Announcements

[SIZE=4]vBulletin Publishing suite and Forum Classic 4.1.5pl1 4.1.4pl3 4.1.3pl3 Has been released. This patch strengthens the security of the AdminCP to prevent a reported XSS attack in vBulletin versions 4.1.3, 4.1.4 and 4.1.5. To resolve this issue, it has been necessary to release a patch level version for these three versions only. The issue is limited to certain browsers only, and does not affect versions of vBulletin prior to 4.1.3. The patching process is the same as previous patch level releases - simply download the patch from the Members Area, extract the files and upload to your webserver, overwriting the existing files. There is no upgrade script required. As with all security-based releases, we recommend that all...

I am happy to announce that vBulletin 4.1.5 is now available to be downloaded from the vBulletin Members Area at: http://members.vbulletin.com [SIZE=3]Important We had envisaged to incorporate an updated mobile style for 4.1.5, however development and QA to get the product to a sufficient level of quality has taken a longer period of time than we had initially envisaged, and we are not sufficiently satisfied with the style yet in its current state. We are targeting to incorporate this product in version 4.1.6. We apologize in advance for any inconvenience this may cause. vBulletin 4.1.5 includes: [SIZE=3] Mobile App Identifier If you are using the Mobile Apps for the site, you can now see if a post was made using a mobile...

[SIZE=4]vBulletin Publishing suite and Forum Classic 4.1.4pl2 4.1.3pl2 4.1.2pl2 4.1.1pl2 4.1.0pl4 4.0.8pl4 4.0.7pl2 4.0.6pl3 4.0.5pl2 4.0.4pl3 4.0.3pl3 4.0.2pl6 4.0.1pl2 4.0.0pl3 Has been released. An additional flaw within a side query that is used in the search UI has recently been discovered. This is further to a previous patch that was issued. This flaw may enable malicious individuals to inject sql that would allow you to run arbitrary queries on the db via this exploit. To resolve this issue, it has been necessary to release a patch level version on all versions of vBulletin 4.X. The issue does not affect vBulletin 3.X to the best of our knowledge. We are not aware of a website that has been compromised by this flaw. The...

vBulletin.com is now powered by an updated version of vBulletin 4.1.5 Beta vBulletin 4.1.5 Beta 1 is also now available as a download to all active customers. This release can be downloaded from the vBulletin Members Area at: http://members.vbulletin.com Please note: We do not provide support for Beta versions Some minor bugs remain unresolved at this time, and we do not recommend Beta software to be installed on production sites. We always recommend that you back up your database fully before attempting to install Beta software. More Bug fixes will be added to the final 4.1.5 release vBulletin 4.1.5 includes (this may change before the final release): [SIZE=3]Mobile App Identifier If you are using the Mobile Apps for the site, you...

Announcement and Instructions: Earlier last month the vBulletin team was notified of an indirect, low-risk security exploit vector that could potentially be used to maliciously trick users into providing account sensitive information to non-authorized parties. Please see the original notice for more information:https://www.vbulletin.com/forum/show...hishing-Vector While the security risk is low, we have taken the report very seriously and incorporated additional security functionality into the vBulletin product to safeguard your site and prevent any attempts at malicious phishing activity. After successful installation of the patch, no configuration or activation will be required and the new security check will work automatically to...

I am happy to announce that vBulletin 4.1.4 is now available to be downloaded from the vBulletin Members Area at: http://members.vbulletin.com vBulletin 4.1.4 includes: [SIZE=3]CKEditor This is a tool that can be used to help convert styles from vBulletin 3 sites to vBulletin4. [SIZE=3]Bug Fixes/Improvements Here is a list of the major bug fixes/improvements included in this release. A full list of issues fixed are available HERE. Issues [LIST] CMS HTML Editor Buggy as Hell WYSIWYG Editing not available for Opera browser users Switch to Editor Mode Causes Article Text to Disappear Retrieve remote image fails. insert table not working Cookieless browsing issue for Apply in CMS editor insert table not working IE6 RTL: Tags field in...

Yahoo YUI Security Exploit We have been notified of a potential, but unconfirmed exploit in vBulletin 3 and 4 (all versions) via the Yahoo YUI component library. To rectify this issue we have released a patch for the latest version of vBulletin 3 and vBulletin 4, vBulletin 3.8.7 and vBulletin 4.1.3. Forthcoming vBulletin 4.1.4 will not be affected. As such, we have released: vBulletin Publishing Suite 4.1.3 PL1 vBulletin Forum Classic 4.1.3 PL1 vBulletin Forum Classic 3.8.7 PL1 [SIZE=3]Upgrade Process The upgrade process is the same as previous patch level releases - simply download the patch from theMembers Area, extract the files and upload to your webserver, overwriting the existing files. There is no upgrade script required. As...