Welcome to the new Customer Portal! We are still in the process of moving all our customers so please bear with us if you are temporarily unable to log in. You can still email support@vanillaforums.com!

Critical Security Bug: Search results ignore category privileges

edited May 2012 in Archived
Search results include results in categories that a user does not have access to. People who do not even have a forum account can run a search and see posts in categories that only members of a group have access to. So it is effectively impossible to create a private category on a hosted Vanilla forum.

This is very basic and very important functionality and whomever is responsible for security testing at Vanilla needs to get on the ball.


  • edited April 2012
    Hi @James_Puckett, thanks for notifying us of this serious problem. It appears this was an undiscovered bug in last week's update release. We have patched the bug immediately and have deployed it to all sites. I've tested it on your site to confirm it's fixed.
  • Thank you for the quick turnaround.
This discussion has been closed.