vBulletin Announcements

vBulletin 4.1.2 is now available to be downloaded from the vBulletin Members Area at: http://members.vbulletin.com vBulletin 4.1.2 includes: [SIZE=3]Skimlinks Integration As part of an effort to expand the monetization options with vBulletin, we have added Skimlinks to the software. Skimlinks is a leading affiliate technology provider, and has had significant experience working with vBulletin customers previously. If you join through vBulletin and stay on the program for 6 months, as thanks for joining up through vBulletin, Skimlinks will add an additional 5% to your earnings to date. You can learn more about the Skimlinks integration here. [SIZE=3]Mobile Style Integrated lightweight mobile style. This mobile style is...

I would like to announce that version 3.8.7 of vBulletin Forum and version 2.0.3 of vBulletin Blog is available. If you have an active vBulletin license, you can download your copy of either from the vBulletin Members Area at: http://members.vbulletin.com The 3.8.7 release fixes 8 bugs. The 2.0.3 Blog release fixes these 2 bugs. If you purchased the 3 month license extension for vBulletin 3, and it has since expired - we have extended your license till next Monday to take enable you to download this release. These 2 releases are the final releases for both vBulletin 3 and vBulletin Blog. Both products will still be eligible for patches for known Security Vulnerabilities until vBulletin 4.2 is released. We will remove the...

There was an issue identified in vBulletin 4.1.0 and 4.1.0 PL1 that may potentially break a number of 3rd party plugins and modifications. Please note, this issue does not affect the core vBulletin product, but changes that were made to the core vBulletin product may potentially break 3rd party plugins and modifications. As part of our inclusion of the mobile APIÂ’s, the vBulletin templates were re-factored in how they are rendered to support the API. The $vbulletin variable was placed so that it was not part of the eval process, and subsequently out of scope for the templates of 3rd party plugins and modifications templates. Here is an example template conditional that would be affected: Code: in group 5, 6 or 7 We have...

There was an issue identified in vBulletin 4.1.0 that may cause increased web-server load and/or increased page load times for end users. This issue only affects vBulletin 4.1.0 No other versions of vBulletin are affected. To rectify the issue please download the patch from the members area of vBulletin: Please Log In [SIZE=3]Upgrading from 4.1.0 If you are already running 4.1.0, the process you will be required to undertake to make your board immune to this issue is the following: Visit the Patches section of the vBulletin Members' Area and download the patch for 4.1.0, then extract the files from the archive you downloaded, then upload the files to your board via FTP etc., overwriting the existing files. This will update...

I would like to announce that version 4.1 of vBulletin Publishing Suite and vBulletin Forum is now available. If you have an active vBulletin license, you can download your copy of 4.1 from the vBulletin Members Area at: http://members.vbulletin.com [SIZE=3]Important Two items that we had envisaged to make available as 4.1 Updated Editor - to enable WYSIWYG editing in Webkit browsers (Chrome/Safari) "Flexible URL Mapping" Are not included in this release. Due to both the editor, and the flexible URL mapping affecting all aspects of our product, development and QA has taken a longer period of time than we had initially envisaged, and we are not sufficiently satisfied with the level of quality of either item to release them as...

Further to the issue that was rectified with vB 4.0.8 PL1, an additional concern was identified that may affect users utilizing IE6. The flaw may enable users to upload a script to their own profile, and viewers of that profile when utilizing IE6 may be exploited. This issue only affects vBulletin 4.0.8/vBulletin 4.0.8 PL1 where User Profile Customization has been enabled by the administrator. No other versions of vBulletin are affected. Versions of vBulletin 4.0.8/4.0.8 PL1 that do not have User Profile Customization enabled, or elect to disable the User Profile Customization are also not affected. To rectify the issue please either download the patch from the members area of vBulletin: Please Log In Or disable user profile...

An XSS flaw within the user profile customization was recently reported to us. On initial investigation it appeared that the flaw would only affect the user who attempted to perform the exploit when visiting their own profile page. Additional reports we have since received, confirm that certain visitors utilizing Internet Explorer 6 and specific variants of Internet Explorer 7 may be exposed to this exploit. The exposure to other users that utilize IE6 and certain variants of IE7 has been rectified with this patch. This issue only affects vBulletin 4.0.8 where User Profile Customization has been enabled by the administrator. No other versions of vBulletin are affected. Versions of vBulletin 4.0.8 that do not have User Profile...