Go Back   vb.org Archive > News and Announcements > News and Announcements
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 11-02-2005, 12:03 AM
Andreas's Avatar
Andreas Andreas is offline
 
Join Date: Jan 2004
Location: Germany
Posts: 6,863
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default vBulletin 3.5.1, 3.0.10 and 2.3.8 released

The original purpose of this release was to provide a regular, scheduled bug-fix / service release for the new 3.5.x series, but newly discovered flaws in Internet Explorer and PHP have necessitated a security release for all three vBulletin branches.

The first flaw is in Microsoft Internet Explorer. It affects vBulletin image uploads and potentially opens a cross-site-scripting exploit. It has affected many web-based applications that allow image uploads, including phpBB and Hotmail. Although a fix from Microsoft would be preferable, we have implemented a work-around in all three branches of vBulletin to prevent the Internet Explorer flaw from being exploited.

The second flaw is in PHP and may allow the entry of unsanitized data into several areas in vBulletin. This may create security holes that are not directly caused by vBulletin, simply exploited through vBulletin as it uses affected PHP code. PHP 4.4.1 has been released to address this issue (no updated PHP5 is available yet). If you are running PHP 4, it is strongly recommended that you update your PHP installation to 4.4.1!

I'd just like to reiterate that neither of these flaws are directly related to vBulletin. Rather, they are flaws in software that ties into vBulletin. We are simply creating workarounds for these issues to prevent them from being exploited.

Patch files for vBulletin 3.5.x, 3.0.x and 2.3.x are attached to this thread, though we would recommend that you fully upgrade your board rather than simply patch it wherever possible. The zip files contain partial directory structures of the upload/ folder that would normally be found in the package you downloaded from the members' area. You should simply download the correct file for your board and extract it. Connect to your server via FTP and upload the contents of the zip file to your main board directory. This should overwrite files already on your server -- if it does not, then your board will not be patched!

All customers should upgrade or patch their boards as soon as possible.

Installing or Upgrading vBulletin (3.0.x/3.5.x)

Please see the appropriate manual sections: Installing vBulletin and Upgrading vBulletin.

Note that the process is the same as it was in the 3.0.x series. However you must redo your config.php if you are upgrading from 3.0.x!

Bug Reports (3.5.x)

You may report bugs by clicking here. Before reporting a bug, please attempt to recreate the bug on a default, uncustomized style (especially if your errors are JavaScript related). Additionally, if you have used the plugins/products system at all, please attempt to recreate the issue with the plugins system disabled!

Official Announcement: http://www.vbulletin.com/forum/showthread.php?t=161721
Reply With Quote
  #2  
Old 11-02-2005, 12:16 AM
calorie calorie is offline
 
Join Date: May 2003
Posts: 2,804
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Great, but where are the patch attachments?
Reply With Quote
  #3  
Old 11-02-2005, 12:17 AM
loonytune15's Avatar
loonytune15 loonytune15 is offline
 
Join Date: Mar 2003
Location: Loony Bin
Posts: 357
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks for the info, upgrading commencing.
Reply With Quote
  #4  
Old 11-02-2005, 12:22 AM
Andreas's Avatar
Andreas Andreas is offline
 
Join Date: Jan 2004
Location: Germany
Posts: 6,863
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

They are there now
Reply With Quote
  #5  
Old 11-02-2005, 12:46 AM
loonytune15's Avatar
loonytune15 loonytune15 is offline
 
Join Date: Mar 2003
Location: Loony Bin
Posts: 357
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

so are there only 2 files that have changed from vb3.5 to vb 3.5.1?
Reply With Quote
  #6  
Old 11-02-2005, 01:02 AM
Andreas's Avatar
Andreas Andreas is offline
 
Join Date: Jan 2004
Location: Germany
Posts: 6,863
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

No, a lot of files have been changed:

http://www.vbulletin.com/forum/showp...91&postcount=4
Reply With Quote
  #7  
Old 11-02-2005, 01:09 AM
Brandon Sheley's Avatar
Brandon Sheley Brandon Sheley is offline
 
Join Date: Mar 2005
Location: Google Kansas
Posts: 4,678
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

seems it may be just as fast to over right the old files with the new..
is this advisable ?
Reply With Quote
  #8  
Old 11-02-2005, 01:43 AM
TruthElixirX's Avatar
TruthElixirX TruthElixirX is offline
 
Join Date: Sep 2004
Location: Oklahoma
Posts: 517
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Yes, if you do not have any php edits.
Reply With Quote
  #9  
Old 11-02-2005, 01:58 AM
Brandon Sheley's Avatar
Brandon Sheley Brandon Sheley is offline
 
Join Date: Mar 2005
Location: Google Kansas
Posts: 4,678
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

[high]* Brandon Sheley trying to remeber.. i don't have many.. [/high]
Reply With Quote
  #10  
Old 11-02-2005, 02:21 AM
Omega Prime's Avatar
Omega Prime Omega Prime is offline
 
Join Date: Sep 2002
Location: ::Infinity::
Posts: 169
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

For those having issues with class_core.php, I posted a temp. fix here
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 03:39 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04528 seconds
  • Memory Usage 2,261KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete