https://vborg.vbsupport.ru/showthread.php?t=316514

The link above cannot be posted on so I need to ask a question about this.

If you're using a version of vBulletin 3 older than 3.8.7, it is recommended that you upgrade to that version as soon as possible.

I do not have access to download that version for one of my sites, I already have 3.8.4 PL2 installed, am I going to be ok?

According to the post, no.

If you're using a version prior to 3.8.7, then you should follow standard upgrade procedures.

Patches available:
vBulletin 3.8.7 PL5
vBulletin 3.8.8 PL1

vBulletin 3.8.9 Beta has been updated with the fix.

So anything below 3.8.7 PL5 is vulnerable.

So, I need to buy vb5 to get security update for my 3.8.4 site or do I just shut it down?
I can upgrade to 3.8.6 PL1 but its not secure either?

Anything below 3.8.7 PL5 is what they consider not supported. So they do not make security patches for it.

It sucks as a end user, but the amount of work involved to make a patch for every version released, is just to much.

So the amount of dollars was enough for me to buy the four license I currently have with only one updated to 3.8.8 by buying 4.0 vbulletin.

vbulletin should allow all license holders to be able to upgrade to the latest secure version of their version series if there is a security issue of this level.

I think this is totally unacceptable.

I know this has nothing to do with you Chris, I am just venting and you happen to be the one that replied to my thread.

I know brother, and I can feel your pain. But to be honest, this is a standard practice with just about any software. :(

I don't mind the venting, I am used to being the sounding board. :)

FWIW I just installed patch 3.8.8 PL1 on my 3.7.5 forum and haven't noticed any issues.

Yeah he figured it out, made the changes manually in the files. :)

To be honest, the chances are you can apply the 3.8.7 patch to 3.8.4 without issue.

There are no guarantees but it will probably be ok.

I don't see why not, but if you know what you are doing, you can make the changes manually.

vbulletin should allow all license holders to be able to upgrade to the latest secure version of their version series if there is a security issue of this level.

I think this is totally unacceptable.

You are entitled to your opinion of course, but the fact is its perfectly normal and acceptable not to patch old versions of software. The current version of vB3 is 3.8.8, however, it was decided to patch 3.8.7 as well, because that is the maximum version people with old vB3 licences [only] could access. Anyone with a vB4 or vB5 licence can access any vB3 version.

To be honest, the chances are you can apply the 3.8.7 patch to 3.8.4 without issue.
In the case of the modcp update, that global.php file hasnt really changed much across all versions of 3.8.x (and indeed, 3.7.x and 3.6.x). You could almost certainly plug the 3.8.7 version into any of them ok.

I had a user tell me that he used the 3.8.7 patch on his 3.8.6 site and it worked fine. If you try to do something like that, make sure you keep a copy of each of the files you replace.

I manually updated without issue and yepper I did save a copy before doing so.

@Paul, you said:

it was decided to patch 3.8.7 as well, because that is the maximum version people with old vB3 licences [only] could access.

I have one 3.8 lic that I can only download up to version 3.8.5 and another up to 3.8.6 Patch Level 1.
If what you are saying is correct, would you please edit my account so I may download 3.8.7 on those two license?

He is saying that is the *maximum* version that the 3.x users were able to get. They would have been able to get that version if they purchased the extension that was offered for 3.x license holders after they started to sell the vB4 Licenses.

If what you are saying is correct, would you please edit my account so I may download 3.8.7 on those two license?
Sorry, but I cannot do that.

I think you have misunderstood slightly, what I siad was that is the max version anyone with a vb3 licence could ever download - that doesnt mean they all can.

I tried....

Anyone with a vB4 or vB5 licence can access any vB3 version.
You know that's not strictly true, right? I have a vB4 licence. I can only download up to vB 3.8.5. If your license expired right when the two were being updated simultaneously, you have a gap in your downloads area. :(

You know that's not strictly true, right? I have a vB4 licence. I can only download up to vB 3.8.5. If your license expired right when the two were being updated simultaneously, you have a gap in your downloads area. :(

If you actually purchased a vBulletin 4 license, then you will have access to all versions of vB3.

