Welcome to smsmasters.co.uk!
The latest technology news and information updated daily since 2002.

You are currently viewing our community forums as a guest user. Sign up or
Having an account grants you additional privileges, such as creating and participating in discussions.

[RELEASE] vBulletin 3.0.6 and 2.3.6 Released

Discussion in 'Announcements' started by Admin, Jan 19, 2005.

Thread Status:
Not open for further replies.
  1. Admin Administrator

    vBulletin 3.0.6 and 2.3.6
    vBulletin 3.0.6 and 2.3.6 are security and bug fix releases. They fix a recently discovered XSS issue regarding BB code parsing.

    All versions of vBulletin prior to 3.0.6 and 2.3.6 are vulnerable. The only workaround is to disable BB code parsing in signatures and all forums where untrusted users can post.

    We strongly urge all customers to upgrade or patch their installations ASAP. At the end of this post, you will find a patch for the security issue for includes/functions_bbcodeparse.php (vBulletin 3) and admin/functions.php (vBulletin 2); overwrite the version on your server with the file in the appropriate zip.

    I would again like to reiterate that security is of our utmost concern. Recently, there have been several reports of security issues in vBulletin that have prompted the recent releases. We realize that these releases can be a burden on you. For that, we are sorry, but once we have become aware of a security issue, it is our duty to provide a fix to that issue. We are also performing internal security audits and looking into changes to our core systems to prevent issues such as these from occuring in the future.

    Performance Hit Since PHP 4.3.10 / 5.0.3

    Many people have noticed that vBulletin (any a lot of other PHP applications) suddenly started to run significantly slowed than normal after installing PHP 4.3.10 or 5.0.3 in order to patch the security flaw in previous versions of PHP.

    This cause of this slow-down has been identified as a problem with the unserialize() function in PHP. For more details, see bugs.php.net.

    This problem has now been fixed by the PHP developers, though the fixed version has yet to be released in a 'stable' version. However, the latest CVS snapshots of PHP 4.3.x and 5.0.x, available from snaps.php.net contain the fix and restore the original speed of unserialize().

    While we would not recommend running a 'dev' version of PHP on any production server, we understand that the performance problem has been a major issue for some people. If you are badly affected, you may want to consider running a 'dev' version of PHP at your own risk in order to overcome the performance problem.

    Backing Up Your Forums

    Please be sure to check your backups, that they are complete before continuing with an upgrade. We had reports that PHP was causing time out errors when creating the back up SQL, and this was causing for incomplete or corrupted backups. The safest way to do a backup is to use the mysqldump utility through SSH/Telnet, as it will not suffer from any such problems. Full instructions for backing up your database are available in the vBulletin 3 Manual.

    Installing or Upgrading vBulletin
    Please see the appropriate manual sections: Installing vBulletin and Upgrading vBulletin.
  2. Admin Administrator

  3. Admin Administrator

    Files Changed

  4. Admin Administrator

    Bugs Fixed

Thread Status:
Not open for further replies.

Share This Page