Please use this thread to discuss the release of vBulletin 3.0.7.

Do not use this thread to report bugs, as it's likely they will be missed. If you believe you have found a bug, please file a report in the Bug Tracker (http://www.vbulletin.com/forum/bugs.php).

Also please do not post support requests here, these should be posted in the Support Forum or open a support ticket.

Have fun.

Yay for more releases.

Yay for security fixes and bug fixies :D

Figures, I was just about to upgrade to .6.

Upgrading to 3.0.7 now ..

Hey, now I have an excuse to do something other than housework tomorrow :D

What are the "Significant improvements to attachment.php"?

I love vbulletin :-D

Seriously, you guys are doing a great job

*sigh*

Guess I'll upgrade today too...

I will wait to see if you guys fine anymore bug updates.

Upgrading to 3.0.7 now ..
Upgraded vBulletin-Language.com and vBulletin-Fans.com !! Was very easy & Quick.

So. from 7:59pm to 8:16pm = 17 minutes, is just a bit less then 9 minutes per site (backup, download, unpack, upload, upgrade.php, delete install.php and done!)

Ugh! :eek:

What are the "Significant improvements to attachment.php"?
I updated the announcement with more info: Etag support, ability to send signficantly larger attachments, ability to cancel sending attachment if user cancels

Just my luck I just finished upgrading to 6, thought I left it long enough .. lol, thank you for keeping us updated, seriously :)

*back to drawing board*

I think I will wait until tommorow and upgrade to 3.08

funny...I was like hmm I wonder if there have been any new versions released... I checked and look at that! today there was one :-P

figures, i just upgraded to 3.0.6 10 secs ago....then i see 3.0.7 =p

I think I will wait until tommorow and upgrade to 3.08At least patch your current version until you upgrade.

I was hoping never for a 3.0.7 and am not going to upgrade. I dont have the template commenting enabled anyways. The next time I will upgrade my forums is probably when 3.x.a is released. I will patch the updated files tho. Wheres vB oop??? :(

I think I will wait until tommorow and upgrade to 3.08

Not me ..

I will wait until the day after and upgrade to 3.0.9 ..

seriously .. you are doing a great job guys .. ;)

LOL.. i just renew my membership today, upgrade to 3.0.6 few hours ago..install hacks.. now 3.0.7 is release?.. :D nothing to do.. 3.0.7 here i come. :D

thanks guys :)

God I am stupid.

Upgraded a board with the wrong license number.

Now I have to reupload all php files :|

Nice job

*upgrades*

figures, i just upgraded to 3.0.6 10 secs ago....then i see 3.0.7 =p

At least you didnt re-install any of your mods :P

Just finished upgrading! :)

I think I will wait until tommorow and upgrade to 3.08
v3.0.8 is going to be released tomorrow? O_O;

I'm all set. Thanks dev's :D

v3.0.8 is going to be released tomorrow? O_O;
It's just the standard whining. According to similar posts we should be on 3.0.11 by now.

Yay for security fixes and bug fixies :DI blame you anyway - I seem to recall you said there was no 3.0.7 planned a few days ago ... :p

my God, i have waited for a lone time to make sure vB wont release a new version any more caus in Jan they have released 3 versions and just yesterday i decided to upgrade my vB 303 to 306 and today i receive this new vB 307 hehhee i think i should wait until and of this year to upgrade to vB4.x hehehe . thanks to God i must only replace the misc.php :) Gott sei Dank!

I blame you anyway - I seem to recall you said there was no 3.0.7 planned a few days ago ... :p
There wasn't a 3.0.4 planned either, so... :p

I blame you anyway - I seem to recall you said there was no 3.0.7 planned a few days ago ... :pZachery can't and won't give estimations or release dates. And people should not ask.

This security hole is a nasty little one, glad it's all sorted :)

The part I hate most about upgrading is that I have to go and look for the darn member ID and password. I can never remember them.

I blame you anyway - I seem to recall you said there was no 3.0.7 planned a few days ago ... :p
I can't predict when the people who have no lifes will spend 8 weeks looking for a single bug in the code that doesn;t happen in any normal circustances :(

I'm feeling pretty smart right about now. :) :) :)

Still on vB 3.0.3.

Only been doing the "security patches".

Besides... I'm waiting for the big one! vB Ninja 4.0.0 :D

I think I will wait until tommorow and upgrade to 3.08
Haha, same here ^^

The part I hate most about upgrading is that I have to go and look for the darn member ID and password. I can never remember them.
You can always go here to retreive lost customer details :) Just enter the email address linked to the customer account.
http://www.vbulletin.com/members/lostpw.php

I think I will wait until tommorow and upgrade to 3.08
why dont you just wait for the next major upgrade 3.1.0?

No upgrade for me this time. It takes me about four hours each time, I've had quite enough of it. I'll patch only.

There aren't enough hours in the day for this.

It's just the standard whining. According to similar posts we should be on 3.0.11 by now.
You missed a few 1s there I think. :)

3.0.1111

I patched my forum when 3.0.6 came out and thought i would upgrade to 3.0.6 this morning. Anyway after doing the upgrade and spending hours adding all the MODS. I logged in to my admin and noticed the 3.0.7 update.
:eek:
Doh!

I've been on the net all day sorting my forum. only to have to do it all again !
Can you please give me a clue when 3.0.8 will be out ?

BTW i know it's better to upgrade and have people fixing things than it would be if we just stuck to the same version for months and hoped we would be ok.

When upgrading, is vBulletin supposed to reset all vBulletin Options in the database back to default? I had about 8 custom options for BBSZenDex set in its own group and both the setting and settinggroup table were basically reset.

It's not a huge issue as it took all of 1 minute to re-enter them, just was not aware if this is standard or not that way I will know to specifically make a small backup of both tables in the future.

Only if they are set to "default" vBulletin Options.

I think when adding in debug mode the setting is called Violitile? (sp? Im trying to get out the door :))

i love you guys u just wanna make me do more and more and more work :( but its all good at the end :p i put the misc thing in to my forums is that all ihad to do for the update to work this is my first time u no ;)

I patched my forum when 3.0.6 came out and thought i would upgrade to 3.0.6 this morning. Anyway after doing the upgrade and spending hours adding all the MODS. I logged in to my admin and noticed the 3.0.7 update.
:eek:
Doh!

I've been on the net all day sorting my forum. only to have to do it all again !
Can you please give me a clue when 3.0.8 will be out ?

BTW i know it's better to upgrade and have people fixing things than it would be if we just stuck to the same version for months and hoped we would be ok.

Tonight there is no clue when 3.0.8 will be out, if ever.
However, if tonight we receive one or more security issues we require to fix, perhaps tomorrow night. I hope you understand we don't control this really. We just want to please our customers with a quick security response rather then wait 6 months watching forums getting possibly exploited while we actually have a fix waiting for 6 months .. erhm, I hope you get what I try to understand.

I hope you understand we don't control this really. We just want to please our customers with a quick security response rather then wait 6 months watching forums getting possibly exploited while we actually have a fix waiting for 6 months .. erhm, I hope you get what I try to understand.

thats pathetic when you say "we don't control this" then who? is it the people that volunteer their time to find these flaws that vbulletin failed to code correctly from the beginning?

hell, for all i know, if it was coded correctly we wouldn't need to be upgrading every week with all these security issues.. so, i believe vbulletin does control this.. thanks god we have these people that find these flaws, otherwise vbulletin would be nothing but a mine waiting to explode if it wasn't for them...

sure there are mistakes in coding, but this many? since vb3 came out 99.9% of all the updates are security issues... i want to get features when i upgrade.. not hassles..

thats pathetic when you say "we don't control this" then who? is it the people that volunteer their time to find these flaws that vbulletin failed to code correctly from the beginning?

hell, for all i know, if it was coded correctly we wouldn't need to be upgrading every week with all these security issues.. so, i believe vbulletin does control this.. thanks god we have these people that find these flaws, otherwise vbulletin would be nothing but a mine waiting to explode if it wasn't for them...

sure there are mistakes in coding, but this many? since vb3 came out 99.9% of all the updates are security issues... i want to get features when i upgrade.. not hassles..
That is a ignorant post if I do say so myself. Do you code in any languages? Do you have any idea how hard it is to get something perfect when coding a project as big as this?

Please stop commenting on things that you have no idea what you are talking about.

Why don't you go to another message board where they have just as many security problems as vbulletin but don't have the quick response to fix these problems that vbulletin has.

Please just stop.

Ha.. I knew it.. :p

http://www.vbulletin.com/forum/showpost.php?p=815894&postcount=459

Can someone help, please? I have downloaded the latest nevsion, and uploaded all the files on top of the old ones. Then ran upgrade.php, and it all went fine, except that I am no longer able to access the administration page. It keeps sending me back to the login page. Any ideas why?

Thanks

Hypothetically, if someone still had vB 3.0.0 running, how bad is that and what are the chances of the board getting hacked?

Ha.. I knew it.. :p

http://www.vbulletin.com/forum/showpost.php?p=815894&postcount=459
I really can not understand what people's deal is with this. vBulletin does not support you hacking their forum. If you do this you do it at your own risk, expense and time. Therefore if you hack your forum and then a series of bugs are found that require you to upgrade don't come on here bitching about it because vBulletin supports its software untouched. If you havent modified your code then it takes about 15 minutes to upgrade to the latest version.

This isn't aimed at anyone in particular just all the people crying over this.

Hypothetically, if someone still had vB 3.0.0 running, how bad is that and what are the chances of the board getting hacked?
If someone visits your forum and sees you are running 3.0.0 and they know how to exploit one of the numerous security holes in that version then all it would take is them to use that exploit.

We are going to be at 6.0.3 by the end of the week :)

Hopefully not. My current version has fired me, I am no longer able to log in to the admn panel. Keeps sending me back to the login screen. But quess what, it only happens if I use IE. In Firefox I can log in just fine. What is going on?

We are going to be at 6.0.3 by the end of the week :)

If it's due to many corrections of security holes, why not ?

Thanks a lot for the corrections :)

Yeah i know, But why not do complete check of secuirty holes, Test it then release just one version instead of 3 or 4? :)

This may be a dumb question but this is my first upgrade with VB...... does this 3.0.7 include all the updates from 3.0.3? I ask because in my member's area I can only find the 3.0.7. I cannot find the 3.0.4, 3.0.5, or 3.0.6

Yeah i know, But why not do complete check of secuirty holes, Test it then release just one version instead of 3 or 4? :)

You can skip 10 updates and update once a year...if your board survives so long...



This may be a dumb question but this is my first upgrade with VB...... does this 3.0.7 include all the updates from 3.0.3? I ask because in my member's area I can only find the 3.0.7. I cannot find the 3.0.4, 3.0.5, or 3.0.6


Yes it does

Thanks for the info, VMV.


Any words of wisdom on the best way to do the upgrade when there are modifications to the original forum 3.0.3? ;)

Yeah i know, But why not do complete check of secuirty holes, Test it then release just one version instead of 3 or 4? :)
You act like it is that simple. Do you honestly think i fit was that simple vBulletin would just skip it? :rolleyes:

Thanks for the info, VMV.


Any words of wisdom on the best way to do the upgrade when there are modifications to the original forum 3.0.3? ;)
Download the files and redo the modifications......

Another flawless, 15 minute upgrade! Thanks!

