vBulletin Announcements

A security issue has been found that affects all versions of vBulletin including 3.x, 4.x and 5.x. We have released security patches to account for this vulnerability. This includes patches for vBulletin 3.8.7, vBulletin 4.2.2 and all versions of vBulletin 5 (including Cloud accounts). The patch is also applied to vBulletin 5.1.0 RC1. It is imperative that you apply these patches as soon as possible. Due to functionality changes, the minimum PHP version for the patch is 5.2.0. This represents an increase for both vBulletin 3. Alternatively customers can install the JSON functions separately viahttp://pecl.php.net/package/json in which case it will work with any compatible PHP version that their particular version of vBulletin supports...

We’re proud to release vBulletin 5.1.0 Connect. It is available to all customers with a valid vBulletin 5 Connect license. Our goal with this version is to primarily focus on returning the Article publishing functionality of the vBulletin 4 Publishing Suite. To do this we needed to port the functionality and recreate it within the vBulletin 5 database structure and APIs. Along with this we wanted to make sure that your existing articles are imported in a way that makes sense to you and your users without needing a lot of reconfiguration from you to get started. Please note the minimum required version of PHP is 5.3.7. This is a slight increase from previous versions of vBulletin 5 Connect. vBulletin 5.1.0 includes updates for the...

Release Candidate 1 is available. The developers have continued fixing bugs and we're currently working towards a release. As such, we have released 5.1.0 Release Candidate 1. The biggest change is that we've finished the permissions work around comments and you can control this with usergroup permissions per channel now. As a result of this change a number of other changes were made. You can see these in VBV-4523. We've also resolved an issue with Remember Me and the new password system.

This is an unstable Beta Release of the software. It is not recommended to be used on production systems at this time. Today we're proud to release of vBulletin 5.1.0 Beta 1. It is available to all customers with a valid vBulletin 5 Connect license. Our goal with this version is to primarily focus on returning the Article publishing functionality of the vBulletin 4 Publishing Suite. To do this we needed to port the functionality and recreate it within the vBulletin 5 database structure and APIs. Along with this we wanted to make sure that your existing articles are imported in a way that makes sense to you and your users without needing a lot of reconfiguration from you to get started. Article Publishing Channels During the transition...

It has come to our attention that there is a security issue in the uploader.swf file included as part of the Yahoo User Interface (YUI) library included in vBulletin 4. As the version of YUI included in vBulletin is end-of-lifed, Yahoo will not be fixing this issue. Their recommendation is to remove the file from your server. We recommend that you replace this with an empty file of the same name (attached). What this will do is force vBulletin to use a fallback javascript based uploader which is already provided in your system. See: http://yuilibrary.com/support/20131111-vulnerability/ The vulnerable file is also present in the vBulletin 5 download package though not used by the vBulletin 5 front-end. We recommend that you delete the...

This is an unstable Alpha Release of the software. It is not recommended to be used on production systems at this time. Today we're proud to release the Alpha of vBulletin 5.1.0. It is available to all customers with a valid vBulletin 5 Connect license. Our goal with this version is to primarily focus on returning the Article publishing functionality of the vBulletin 4 Publishing Suite. To do this we needed to port the functionality and recreate it within the vBulletin 5 database structure and APIs. Along with this we wanted to make sure that your existing articles are imported in a way that makes sense to you and your users without needing a lot of reconfiguration from you to get started. During the transition to vBulletin 5, a few...

Here is some updated information on our recent security issue that I have been asked to pass on to you. The following is an update regarding the previously reported attack on vBulletin.com and vBulletin.org. The assessment of the attack has been completed and we wish to assure the community of vBulletin site operators and users that such attacks were not due to any inherent security vulnerability in the vBulletin software, including any zero-day vulnerability. Based on our assessment, the attack was conducted by malicious hackers leveraging log-on data for servers on vBulletin.com and vBulletin.org to unlawfully gain access to user tables. No other vBulletin.com web servers were impacted. Following discovery of the attack, all...