vBulletin 3.0.6 and 2.3.6 Released

Kier replied

Wed 19 Jan '05, 9:22pm
PLEASE NOTE THAT IF YOU ARE CURRENTLY RUNNING A VERSION OF VBULLETIN 3 OLDER THAN 3.0.5 AND YOU WANT TO PATCH, RATHER THAN UPGRADE, YOU MUST ALSO APPLY THE PATCH SUPPLIED WITH THE 3.0.5 RELEASE ANNOUNCEMENT
Leave a comment:
Kier replied

Tue 18 Jan '05, 12:00pm
You can discuss these releases in this thread:

http://www.vbulletin.com/forum/showthread.php?t=127029
Leave a comment:
Kier replied

Tue 18 Jan '05, 11:54am
Bugs Fixed

From 3.0.5 to 3.0.6
3586 - Firefox Standard Editor - Increase and Decrease window size does not work

3618 - Wrong "Format For Date" Examples

3612 - "Forum Home Page" Link (Purely Cosmetic)

3478 - SQL Backup produces invalid files

3346 - Mozilla WYSIWYG Editor Adds Extra Spaces

3605 - Typo in private.php

3608 - "Display Age" cannot be translated

3609 - “Birthday Date Format Override” lost when exporting/importing language

3615 - Search by last visit in admincp returns incorrect data

3639 - Multiple choice poll percentages calculated incorrectly

3644 - PM_MESSAGELISTBIT_USER uncached

3647 - Datastore not rebuilt after delete custom phrase

3648 - Scheduled task names double escaped

3630 - Missing phrase activating_registration

3652 - language_files_text phrase missing content

3624 - SQL error when searching FAQ (MySQL 4.1.x)

3654 - Double slashes in URL path break login redirection

3653 - Searching for exact User causes mySQL-Error

3623 - Invalid XHTML (& not & )

3663 - Add smilies help misdocumented

3620 - POST referrer check broken

3665 - Redirect forums browsable in archive

3667 - Grammar error on user moderation page

3662 - Logging on forum list in archive fails

3660 - Orphaned polls cause JS error on "Who Voted"

3618 - Date format example incorrectly

3612 - Forum home page link in mod CP missing </a>

3640 - Paid Subscription DB error

3366 - Invalid characters not stripped on XML export

3482 - strip_bbcode()/strip_quotes() slow in specific case

3666 - password history only works on the 2nd try

3650 - Uncached templates in forumdisplay.php

3643 - strip_bbcode should remove URL's when checking signature length

3568 - Old versions of Camino show WYSIWYG

3642 - Start Date has no effect in Paid Subscriptions

3421 - Merging users ignores paid subscriptions

3527 - # not added to hex colors in signature

3459 - Alignment tags display in PHP tags

3669 - Holiday system cannot handle Leap Day

3617 - Moderated Posts showing up in admin panel home

Possible XSS issue in private.php (fixed previously)

Possible XSS with BB code parsing and invalid nesting

From 2.3.5 to 2.3.6
Possible XSS with BB code parsing and invalid nesting

Search wildcards not displayed properly in page nav

Install/upgrade schema invalid in recent versions of MySQL

Possible XSS issues in private.php/showthread.php
Leave a comment:
Kier replied

Tue 18 Jan '05, 11:53am
Files Changed

From 3.0.5 to 3.0.6
/
attachment.php

calendar.php

cron.php

forumdisplay.php

global.php

image.php

index.php

login.php

memberlist.php

poll.php

private.php

profile.php

search.php

showthread.php

subscription.php

usercp.php

/admincp/

attachment.php

cronadmin.php

forum.php

forumpermission.php

image.php

index.php

phrase.php

subscriptions.php

template.php

thread.php

user.php

usertools.php

/archive/

index.php

/clientscript/

vbulletin_editor.js

vbulletin_stdedit.js

vbulletin_templatemgr.js

/includes/

adminfunctions_backup.php

adminfunctions_language.php

adminfunctions_template.php

adminfunctions_user.php

functions.php

functions_bbcodeparse.php (updated Jan 19, 11:35 AM EST; info)

functions_cron.php

functions_editor.php

functions_newpost.php

functions_subscriptions.php

functions_wysiwyg.php (updated Jan 18, 8:35 PM EST; info)

functions_xml.php

init.php

modfunctions.php

sessions.php

/modcp/

index.php

user.php

From 2.3.5 to 2.3.6

/
private.php

showthread.php

/admin/

functions.php

Other files for version numbers and upgrade scripts
Leave a comment:
Kier replied

Tue 18 Jan '05, 11:52am
Template Changes

From 3.0.5 to 3.0.6

editor_toolbar_standard
editor_toolbar_wysiwyg

Added the "Increase Size / Decrease Size" controls that are in use on vbulletin.com

Requires Revert: Yes if you want this functionality

pollresults_table

Added a conditional that displays "Multiple Choice Poll" for such polls.