If you happen to have a vB3 license that just happens to also give you access to early versions of vB4, that's not the same thing as a vB4 license and so no, it won't.

You know that's not strictly true, right? I have a vB4 licence. I can only download up to vB 3.8.5. If your license expired right when the two were being updated simultaneously, you have a gap in your downloads area. :(

Then you don't have vBulletin 4 license.

You have a vBulletin 3 license, which gave you access to vBulletin 4 per the terms of the license agreement.

You know that's not strictly true, right? I have a vB4 licence.
I know its 100% true, if you have a vB4 licence - you dont, you have a vB3 licence.

Isn't this semantics, guys? You're basically saying I have a 4.0 forum, and every legal right to run one, but I don't have a vB4 licence. How does that make any kind of sense?

The reason I bring it up, is because you don't distinguish that (that there's a way to have a vB4 board, but it doesn't count as a vB4 license unless it's current), or attempt to ascertain that, when you tell people that having a vB4 license gives you access to everything prior. There's 0 reason why anyone in my situation would be able to glean the distinction your making. And I think it's an important one.

The license you purchase has an agreement with it.

You purchased your license during the vBulletin 3 era, which its license allowed for access to the software from the date of purchase plus 12 months. Before the end of term, or after the end of term, you had the option to purchase a renewal to extend that access for another 12 months. When the vBulletin 4 license was released, we removed the ability to purchase that renewal.

However, since you're on a "classic" or "legacy" license, you're still tied to that license agreement and terms. It did allow you to get access to any versions of vBulletin forum that were released while your license was active. Which would include early versions of vBulletin 4.

The decision to use, or upgrade to vBulletin 4 was on you. If you wanted continued updates, you should have been aware you would have needed to purchase an upgrade.

There is a reason we specific vBulletin 4 license, it is not the same as the classic license.

Does this mean my 3.7 lic is still eligible to upgrade for $35?

No, we discontinued the renewal program a long while ago.

The license you purchase has an agreement with it.

You purchased your license during the vBulletin 3 era, which its license allowed for access to the software from the date of purchase plus 12 months. Before the end of term, or after the end of term, you had the option to purchase a renewal to extend that access for another 12 months. When the vBulletin 4 license was released, we removed the ability to purchase that renewal.

However, since you're on a "classic" or "legacy" license, you're still tied to that license agreement and terms. It did allow you to get access to any versions of vBulletin forum that were released while your license was active. Which would include early versions of vBulletin 4.

The decision to use, or upgrade to vBulletin 4 was on you. If you wanted continued updates, you should have been aware you would have needed to purchase an upgrade.

There is a reason we specific vBulletin 4 license, it is not the same as the classic license.
Did I ever suggest otherwise?

I explained why it makes sense for you to have access to the vBulletin 4 source code, but not be on a vBulletin 4 license.

I explained why it makes sense for you to have access to the vBulletin 4 source code, but not be on a vBulletin 4 license.
And I grasp that. I'm just pointing out that it's not something apparent to those of us caught in that situation just from looking at the downloads in our Members Area. I'm only talking about the clarity of that information. Devoid of whether I think it's fair or not.

Well it was announced long ago.

http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/323379-some-answers-to-important-licensing-questions?t=315681&goto=newpost

https://vborg.vbsupport.ru/showthread.php?t=221106

And IIRC, there was a eBulletin sent out about it also, but I can not say for sure.

Well it was announced long ago.

http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/323379-some-answers-to-important-licensing-questions?t=315681&goto=newpost

https://vborg.vbsupport.ru/showthread.php?t=221106

And IIRC, there was a eBulletin sent out about it also, but I can not say for sure.
Specifically, I'm referring to how the 3.x series continued for a short time after 4.0 was released. I don't recall anyone foreseeing that eventuality in order to announce it. I didn't see this particular announcement, but I went ahead and assumed it was the case just based on precedent. I didn't even realize it was under question that 3.x users with an active license might not get in on the 4.x series. I had just assumed it would happen the way it happened, sans the simultaneous development.

I do get the distinct feeling that people think I'm complaining about something I'm not.