VaultWiki News

On February 19, the security patches for March were released early in an effort to rollout fixes for an issue which may have been being used in the wild.

Issue List

VWE-2019-5016 is a Permissions Escalation issue, where by guessing the correct editor URL, users are able to post new wiki content without proper permissions. The issue affects new content only; edits to existing content are unaffected.

Patches

Important: if you already run one of the following patches but believe you may have downloaded it prior to February 19, 2019, we recommend that you re-download and reapply the patch; there was a problem where our downloader offered some these names for download even though the patch was not released yet or provided patches for different versions than requested.

As of February 19, 2019, the following patches address the aforementioned issue:

• 4.1.0 Alpha 2
• 4.0.25 Patch Level 1
• 4.0.24 Patch Level 3
• 4.0.23 Patch Level 5
• 4.0.22 Patch Level 7
• 4.0.21 Patch Level 8*

*A patch was issued for this version even though it reached its end-of-life before the patch date, because the issue was identified prior to its end-of-life. However, we recommend that users update to a more recent patched version.

We recommend that all users running VaultWiki in a production environment update to a patched release.

On February 12, we have released 4.1.0 Alpha 2 for public testing. This release corrects about 125 known issues from Alpha 1 and previous versions, moving the 4.1.x series closer to a proposed Beta.

For a list of changes in this release, please see Changelog for 4.1.0 Alpha 2. If you are a style or language pack maintainer, please check here for changes which may affect you.

XenForo 2.1 Support

Alpha 2 is the first version to include basic compatibility and support for XenForo version 2.1.x, meaning that VaultWiki should now run on these versions without throwing showstopper error messages.

Importer

Alpha 2 reintroduces the ability to import content from outside wiki sources via the Admin Panel, including from source installations running XenForo 2+.

Release Notes

Sites running previous 4.1.x Alphas should upgrade to VaultWiki 4.1.0 Alpha 2 as soon as they are able in order to improve stability. VaultWiki 4.1.0 Alpha 2 is alpha software. We recommend that alpha software only be used in a test environment. During the alpha period, there may be frequent builds, as often as daily, with which testers should try to keep up-to-date.

VaultWiki 4.0.25 is now available to customers with an active license. This is a maintenance release, containing about 25 bug fixes and style tweaks.

For a list of changes in this release, please see Changelog for 4.0.25. If you are a style or language pack maintainer, please check here for changes which may affect you.

Release Notes

The current release is 4.0.25, which should be usable on vBulletin-based and XenForo-based production sites.

Today, January 22, 2019, the regularly scheduled security patches for January are available.

Issue List

VWE-2018-4972 is a Permissions Escalation issue, where users may be able to use smilies in wiki content even if they don't have permission to use smilies or even if the area does not permit smilies. The issue affects VaultWiki 4.0.21 - 4.0.24, on vBulletin 3.x only.

Patches

The following patches, issued January 22, 2019, address the aforementioned issue:

• 4.0.24 Patch Level 2
• 4.0.23 Patch Level 4
• 4.0.22 Patch Level 6
• 4.0.21 Patch Level 7

We recommend that all users running VaultWiki on vBulletin 3.x in a production environment update to a patched release.

VaultWiki 4.1.x is here! As of today, Alpha 1 is available to customers with an active license. We invite you to join the public alpha and help us get 4.1.x ready for production.

For a list of changes in this release, please see Changelog for 4.1.0 Alpha 1. If you are a style or language pack maintainer, packs designed for VaultWiki 4.0.x will need to be thoroughly updated for compatibility with VaultWiki 4.1.x.

Below is a partial list of some of the new features in 4.1.x. These and other features may be discussed in more depth in future articles.

XenForo 2.0.x Support

This new version introduces support for XenForo 2.0.x environments (XenForo 2.1.x support will be added in the near future). You may install it like you would any XenForo 2 add-on. However, please do not attempt to use it with XenForo 2's command-line install or upgrade unless you are using XenForo 2.0.12 or higher; there is a bug in previous versions of XenForo which will prevent the process from completing successfully and will damage your forum.

Feed Portal

By request, we now include a separate forum tab which offers unified lists of the most recent collaborative and personal feed entries. This brings feed content closer to the user, making it easier to find wiki content shared in this way. It also makes it easier to use feeds as a replacement for blogs or news.

Like Everything

Users on XenForo forums are now able to like everything from individual edits to feed entries and everything in between. Liking a page or a feed will also give credit to a few recent contributors to that content.

Version and Changelog Checking

Version check results are now displayed in a persistent notice above all VaultWiki admin pages if a newer version is available. Beside the name of the new version, you will find a new link which will download a changelog for that version that has been customized for the version that you currently have installed. So the changelog only shows fixes for bugs that exist in your version, security vulnerabilities that affect your version, etc. We hope this will make it easier for customers to determine that there is a new version and to help them decide how soon they should upgrade.

Release Notes

VaultWiki 4.1.0 Alpha 1 is a significant update with major backend changes, new features, and is alpha software. We recommend that alpha software only be used in a test environment. During the alpha period, there may be frequent new builds, as often as daily, with which testers should try to keep up-to-date.

On December 23, we updated the main support site and the XenForo-based demo to run a preview of VaultWiki 4.1.0 Alpha 1. Throughout the past week, we have monitored error logs and behavior to ensure that the new version is functioning as intended.

As of today, December 29, we have now updated the XenForo demo to XenForo 2.0, and have updated the VaultWiki preview accordingly. So starting today, you have your first chance to see VaultWiki running on a XenForo 2 forum! As before, we will be monitoring the installation for a few days to ensure that the new version is ready to ship.

Feel free to try out the new version here or on our demo, see if you can find what's new, and report any bugs you encounter in the preview to our support area, as you normally would. Please do not post feature requests specific to the new version at this time.

If the preview continues to go well, we expect that 4.1.0 Alpha 1 will be available to the general public for testing as soon as New Year's Eve.