vBulletin Announcements

This is an unstable Beta Release of the software. It is not recommended to be used on production systems at this time. Today we're proud to release of vBulletin 5.1.0 Beta 1. It is available to all customers with a valid vBulletin 5 Connect license. Our goal with this version is to primarily focus on returning the Article publishing functionality of the vBulletin 4 Publishing Suite. To do this we needed to port the functionality and recreate it within the vBulletin 5 database structure and APIs. Along with this we wanted to make sure that your existing articles are imported in a way that makes sense to you and your users without needing a lot of reconfiguration from you to get started. Article Publishing Channels During the transition...

It has come to our attention that there is a security issue in the uploader.swf file included as part of the Yahoo User Interface (YUI) library included in vBulletin 4. As the version of YUI included in vBulletin is end-of-lifed, Yahoo will not be fixing this issue. Their recommendation is to remove the file from your server. We recommend that you replace this with an empty file of the same name (attached). What this will do is force vBulletin to use a fallback javascript based uploader which is already provided in your system. See: http://yuilibrary.com/support/20131111-vulnerability/ The vulnerable file is also present in the vBulletin 5 download package though not used by the vBulletin 5 front-end. We recommend that you delete the...

This is an unstable Alpha Release of the software. It is not recommended to be used on production systems at this time. Today we're proud to release the Alpha of vBulletin 5.1.0. It is available to all customers with a valid vBulletin 5 Connect license. Our goal with this version is to primarily focus on returning the Article publishing functionality of the vBulletin 4 Publishing Suite. To do this we needed to port the functionality and recreate it within the vBulletin 5 database structure and APIs. Along with this we wanted to make sure that your existing articles are imported in a way that makes sense to you and your users without needing a lot of reconfiguration from you to get started. During the transition to vBulletin 5, a few...

Here is some updated information on our recent security issue that I have been asked to pass on to you. The following is an update regarding the previously reported attack on vBulletin.com and vBulletin.org. The assessment of the attack has been completed and we wish to assure the community of vBulletin site operators and users that such attacks were not due to any inherent security vulnerability in the vBulletin software, including any zero-day vulnerability. Based on our assessment, the attack was conducted by malicious hackers leveraging log-on data for servers on vBulletin.com and vBulletin.org to unlawfully gain access to user tables. No other vBulletin.com web servers were impacted. Following discovery of the attack, all...

This is an important message about your account. We take your security and privacy very seriously. Very recently, our security team discovered sophisticated attacks on our network, involving the illegal access of forum user information, possibly including your password. Our investigation currently indicates that the attackers accessed customer IDs and encrypted passwords on our systems. We have taken the precaution of resetting your account password. We apologize for any inconvenience this has caused but felt that it was necessary to help protect you and your account. To regain access to your account: Visit the vBulletin forums at http://www.vbulletin.com/forum/settings/account Enter in your existing password followed by your new...

Anexploit vector has been found in the vBulletin 4.1+ and 5+ installation directories. Our developers are investigating this issue at this time. If deemed necessary we will release the necessary patches. In order to prevent this issue on your vBulletin sites, it is recommended that you delete the install directory for your installation. The directories that should be deleted are: 4.X - /install/ 5.X - /core/install After deleting these directories your sites can not be affected by the issues that we’re currently investigating. vBulletin 3.X and pre-4.1 would not be affected by these issues. However if you want the best security precautions, you can delete your install directory as well.

vBulletin 4.2.2 is NOW AVAILABLE for download. The feedback thread for the 4.2.2 release is HERE for our licensed customers. vBulletin 4.2.2 is a maintenance release primarily focused on php 5.4 compatibility issues, as well as a few other important fixes for Facebook, PayPal & MAPI updates for Mobile 1.5 The release contains: * Many fixes for php 5.4 compatibility. * MAPI updates for Mobile 1.5 * Facebook updates due to changes by Facebook * PayPal updates due to changes by PayPal. * Update to recognise IE11 User Agent * Fix Import/export of Navigation Manager (Open new page flag) * A couple of security updates in the installer & Forum Runner. * Added the Panjo online community marketplace plug-in. * A number of other major bugs...