vBulletin 3.6.7

As much as we hate to spring another upgrade on you all so soon after the release of vBulletin 3.6.6, an XSS flaw was identified today and in order to maintain our commitment to fix security problems as soon as we become aware of them, we have to release 3.6.7 and a patch for older versions.

All versions of vBulletin 3.6 prior to 3.6.7 are vulnerable to the XSS. vBulletin 3.5.x and 3.0.x are not affected.

To minimize the pain of another upgrade, there are no changed templates since 3.6.6 and no database schema changes, so the upgrade should be as simple and quick as possible.

Since we have fixed several bugs since vBulletin 3.6.6 was released, these fixes are also incorporated in this version and include amongst others:

RTL support for date picker popup (http://www.vbulletin.com/forum/project.php?issueid=22020)
Fixed HTML for archive forum lists (http://www.vbulletin.com/forum/project.php?issueid=22008)
MySQL error while merging users fixed (http://www.vbulletin.com/forum/project.php?issueid=22031)
Smilie parsing error fixed (http://www.vbulletin.com/forum/project.php?issueid=22015)
PHP 5.0.5 errors fixed (http://www.vbulletin.com/forum/project.php?issueid=22035)
Hard-coded image paths fixed (http://www.vbulletin.com/forum/project.php?issueid=22021)A complete list of bugs fixed in the 3.6 branch is available in the project manager (http://www.vbulletin.com/forum/project.php?s=&do=issuelist&projectid=6&sortfield=lastpost&sortorder=&issuetypeid=bug&appliesgroupid=7&issuestatusid=4).

Please accept our apologies for bringing out a new version just days after the previous release. We're sorry.

Fixing the XSS Bug

The XSS problem can be resolved in one of three ways.

Full Upgrade: The best way to fix the problem is to perform a full upgrade, downloading the complete 3.6.7 package from the vBulletin Members' Area (http://members.vbulletin.com/) and following the regular upgrade instructions (http://www.vbulletin.com/docs/html/upgrade?manualversion=30607500). This is the only option that will not only fix the XSS issue, but will also apply all the bug fixes made since the release of 3.6.6.
Patch: A second option is to download the patch files either in the Members' Area (http://members.vbulletin.com/patches.php) or attached to this thread and upload them to your web server, overwriting the existing files.
Patch file: 366_patch.zip
Plugin: The plugin built into vBulletin 3.6 allows the problem to be fixed with a simple plugin. The install file for this plugin is also attached to this thread and is the easiest way to fix the problem, as it does not require you to upload any files via FTP. The plugin will be automatically removed when you perform your next full upgrade. You can install the plugin by following the instructions here (http://www.vbulletin.com/docs/html/import_product?manualversion=30607500).
Plugin File: vb_calendar366_css_fix_plugin.xmlPlease note the following:

The plugin can be used with any previous version of vBulletin 3.6
The patch can only be applied to vBulletin 3.6.4, 3.6.5 or 3.6.6
You may perform a full upgrade to vBulletin 3.6.7 from any previous version of vBulletin 3.You can read more at the original thread on vBulletin.com: vBulletin 3.6.7 Released (http://www.vbulletin.com/forum/showthread.php?t=229950)

aww upgrading again. oh well thanks :D

Yippee.. another upgrade! :)

Thanks, upgrading now... :)

Arg! I will upgrade Web City again. https://vborg.vbsupport.ru/

upgrading :)

Ok installed and running. Regards

Ah! I just upgrade my forum today & now planning to sleep :(. Gosh they don't sleep & let us sleep :p.. Anyway upgrading now.

Ug!

_V

Oh dear :(

Best fix sooner rather than later though eh

Can you attach the plugin to this thread?

Can you attach the plugin to this thread?

Full Upgrade: The best way to fix the problem is to perform a full upgrade, downloading the complete 3.6.7 package from the vBulletin Members' Area (http://members.vbulletin.com/) and following the regular upgrade instructions (http://www.vbulletin.com/docs/html/upgrade?manualversion=30607500). This is the only option that will not only fix the XSS issue, but will also apply all the bug fixes made since the release of 3.6.6.
Patch: A second option is to download the patch files either in the Members' Area (http://members.vbulletin.com/patches.php) or attached to this thread and upload them to your web server, overwriting the existing files.
Patch file: 366_patch.zip
Plugin: The plugin built into vBulletin 3.6 allows the problem to be fixed with a simple plugin. The install file for this plugin is also attached to this thread and is the easiest way to fix the problem, as it does not require you to upload any files via FTP. The plugin will be automatically removed when you perform your next full upgrade. You can install the plugin by following the instructions here (http://www.vbulletin.com/docs/html/import_product?manualversion=30607500).
Plugin File: vb_calendar366_css_fix_plugin.xml

for some reason i dont see any attachments...