I usually just upgrade, then re-install the hacks I have, but
this time I'm gonna try file/dir comparison with "beyond compare"
and see how it goes. :)

I think it is a good idea to have a logfile containing all the information about hacks installed: what was done, what files were altered e.t.c. I know it is always boring to do such archive work, but it really helps if you wish to reinstall the mods in a fast manner. ;)

Hi, I've uploaded and replaced the file but when I run the upgrade thing it takes me to the Admin CP. Now I've read that this happens because I've uploaded something wrong, but it isn't hard to upload and replace one file so what's the problem?

I think it is a good idea to have a logfile containing all the information about hacks installed: what was done, what files were altered e.t.c. I know it is always boring to do such archive work, but it really helps if you wish to reinstall the mods in a fast manner. ;)

Yep, I agree, and I do myself.
It make thing a lot easier, and more complete.
I'm also a fanatic about backups. :D

You can always go here to retreive lost customer details :) Just enter the email address linked to the customer account.
http://www.vbulletin.com/members/lostpw.php

Oh I have the customer ID and password, I just don't remember it on top of my head and always have to look for the text file. Yes, I'm lazy! :D

I have upgraded, but it still says its 3.06 is this a problem or not done right?

Could you please provide more information about this "etag Support"? Maybe more detailed infos as the one you posted or a link where we can find more information...

I have upgraded, but it still says its 3.06 is this a problem or not done right?

Not done right.

patched mine now, thanks.

It's just the standard whining. According to similar posts we should be on 3.0.11 by now.

Sorta funny how the people who start complaining dont seem to care if their board get hacked :P

Oh I have the customer ID and password, I just don't remember it on top of my head and always have to look for the text file. Yes, I'm lazy! :D

Well I did that before, but now I'm too lazy :p, I use araxis merge. It works great.

That is a ignorant post if I do say so myself. Do you code in any languages? Do you have any idea how hard it is to get something perfect when coding a project as big as this?

for the record, i have 4-years experience coding in php. i never said it was easy making an application secure.. though, its not impossible and not that hard either. there are plenty of FREE forums out there, some are secure, some aren't.. i choose vbulletin because i thought it was MORE secure then the rest. perhaps it is not after all. of course, these are my opinions whether you agree with them or not, i am a paying member so i believe i have every right to complain/whine/whatever you want to call it.

Gah, just as I'd upgraded to 3.0.6 yesterday, you release another one. Time to spend another 30-40 minutes upgrading. Tis all for the good of our boards. Thankyou.

3.0.7 here I come. :D

Hypothetically, if someone still had vB 3.0.0 running, how bad is that and what are the chances of the board getting hacked?
Considering that you asked this question AND have a link to your forums in your sig, it may not be very long at all. ;)

for the record, i have 4-years experience coding in php. i never said it was easy making an application secure.. though, its not impossible and not that hard either. there are plenty of FREE forums out there, some are secure, some aren't.. i choose vbulletin because i thought it was MORE secure then the rest. perhaps it is not after all. of course, these are my opinions whether you agree with them or not, i am a paying member so i believe i have every right to complain/whine/whatever you want to call it.

Complain if you want, but this won't help in any way. It's impossible to make anything 100% secure, otherwise FBI would not run after hackers :D. Even if you do your best to avoid security holes, other exploits will be discovered just after. If you had that much experience, you wouldn't say that.

ps : I also have 4-years (even more) experience in PHP and some more in C and other language.

Forum is upgraded!

Forum is upgraded!

gosh im getting soo used to this i can even upgrade the boards with my eyes closed with one hand tied behind my back and writing a 10,000 word essay on PHP security :p

When upgrading, is vBulletin supposed to reset all vBulletin Options in the database back to default? I had about 8 custom options for BBSZenDex set in its own group and both the setting and settinggroup table were basically reset.

