vb.org Archive
Page 52 of 70 « First 2425051 52 535462 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.8 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=235)
-   -   Chat Modifications - [DBTech] vBShout v6 (vB3) [AJAX] (https://vborg.vbsupport.ru/showthread.php?t=241651)

DragonByte Tech 03-24-2012 01:07 AM
vBShout v6.0.5:
Fix: Work-around for the "broken characters" some people were experiencing after upgrading to vBShout 6.x
Change: Changed the content type for the data sent back to the server to application/json - this should also mean less confusing error messages.

Fillip

cowcowcow 03-24-2012 02:10 AM
Fillip u need to read your PM asap

my site just got hacked because of a vulnerability in the db-tech shout and they will probably be targeting other vb forums now.

I also can no longer log into the db website through facebook.

Edit: I realised u released a security fix. But i have to RENEW MY LISECNESE and pay double just to get it fixed? I can only download the old version, which has the securty expoit which caused my site to be hacked

Is there something im missing because this is clearly wrong.

DragonByte Tech 03-24-2012 02:28 AM
Quote:
Originally Posted by cowcowcow (Post 2312729)
Fillip u need to read your PM asap

my site just got hacked because of a vulnerability in the db-tech shout and they will probably be targeting other vb forums now.

I also can no longer log into the db website through facebook.
We notified people of this via vb.org and DBTech, and provided a fix within a couple of hours of the exploit going public. A notice about it was also posted on vbulletin.com

The fix has been on vb.org since the vulnerability was made public.

https://www.vbulletin.com/forum/show...-Addon-vBShout

http://www.dragonbyte-tech.com/f77/v...831/#post39342

You should ALWAYS try to keep your mods up to date for this reason.

Iain

cowcowcow 03-24-2012 02:46 AM
well its only been 2 days. im not angry at all about that, its my responsibility to keep up to date with thats going on.

What im angry about is u providing a faulty product which has damaged my server. and even after that not providing a fix and asking me to PAY for it. for instance vbulletin ALWAYS provides security fixes if their product was faulty to begin with.

This is the most absolute basic expectation and i cant believe ure going to make me pay an addiitonal $44.95 instead of providing the fix for the security flaw, after it caused my server to be hacked.


Vbulletin - products will still be eligible for patches for known Security Vulnerabilities until it is determined that there is insufficient usage

Anyway we just compared the lite version 6.0.3 and 6.0.4 to find the difference and we had already addressed it, it was a simple fix which is why this is so remarkable because it is pretty irresponsible to have such a security flaw (AND A SIMPLE ONE) only be fixed for the present version... you should at least give instructions for what is broken for everyone else

DragonByte Tech 03-24-2012 03:06 AM
Quote:
Originally Posted by cowcowcow (Post 2312737)
well its only been 2 days. im not angry at all about that, its my responsibility to keep up to date with thats going on.

What im angry about is u providing a faulty product which has damaged my server. and even after that not providing a fix and asking me to PAY for it. for instance vbulletin ALWAYS provides security fixes if their product was faulty to begin with.

This is the most absolute basic expectation and i cant believe ure going to make me pay an addiitonal $44.95 instead of providing the fix for the security flaw, after it caused my server to be hacked.


Vbulletin - products will still be eligible for patches for known Security Vulnerabilities until it is determined that there is insufficient usage

Anyway we just compared the lite version 6.0.3 and 6.0.4 to find the difference and we had already addressed it, it was a simple fix which is why this is so remarkable because it is pretty irresponsible to have such a security flaw (AND A SIMPLE ONE) only be fixed for the present version... you should at least give instructions for what is broken for everyone else
You will notice that there is a "Until it is determined that there is insufficient usage" qualifier there for vBulletin versions - what this means is they do NOT go back and apply the update to EVERY version, only to versions they have determined a certain percentage of users are on - usually this is only the LATEST version of the product branch.

That is the same situation for us - the vast majority of our users are able to access the latest version, and those who aren't are spread over so many versions it would be impossible to update them all.

It is standard practice to require users to stay up to date with updates for software to receive updates and fixes, including security fixes. This goes for the majority of software, especially for small companies such as ours.

We have put the fix we added in the news thread for the security issue for the few users in the same situation as you, but please note we obviously cannot guarantee that fix will work on older versions and you continue to use them at your own risk.

No software is ever completely secure or bug-free, you should be aware that by deliberately running out of date software you will always be running that risk, just like people still running version 3.0 or 3.5 of vBulletin for instance.

You can see an example of vBulletins policy here: https://www.vbulletin.com/forum/show...ing-quot-patch

You will notice they did not update vB 4.0.1, 4.0.2, 4.0.3 etc, only the latest versions of the 4.X and 3.X series. This is despite the vulnerability being in all versions of vBulletin 3.X and 4.X

Iain

Megareus Rex 03-25-2012 06:45 AM
I just upgraded to the latest version, and I have a problem now. Every few seconds, when my browser is on the page with the shoutbox, it lags for a moment, bogging down anything I'm doing in the browser. Something in the update apparently isn't well optimized, or is causing a lot more of a load on my browser (IE9) than the older version of this shoutbox. (5.4.7, I think? something like that)

Any ideas on how to fix this issue?

DragonByte Tech 03-25-2012 01:05 PM
If you have the IE7 Compatibility Header turned on in vBulletin Options, try turning that off :)


Fillip

Megareus Rex 03-25-2012 08:11 PM
Quote:
Originally Posted by DragonByte Tech (Post 2313115)
If you have the IE7 Compatibility Header turned on in vBulletin Options, try turning that off :)


Fillip
Yeah, they were turned on, and turning it off seems to have fixed that.

Although there's still a bit of lag when the shoutbox updates on IE9. Enough to disrupt scrolling or choosing from a dropdown menu. Any other ideas of what can be done to optimize it further? Any other vB settings that could be causing it on just IE?

DragonByte Tech 03-25-2012 08:21 PM
Not to my knowledge, unfortunately :(


Fillip

DragonByte Tech 03-25-2012 09:45 PM
vBShout v6.0.6:
Fix: XSS vulnerability in Shout Reports

Fillip


All times are GMT. The time now is 08:47 AM.
Page 52 of 70 « First 2425051 52 535462 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01653 seconds
  • Memory Usage 1,752KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (3)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (3)pagenav_pagelinkrel
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete