vBulletin 3.0.5

[polonyc2]

this question is directed more towards CJ (or maybe another mod knows the answer as well)...I was just curious if ABX will be upgrading to the newly released vBulletin 3.0.4...I hear it fixes a lot of bugs that are in the current version

Edit by PCB: Latest version is now 3.0.5, and it is considered a "critical" update. See post #6 in this thread for more info.

[CrowdAds]

[SubZero]

I'm not aware of any plans to do this but I'm sure CJ will have a look at the changes. If there are any worthwhile fixes I'm sure we would upgrade.

[sammy2066]

i dont find much bugs in this version .... but in the process though, if we can give the site a new look and actually "implement" the new design contest thingi ... then it would be nice ....

[KingTermite]

Looks like they are on 3.0.5 now.
http://www.vbulletin.com/forum/showt...?postid=791268

[polonyc2]

Quote:

Originally Posted by sλmmy2066

if we can give the site a new look and actually "implement" the new design contest thingi ... then it would be nice ....

Wow..I completely forgot about that design contest...what happened with the new design??...there were some nice design submissions if I remember...

[polonyc2]

Quote:

Originally Posted by KingTermite

Looks like they are on 3.0.5 now.
http://www.vbulletin.com/forum/showt...?postid=791268

The discovery of a serious security vulnerability in versions of vBulletin 3 up to and including 3.0.4 has necessitated the immediate release of a version to plug the hole.

The vulnerability affects anyone running vBulletin 3 on PHP 4 with register_globals enabled in php.ini.

This is a CRITICAL update, and urge all affected customers to upgrade vBulletin with the utmost urgency.

[KingTermite]

Quote:

Originally Posted by polonyc2

The discovery of a serious security vulnerability in versions of vBulletin 3 up to and including 3.0.4 has necessitated the immediate release of a version to plug the hole.

The vulnerability affects anyone running vBulletin 3 on PHP 4 with register_globals enabled in php.ini.

This is a CRITICAL update, and urge all affected customers to upgrade vBulletin with the utmost urgency.

Yes, I remember that. I posted a news article on it.

Although, I thought the (root) problem was with PHP, although programs that use PHP may be able to plug the hole another way.

[RAINFIRE]

Quote:

Originally Posted by KingTermite

Yes, I remember that. I posted a news article on it.

Although, I thought the (root) problem was with PHP, although programs that use PHP may be able to plug the hole another way.

Heh - any proggies that use register_globals on in php probably has the vulnerability. Like osc2nuke that I'm running. That's why it is default off now. Of course in vBulletin's forums they were dissing nuke because it was vulnerable (before their fix)

[KingTermite]

Quote:

Originally Posted by RAINFIRE

Heh - any proggies that use register_globals on in php probably has the vulnerability. Like osc2nuke that I'm running. That's why it is default off now. Of course in vBulletin's forums they were dissing nuke because it was vulnerable (before their fix)

Right....but what I mean is the "root" of the problem is in PHP itself. PHP is a language...so by itself its nothing. That's why "programs" that use it have the problem.

[PCBruiser]

polonyc2, I edited the thread title and added a comment in your first post just to highlight that the latest version is 3.0.5. I think this is something we should also do ASAP, but it needs testing first. One of the issues is whether we would have to redo the data base for ABX, I don't know the answer to that personally; but, if we do that is a big job, and ABX might have to be off-line during that process. In any case, it should be done to reduce our vunerabilities and add new bug fixes. I suppose CJ ought to check if a newer version is scheduled for release in the near future also. It would be a shame to go through all the work, only to have to do it again.

[sammy2066]

i like new versions ....

[Bofinn]

Quote:

Originally Posted by sλmmy2066

i like new versions ....

we actually have a custom application named versions, that checks what package versions have been installed by SMS...

[polonyc2]

vBulletin 3.0.6 and 2.3.6 are security and bug fix releases. They fix a recently discovered XSS issue regarding BB code parsing.

All versions of vBulletin prior to 3.0.6 and 2.3.6 are vulnerable. The only workaround is to disable BB code parsing in signatures and all forums where untrusted users can post.

*with all the recent security fixes, it seems like an even better reason for ABX to upgrade...I don't think most members would mind a little downtime to plug some critical security holes...better a little downtime rather then a major shutdown of the site

http://www.vbulletin.com/forum/showthread.php?t=127027

[CJ]

FWIW,

I do install the security fixes. I just have not yet installed the full version. It is on my to do list and my goal is to get vb updated by the beginning of February.

CJ

[sammy2066]

sounds good CJ .....