Requires Revert: Yes if you want this functionality.

im_send_msn

Added javascript error suppression to hide the error that occurs if you try to use MSN when you are not logged in.

Requires revert? No

headinclude

Change:
var SESSIONURL = "$session[sessionurl]";
to
var SESSIONURL = "$session[sessionurl_js]";

Requires Revert? Yes to have the proper session hash for javascript links.

From 2.3.5 to 2.3.6
There are no template changes from 2.3.5 to 2.3.6
Leave a comment:
Kier started a topic vBulletin 3.0.6 and 2.3.6 Released

Tue 18 Jan '05, 11:51am
vBulletin 3.0.6 and 2.3.6 Released
vBulletin 3.0.6 and 2.3.6

vBulletin 3.0.6 and 2.3.6 are security and bug fix releases. They fix a recently discovered XSS issue regarding BB code parsing.

All versions of vBulletin prior to 3.0.6 and 2.3.6 are vulnerable. The only workaround is to disable BB code parsing in signatures and all forums where untrusted users can post.

We strongly urge all customers to upgrade or patch their installations ASAP. At the end of this post, you will find a patch for the security issue for includes/functions_bbcodeparse.php (vBulletin 3) and admin/functions.php (vBulletin 2); overwrite the version on your server with the file in the appropriate zip.

I would again like to reiterate that security is of our utmost concern. Recently, there have been several reports of security issues in vBulletin that have prompted the recent releases. We realize that these releases can be a burden on you. For that, we are sorry, but once we have become aware of a security issue, it is our duty to provide a fix to that issue. We are also performing internal security audits and looking into changes to our core systems to prevent issues such as these from occuring in the future.

Performance Hit Since PHP 4.3.10 / 5.0.3

Many people have noticed that vBulletin (any a lot of other PHP applications) suddenly started to run significantly slowed than normal after installing PHP 4.3.10 or 5.0.3 in order to patch the security flaw in previous versions of PHP.

This cause of this slow-down has been identified as a problem with the unserialize() function in PHP. For more details, see bugs.php.net.

This problem has now been fixed by the PHP developers, though the fixed version has yet to be released in a 'stable' version. However, the latest CVS snapshots of PHP 4.3.x and 5.0.x, available from snaps.php.net contain the fix and restore the original speed of unserialize().

While we would not recommend running a 'dev' version of PHP on any production server, we understand that the performance problem has been a major issue for some people. If you are badly affected, you may want to consider running a 'dev' version of PHP at your own risk in order to overcome the performance problem.

Backing Up Your Forums

Please be sure to check your backups, that they are complete before continuing with an upgrade. We had reports that PHP was causing time out errors when creating the back up SQL, and this was causing for incomplete or corrupted backups. The safest way to do a backup is to use the mysqldump utility through SSH/Telnet, as it will not suffer from any such problems. Full instructions for backing up your database are available in the vBulletin 3 Manual.

Installing or Upgrading vBulletin
Please see the appropriate manual sections: Installing vBulletin and Upgrading vBulletin.

vBulletin 2 patch/download updated at 7:25 PM EST on Jan 18. See here for info.
vBulletin 3 patch/download updated at 11:35 EST on Jan 19. See here for info.

PLEASE NOTE THAT IF YOU ARE CURRENTLY RUNNING A VERSION OF VBULLETIN 3 OLDER THAN 3.0.5 AND YOU WANT TO PATCH, RATHER THAN UPGRADE, YOU MUST ALSO APPLY THE PATCH SUPPLIED WITH THE 3.0.5 RELEASE ANNOUNCEMENT

-
Attached Files

vbulletin_2_patch.zip (20.8 KB, 782 views)

vbulletin_3_patch.zip (12.1 KB, 3565 views)
Last edited by Kier; Wed 19 Jan '05, 9:21pm.
Tags: None

Announcement

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment: