iCafeZone.Net Community XenForo & vBulletin Thai

iCafeZone.Net Community XenForo & vBulletin Thai

[ประกาศ] vBulletin China
We are pleased to announce that Nathanael Lee and Yoching Chaing are both going to be heading up support for existing vBulletin China customers.

vBulletin China will not be conducting new sales at this stage, and it will still be providing support for vbulletin customers who gained licence in China. If you wish to purchase a new instance of vBulletin and you are from China, you are welcome to purchase vBulletin here and receive support through our normal channels.
The support provided by Nathanael and Yoching will be for customers that purchased a license through the vbulletin-china website or vbulletin.com and are seeking support in Chinese. We are happy to have them on board to answer your support questions.
Please visit vBulletin for Chinese support.

We have released a patch (and updated the downloadable version) for 4.0.3
This fixes a bug with the adsense integration.

Download vBulletin 4.0.3 PL1

As usual, the version released today is available for all customers with valid, active licenses to download from the vBulletin Members' Area.

vBulletin Members Area

Effective immediately vBulletin 4.0.3 Maintenance Release of vBulletin Publishing Suite and vBulletin Forum is available. If you have an active vBulletin license, you can download your copy of 4.0.3 from the vBulletin Members Area at: http://members.vbulletin.com

4.0.3 fixes more than 316 bugs since the release of 4.0.2.
Full list of bugs

We also have added the functionality of Facebook Connect – this enables users to sign onto a vbulletin forum utilizing their facebook account. This feature is disabled by default. Instructions on how to enable it (and other details) can be found here.

We have made some permission changes in the CMS permissions as well, based on feedback. The details on these changes and how they might affect...
[ประกาศ] Security Patch Release 4.0.2 PL3
Potential XSS vulnerabilities has been identified in vBulletin 4.0.2 PL2 in relation to the CMS content type search widgets (recent threads, recent posts, and general search), and CMS article preview on section pages. We became aware of one XSS issue involving blog titles being displayed incorrectly in a general search widget set to search for recent blog posts. During the QA process testing that issue, we discovered other related vulnerabilities. This was the cause of the delay in an official announcement and patch release. We are issuing a patch release to address these issues.

The upgrade process is the same as previous patch level releases - simply download the patch from the Members Area, extract the files and upload to your webserver, overwriting the existing files. There is no upgrade script required if you are...
The vBulletin development team has identified a potential issue with the strength of password encryption in vBulletin and we are implementing a patch to address this issue.

In certain rare cases, hackers can exploit a non-vBulletin vector (such as a bad plug-in) to access the vBulletin password database and attempt to decrypt administrator and user passwords.

In the cases we have investigated, if hackers are able to successfully exploit the password database, they focus on administrator usernames and passwords. Since many administrators work on multiple vBulletin sites, the hackers then search all vBulletin sites for a particular administrator username and attempt to log in with the corresponding password. They then access user tables and attempt to repeat the process across multiple vBulletin sites and cause widespread disruptions.

The patch changes the way password hashes are generated to prevent some methods of determining the password from the hash...
This is to let you know that the fix for the thread rate bug that was inadvertantly left out of the 3.8.5 is now in the vB 3.8.5 download from the Memebrs Area.

If you have already upgraded to 3.8.5, you can upload the attached showthread.php file for the fix. This is the only file that was changed.

Sorry for any inconvenience, and thanks for your patience. :)

Attached Files