Go to http://www.vbulletin.com/forum/showthread.php?t=229950 for attachments.

aww, another upgrade :(

Can you attach the plugin to this thread?

This site is not for supporting direct upgrades of vBulletin... you have to go to the official website, have your license updated...

-- please other members, don't fall in the trick of a request... if the guy does not see the attachments, it is because he is not licensed... not us to deal with that

I just added the plug in...whoelse did this?

Just did the plugin as well. Still at 3.6.4
At this rate, I can wait till 3.7.

I haven't even upgraded to 3.6.6 yet! :mad:

I have put the plugin on for now, full upgrade either later tonight or tomorrow, as I have half a dozen code changes to make and I have to be in the mood. :D

is this a friggin joke

is this a friggin joke

Don't think so!

I'm staying on 3.6.5 for the time being (it works fine, so I'm not going to stuff around with it). Not to mention all the mods and template edits I've made. When I take a week off work in a couple of months, I will think about upgrading then. :(

I'm still on 3.6.4...and nervous as h-e-double hockey sticks about upgrading! I don't wanna! So, for the time being, I'm staying where I'm at...unless someone would kindly volunteer to hold my hand through it.:p

Do i have to install all the files in the upload folder ? Can you just tell me what changed so i can only upload them ones ?

DM

http://www.vbulletin.com/forum/showpost.php?p=1355029&postcount=3

Ill just overwrite these ones

DM I doubt that anyone except the developers know exactly what changed in each file. This is why I hardly ever use hacks that require me to edit the php files. You're going to run into this everytime.

i just used the plugin

Upgraded to 3.6.7 last night & waiting for 3.6.8 http://img503.imageshack.us/img503/7449/yikesft3.gif

Ive learned a big lesson here after the 3.6.6 update i had 10 Templates that needed updated things seemed to be working fine and i went in to the templates and had no idea what was going on so i just sweep them under the rug ,,,, in the mean time i made some minor changes here and there and 3 of the 10 left the que at the time i was like cool ..... Well then today all **** hit the fan cant stay logged in and last vistied date was like 5 years ago all forums showing read ARGHHHHHHHH so i upgraded to the 3.6.7 with the quickness and it didnt fix anything , so then i cowboyed up and started clicking around in the out of date templates and finnaly learned how to read the compairison thing then i updated the remaining 7 templates this way and my site took off Speed wise and things got better how ever i still have some issues and i cant get the 3 templates back on there to run the compairison thing so i can make the changes , I have ran the check for out dated templates and nothing I have also un installed vbSEO as i couldnt get it to work on my server cause of .htaccess issues My boards sitill a little messed up Loging out users and intermittingly messing up the last vistited witch effects the forums read feature , Hoping for version 4.0 and all templates get edited so i can catch them 3 back up , Ive been in touch with the .com peeps and they want me to Revert all templates ...LOL yeah right thats like a last ditch effort thing .

To any newbies like me out there DO NOT ignore the Out of Date Templates

DM

Sometimes you have to learn the hard way ;)

Well With your Help I backed up before i installed the 3.6.7 So I have 2 back ups one right before the 3.6.5 upgrade , PM me on DB about how to apply a back up if i have to ;)

Upgrade my test boards and working again to update all my free skins from 3.6.4 to 3.6.7 opps!!

...

Installed easily :)

To all the people who said they're not bothering to update....they DID read the part about the WHOLE 3.6.x line having the same flaw right? It didn't just crop up in 3.6.6 it goes all the way back to the initial gold release....I hope people are patching at the very least and 3am has me reading most of page 2 wrong :p

thanks.upgrading...

Installed patch and .xml file. Ive messed my site up two many times to try something now, so ill wait to upgrade.:)

Cool, I love upgrading

Cool, I love upgrading

I agree, there's nothing more satisfying than updating scores of templates (in my case 85). :)

-- please other members, don't fall in the trick of a request... if the guy does not see the attachments, it is because he is not licensed... not us to deal with thatPlease don't post assumptions on things you know nothing about. You might want to remember that unlicensed members cannot post in this forum.

