Announcements

Effective immediately vBulletin 4.0.3 Maintenance Release of vBulletin Publishing Suite and vBulletin Forum is available. If you have an active vBulletin license, you can download your copy of 4.0.3 from the vBulletin Members Area at: http://members.vbulletin.com 4.0.3 fixes more than 316 bugs since the release of 4.0.2. Full list of bugs We also have added the functionality of Facebook Connect – this enables users to sign onto a vbulletin forum utilizing their facebook account. This feature is disabled by default. Instructions on how to enable it (and other details) can be found here. We have made some permission changes in the CMS permissions as well, based on feedback. The details on these changes and how they might...

Potential XSS vulnerabilities has been identified in vBulletin 4.0.2 PL2 in relation to the CMS content type search widgets (recent threads, recent posts, and general search), and CMS article preview on section pages. We became aware of one XSS issue involving blog titles being displayed incorrectly in a general search widget set to search for recent blog posts. During the QA process testing that issue, we discovered other related vulnerabilities. This was the cause of the delay in an official announcement and patch release. We are issuing a patch release to address these issues. The upgrade process is the same as previous patch level releases - simply download the patch from the Members Area, extract the files and upload to...

The vBulletin development team has identified a potential issue with the strength of password encryption in vBulletin and we are implementing a patch to address this issue. In certain rare cases, hackers can exploit a non-vBulletin vector (such as a bad plug-in) to access the vBulletin password database and attempt to decrypt administrator and user passwords. In the cases we have investigated, if hackers are able to successfully exploit the password database, they focus on administrator usernames and passwords. Since many administrators work on multiple vBulletin sites, the hackers then search all vBulletin sites for a particular administrator username and attempt to log in with the corresponding password. They then...

This is to let you know that the fix for the thread rate bug that was inadvertantly left out of the 3.8.5 is now in the vB 3.8.5 download from the Memebrs Area. If you have already upgraded to 3.8.5, you can upload the attached showthread.php file for the fix. This is the only file that was changed. Sorry for any inconvenience, and thanks for your patience. :) Attached Files showthread..php‎ (73.9 KB) More...

Today we're announcing the availability of vBulletin 3.8.5 Maintenance Release. If you have an active vBulletin license, you can download your copy of 3.8.5 from the vBulletin Members Area at: http://members.vbulletin.com . 27 bugs have been fixed in vBulletin 3.8.5. Here's a list of the bugs fixed with the public bug tracker ID number. 28683: Upgrade to 3.8.4, but still deprecated messages 28698: Wrong Phrase in Advanced Mod while Posting a Visitor Message 28703: PHP Warning in Class Diff on Upgrade 28705: The links 'Prev' & 'Next' are missing when viewing an album picture 28708: Deprecated messages inside exported XML product files 28709: in custom BBCode 28713: Reputation Menu - Comment Box 28941: Recent Visitors...

Just a quick note to let you know that carrie has created some new styles for vB4 and made these available to licensed customers in the vBulletin Style Packs forum. You can see and download these styles here: [vB4] Bold Styles for vBulletin 4.0.2 [vB4] Pastel Styles for vBulletin 4.0.2 In addition I have added some new styles to these forums which you can view here: Emerald Sea Blue & Gold Dark Rider Bold Grey (Carrie's bold grey style) I will add downloads for these as soon as I can. Enjoy! More...

An XSS exploit has been discovered in 4.0.1 and 4.0.2. We strongly recommend that anyone running these versions immediately patch their systems. If you are running 4.0.2 already, simply download the latest Security patch: 4.0.2 Suite PL1 from the Members Area, extract the 5 patch files, then upload these files making sure to overwriting the existing files. This will update your version to the latest patch release. The patch files are: includes/class_core.php includes/functions_forumdisplay.php includes/functions.php includes/version_vbulletin.php vb/legacy/thread.php If you are running 4.0.1, you will need to do a full upgrade to 4.0.2 PL1 (available in the Members Area.) Just downed the latest release and upgrade normally...