.css
themes/vanilla/styles/default/vanilla.print.css

Vanilla 1.1.3 contained a serious vulnerability and should be patched. After downloading the new Vanilla-1.1.4 package from getvanilla.com, the following files should be replaced in your 1.1.3 installation:

/ajax/sortcategories.php
/ajax/sortroles.php
/languages/English/definitions.php
/themes/settings_category_list.php
/themes/settings_role_list.php
/appg/settings.php
/appg/version.php
/js/*.* (all files in this folder)
/setup/index.php
/setup/installer.php
/setup/upgrader.php

Every single file in Vanilla has been changed since the release of 1.1.2, but the vast majority of changes were formatting and documentation changes which are not required to gain the added functionality and bugfixes of version 1.1.3. The actual files which need replacing are:

/account.php
/categories.php
/comments.php
/settings.php
/appg/headers.php
/appg/settings.php
/js/builder.js
/js/controls.js
/js/dragdrop.js
/js/effects.js
/js/global.js
/js/prototype.js
/js/scriptaculous.js
/js/slider.js
/library/Framework/Framework.Class.ConfigurationManager.php
/library/Framework/Framework.Class.Context.php
/library/Framework/Framework.Class.ErrorManager.php
/library/Framework/Framework.Class.Page.php
/library/Framework/Framework.Class.PageList.php
/library/Framework/Framework.Class.StringManipulator.php
/library/Framework/Framework.Class.Uploader.php
/library/Framework/Framework.Control.Head.php
/library/Framework/Framework.Control.LanguageForm.php
/library/Framework/Framework.Control.UpdateCheck.php
/library/Framework/Framework.Functions.php
/library/People/People.Class.Authenticator.php
/library/People/People.Class.Session.php
/library/People/People.Class.User.php
/library/People/People.Class.UserManager.php
/library/People/People.Control.ApplyForm.php
/library/People/People.Control.RoleForm.php
/library/People/People.Control.SignInForm.php
/library/Vanilla/Vanilla.Class.CategoryManager.php
/library/Vanilla/Vanilla.Class.CommentManager.php
/library/Vanilla/Vanilla.Control.AccountRoleForm.php
/library/Vanilla/Vanilla.Control.CategoryForm.php
/library/Vanilla/Vanilla.Control.CommentGrid.php
/library/Vanilla/Vanilla.Control.DiscussionForm.php
/library/Vanilla/Vanilla.Control.GlobalsForm.php
/library/Vanilla/Vanilla.Control.IdentityForm.php
/library/Vanilla/Vanilla.Control.PasswordForm.php
/library/Vanilla/Vanilla.Control.ThemeAndStyleForm.php
/themes/foot.php
/themes/head.php
/themes/settings_applicants_form.php
/themes/settings_category_edit.php
/themes/vanilla/styles/default/people.css
/themes/vanilla/styles/default/vanilla.css

The following files aren’t necessary to update in order to have a working version of 1.1.3, but they have also been altered since the release of Vanilla 1.1.2:

/readme.html
/setup/index.html
/setup/installer.php
/setup/style.css
/setup/upgrader.php
/themes/account_profile.php

There were a number of small patches applied to the core since the release of Vanilla 1.1. If you download the Vanilla-1.1.2.zip and open it, here are the files you need to update in order to patch your copy of Vanilla:

/comments.php
/ajax/blockcategory.php
/ajax/switch.php
/ajax/switchextension.php
/ajax/updatecheck.php
/appg/settings.php
/js/global.js
/js/vanilla.js
/library/Framework/Framework.Functions.php
/library/People/People.Class.Authenticator.php
/library/People/People.Class.UserManager.php
/themes/account_preferences_form.php
/themes/categories.php
/themes/comment_form.php
/themes/comments.php
/themes/discussion_form.php
/themes/settings_applicants_form.php

The following files aren’t necessary to update in order to have a working version of 1.1.2, but they have also been altered since the release of Vanilla 1.1:

/readme.html
/setup/index.html
/setup/installer.php
/setup/upgrader.php

You may find that some features don’t work immediately after an upgrade. If this happens, make sure that your browser does not have cached versions of the javascript files that have been updated. If it does, it will break a lot of ajax functionality.

Your Upgrade is Complete!

Problems?

Ask for help at the community forum.

Assuming you haven’t made any changes to the core Vanilla files, upgrading is easy. By “core Vanilla files”, I am referring to all files NOT in the conf or extensions directories. All you need to do is:

• Back up your current Vanilla files.
• Download the new version from http://getvanilla.com.
• Unzip the files to your local machine.
• Delete the extensions and conf folders on your downloaded, unzipped files (You do not want to copy the conf or extensions folders because you want your existing configurations and extensions to remain intact).
• Upload all remaining New Vanilla files on top of the existing Vanilla files on your server.
• Take any additional language and theme files that you were using from your backup and re-upload them into the appropriate places in Vanilla.

Your Upgrade is Complete!

Problems?

Ask for help at the community forum.

• Back up your current files *just in case*.
• Download the new version from http://getvanilla.com.
• Unzip the files to your local machine.
• Remove the existing files from your server.
• Upload the new Vanilla files to your server.
• Find the appg/settings.php file from your backup version. Upload it to your new Vanilla’s conf folder and rename it to old_settings.php.
• Navigate to your vanilla’s folder in your web browser and follow the instructions.