Web City Forum Online upgrade completed succesfully, one time again! https://vborg.vbsupport.ru/

DM I doubt that anyone except the developers know exactly what changed in each file. This is why I hardly ever use hacks that require me to edit the php files. You're going to run into this everytime.

I learned the hard way to keep a roster of all "Hacks" installed, marking the ones that require php.file edits in "large bold red text" ;)


_V

thanks,
hope that no more critical bugs will be on! (at least for next month)

For those that already have downloaded vBulletin 3.6.7 before this post, please see vBulletin released additional update for 3.6.7 (https://vborg.vbsupport.ru/showthread.php?t=147395)

thanks,
hope that no more critical bugs will be on! (at least for next month)
Sorry :D

Hehe Marco. Anyway thanks. Patched!

added the patch Latest version available: 3.6.7 PL1 shows at the top..guess its ok. should i reinstall the plugin?

what does PL stand for :erm:

64421

PL = Patch Level

lol update again....
all ok

upgrading later tonight =)

Updated my site to vb3.6.7. But i think the site loading speed has become slow, compared to vb3.6.6.

Updated my site to vb3.6.7. But i think the site loading speed has become slow, compared to vb3.6.6.

Thats what people said on 3.6.6 from 3.6.5

PL = Patch Level

ah, thank you :)

so will 3.6.8 be out soon ?

ah, thank you :)

so will 3.6.8 be out soon ?

* Shazz predicts 3 months

/me predicts 1 month

* Ohiosweetheart predicts next week. if not today.

Updated my site to vb3.6.7. But i think the site loading speed has become slow, compared to vb3.6.6.
It has. It site loading slowed with the upgrade to 3.6.6 and even slower with 3.6.7 :rolleyes:

Last two days I have done this with my server/site...

1. Upgraded to PHP 5.2.
2. Upgraded to vBulletin to 3.6.7 (reinstalled my style and redone all my template edits).
3. Upgraded vBGallery 2.2.
4. Installed Xcache.

All of it went surprisingly and incredibly smooth, and my site has been running faster and smoother than ever, and all error free. :)

Last two days I have done this with my server/site...

1. Upgraded to PHP 5.2.
2. Upgraded to vBulletin to 3.6.7 (reinstalled my style and redone all my template edits).
3. Upgraded vBGallery 2.2.
4. Installed Xcache.

All of it went surprisingly and incredibly smooth, and my site has been running faster and smoother than ever, and all error free. :)

XCACHE? What does that do?

Last two days I have done this with my server/site...

1. Upgraded to PHP 5.2.
2. Upgraded to vBulletin to 3.6.7 (reinstalled my style and redone all my template edits).
3. Upgraded vBGallery 2.2.
4. Installed Xcache.

All of it went surprisingly and incredibly smooth, and my site has been running faster and smoother than ever, and all error free. :)

Must have been busy :)
Thats why you weren't on here much

Upgraded with zero issues.

XCACHE? What does that do?

PHP Cacher.

Must have been busy :)
Thats why you weren't on here much

Not that busy, really. I was doing other things in between, like being lazy on my days off. :p

Updated my site to vb3.6.7. But i think the site loading speed has become slow, compared to vb3.6.6.

There's a client_script fix for it but I don't know where to go and change it...

There's a client_script fix for it but I don't know where to go and change it...

mine also

PHP Cacher.



Not that busy, really. I was doing other things in between, like being lazy on my days off. :p
where do i get it from?

<a href="http://www.vbulletin.com/forum/showpost.php?p=1359096&postcount=7" target="_blank">http://www.vbulletin.com/forum/showp...96&postcount=7</a>

Um, sorry...I wasn't clear...I don't know where in my software to fix the client_script issue...do I go into the style manager or my ftp files and fix it...

Um, sorry...I wasn't clear...I don't know where in my software to fix the client_script issue...do I go into the style manager or my ftp files and fix it...

Your ftp files, specifically the vbulletin_global.js file in the clientscript directory.

You will also need to hard refresh your browser (and get your users to do the same)

Ok, I have 3.6.5 if I upgrade to the 3.6.7 will I have to re-do the templates that I've already had to alter? or will everything stay the same???

Ok, I have 3.6.5 if I upgrade to the 3.6.7 will I have to re-do the templates that I've already had to alter? or will everything stay the same???

Read the thread at vBulletin.com where its released and it will give you your answer

I just added the plug in...whoelse did this?

I added the plug in last week and it didn't blow up the site, but I wasn't having a problem as far as I could tell.

My site is on 3.4.5.