JELSOFT E-BULLETIN / SECURITY NOTICE
http://www.vbulletin.com/
August 12th, 2006
* vBulletin 3.6.0 Released
* What's New in 3.6.0?
* Security Notice
* vBulletin 3.5.5 Released
* vBulletin 3.0.15 Released
* vBulletin 2.3.10 Released
* Your License Information
* Contact Us
---------------- VBULLETIN 3.6.0 RELEASED ----------------
The vBulletin team is proud to present vBulletin 3.6.0 'Gold'.
vBulletin 3.6.0 is now our stable, fully supported version, superseding both 3.0.x and 3.5.x. While we will continue to support 3.0.x and 3.5.x with critical bug remedies and security fixes, these lines are no longer in active development.
Note for Upgraders:
If you have customized templates and upgrade to vBulletin 3.6, you WILL need to revert many of them or some areas of your board will not function!
You can read more about vBulletin 3.6.0 and find upgrade instructions on the vBulletin Community Forums here:
http://www.vbulletin.com/go/360
The text of the vBulletin 3.6 press release can be read here:
http://www.vbulletin.com/forum/showthread.php?t=195858
---------------- WHAT'S NEW IN 3.6.0? ----------------
Many customers have been keeping track of the new features that have been added to 3.6 via the vBulletin Community Forums, but for those who have not, this is a brief summary of what's new:
* Multi-Quote
* Linked Quotes
* Mark Forums Read With AJAX
* New Buddy / Ignore List Editor
* Options Backup And Restore
* Private Message Preview In Notification Emails
* Auto-Resize Oversized Image Attachments
* 'Reason For Editing' On Quick Edit
* Unique Unsubscribe Link In Emails
* Plugin Manager Sorted By Product
* Save Search Preferences With AJAX
* Infraction System (Warning system)
* Default Sorting Option Per Forum
* Rate Threads With AJAX
* IP Resolution With AJAX
* Improved Proxy Support In Session Handling
* More AJAX Auto-Completion
* Paid Subscription Permissions
* Show Threads Or Posts From Quick Search Popup
* Phrase Types Identified By Field Name Only
* LastPostID Column In User, Thread And Forum Tables
* Extensive Signature Permissions
* Uploadable Signature Image System
* Improved Image Verification (Captcha)
* Enforced Required Profile Fields
* 'Find Updated Phrases' System
* Pop-Up List Of Attachments In A Thread
* Validation Of Admin Options
* Product Dependencies Support
* Paid Subscription Logging And Statistics
* APC Support For Datastore
* Description Field For Scheduled Tasks
* RSS Poster Robot allows import of RSS feeds into forums
* Latest version check and product URL for products
* Receive private messages from Buddies only option
* Show private forum option per forum
* Give reputation using AJAX
* Error prevention in upgrades
* Option to disable scheduled tasks
* Parsed signature storage for performance boost
* CRON tasks, profile fields, subs, holidays now phrased
* Option to sort forums by thread creation time
* Super moderator permissions
* Welcome private message at registration
* WYSIWYG front-end editing for announcements
* Plugin execution order control
* Flexible username validation
* Private message quota warning system
* Private message admin quota override ability
* Plain-text BBcode parser
* Cache of syndication data (external.php) for improved speed
* Email logging for diagnostics
* Improved performance in datastore failure handling
* Instant view of deleted / ignored posts using AJAX
* Centralized area to view posts awaiting moderation / deleted
* Admin help, scheduled tasks, FAQ now include product support
* CCBill support for paid subscriptions
* Attachment permissions per usergroup
* List posts / threads selected for inline moderation
* Full BCC support in private messages
* Podcasting support
* Atomic flood checking
* Image verification (Captcha) for guest posting
* Thumbnail display options - border / dimensions etc.
* Copy posts using inline moderation
* Announcements show when viewing new posts
* New built-in option types
* Resume paused attachment downloads
* Better webserver logging for POST requests
* Automatically remove thread redirects after set time
* Announcement DataManager
* Persistent D.O.B cookie for COPPA
* Improved master / slave database support
* Improved RSS syndication system
For more information on all these features, take a look at this thread, which contains illustrations and detailed descriptions:
http://www.vbulletin.com/go/36features
-------------------- SECURITY NOTICE ---------------------
Amidst the excitement surrounding the release of 3.6.0, we have not forgotten those customers running previous versions of vBulletin.
The combination of a newly-discovered flaw in Microsoft Internet Explorer and a separate potential cross-site scripting (XSS) flaw in previous versions of vBulletin has prompted us to release updated packages for 2.3.x, 3.0.x and 3.5.x vBulletin branches.
To avoid exposure to these potentially hazardous flaws, we recommend that all vBulletin customers upgrade as soon as possible to either vBulletin 3.6.0 or to the latest version of the branch they are currently running.
Patches are also provided for 2.3.9, 3.0.14 and 3.5.4 as an alternative to upgrading. These patches are available in the vBulletin Members' Area:
http://members.vbulletin.com/patches.php
For more information about how to secure your vBulletin installation, please read the relevant section for your version of vBulletin below.
---------------- VBULLETIN 3.5.5 RELEASED ----------------
In response to the discovery of the security problems noted above, vBulletin 3.5.5 has been released.
vBulletin 3.5.4 can be patched to be secure using the patch available at
http://members.vbulletin.com/patches.php but previous versions of 3.5.x will need to be fully upgraded.
We recommend that customers running vBulletin 3.5.x upgrade to 3.6.0 as soon as possible, as this is the currently supported and actively-developed version. If upgrading to 3.6.0 is not possible, upgrade to 3.5.5 or apply the patch as described.
For more details, see the following thread at vBulletin.com:
http://www.vbulletin.com/go/355
---------------- VBULLETIN 3.0.15 RELEASED ---------------
In response to the discovery of the security problems noted above, vBulletin 3.0.15 has been released.
Options to upgrade to 3.0.15 or all the way to 3.6.0 are available. If you are currently using vBulletin version 3.0.14 then a patch is also available should you wish to simply close the security hole rather than fully upgrade.
For more details, see the following thread at vBulletin.com:
http://www.vbulletin.com/go/3015
---------------- VBULLETIN 2.3.10 RELEASED ---------------
In response to the discovery of the security problems noted above, vBulletin 2.3.10 has been released.
vBulletin 2.3.x is now very old and we would recommend that all customers seriously consider upgrading to a more up-to-date and secure version, though customers who wish to simply patch their existing board or upgrade just to the latest 2.3.x version may do so.
For more details, see the following thread at vBulletin.com:
http://www.vbulletin.com/go/2310
---------------- YOUR LICENSE INFORMATION ----------------
You can use this information to log into the members' area
to download vBulletin, ImpEx and other vBulletin-related
support materials:
Customer Number: xxx
If you have misplaced your customer password, you can
request that it be re-sent to your registered email
address using the following form:
http://www.vbulletin.com/go/lostpw
The members' area is located here:
http://members.vbulletin.com/
-------------------- CONTACT US --------------------------
Please do not respond to this email directly. We will not
receive your response. Please use the links below.
Got a vBulletin technical query? Contact support:
http://www.vbulletin.com/go/techsupport
For all other queries, please visit this page:
http://www.vbulletin.com/go/contact
----------------------------------------------------------
This periodic email newsletter is delivered to all current
vBulletin customers, and contains information about new
software versions and Jelsoft.com / vBulletin.com web site
features and content. If you have any questions or
comments about this mailing, please contact us via the
links above.
This email sent to: xxx
Copyright ©2000-2006, Jelsoft Enterprises Limited
Press Release, August 3rd 2006