I've had this problem with the QuoteIt hack and it's incredibly annoying. It took me a while to figure out why my quotes weren't showing up. I guess the easiest solution is for coders to just not add to the "vbulletin options" area.

flawless, 10 minute, upgraded! Thanks!

for the record, i have 4-years experience coding in php. i never said it was easy making an application secure.. though, its not impossible and not that hard either. there are plenty of FREE forums out there, some are secure, some aren't.. i choose vbulletin because i thought it was MORE secure then the rest. perhaps it is not after all. of course, these are my opinions whether you agree with them or not, i am a paying member so i believe i have every right to complain/whine/whatever you want to call it.
If we were less secure, we would have ignored the issue for a few months and let systems be exploited, instead we patched a bug that is a issue with php itself.

l333t h4xz0rz won't be getting into my vBulletin. Just as soon as I renew my license! :)

Considering that you asked this question AND have a link to your forums in your sig, it may not be very long at all. ;)

lol, I looked on Google and hypothetically if I had vB 3.0.0 running, I would definately not be alone.

All the patches from 3.0.1-3.0.7, do they introduce any new bugs? I read somewhere in this thread that someone can't log in to the admin CP with 3.0.7. Also, if I had vb 3.0.0 running, would I be able to directly upgrade from 3.0.0 to 3.0.7?

If someone can't login to their admincp its an issue with their instaltion and or hacks. :)

Just a reminder that this is a discussion thread. If you are having a problem, please post a new thread in the appropriate forum. Thank you.

Do we have to upload all the files from 3.0.6 again in order to upgrade to 3.0.7? I uploaded the misc file, but it won't let me upgrade.

I will just apply the little patches until 3.1. There is no good reason to go thru the whole upgrade process if the version doesn't have significant feature enhancements.

My forum is running 3.05.

If you can't login try clearing your cookies (happened to me with the 2x -> 3x upgrade.

Contrary to what I said earlier, I have now upgraded.

For the first time ever I tried Beyond Compare which speeds it up a bit. I am a bit bothered that in some of the files I might have compared and replaced the code changes and thus negated the whole point of upgrading, but I don't think so.

With the next major release I am not putting any hacks on apart from the arcade which is fairly simple. Not for reasons of invalidating support, just for reasons of preserving what little sanity I have remaining.....

Contrary to what I said earlier, I have now upgraded.

For the first time ever I tried Beyond Compare which speeds it up a bit. I am a bit bothered that in some of the files I might have compared and replaced the code changes and thus negated the whole point of upgrading, but I don't think so.

With the next major release I am not putting any hacks on apart from the arcade which is fairly simple. Not for reasons of invalidating support, just for reasons of preserving what little sanity I have remaining.....

PS Wibble!

Upgrading using Araxis Merge took only 15 minutes on a heavily hacked forum... the number of files changed were minimal really. What took the longest time was uploading the XML files. :) Otherwise, easy upgrade.

I appreciate the security patches and won't whine about the need to keep up to date. But I DO wish that you guys would be more clear about the options available to people when a new version comes out.

This is the fourth security update since I went to v3 and each time I am left scratching my head wondering what I *really* need to do to be safe if I don't want to do a full upgrade.

Here for example....

The email I got said this is an issue only if I have that obscure feature enabled. I don't.

Then it says there are three options, one of which is to simply not enable the feature.

But then later it says "We recommend options 2 or 3, if possible."

Why? You guys need to please make clear why you are recommending one option over the others or if there are any issues with choosing the "non-recommended" options. Because people don't need or want to do upgrade work if it is not necessary.

Thanks.

I've had this problem with the QuoteIt hack and it's incredibly annoying. It took me a while to figure out why my quotes weren't showing up. I guess the easiest solution is for coders to just not add to the "vbulletin options" area.
No, the easiest solution is to add to it correctly. By changing a little 1 to a 0 in the volitile column, they are not erased in upgrades. Now, if a hack doesn't do this, then there will be problems.

I think I will wait until tommorow and upgrade to 3.08
I knew it hahahah...me 3, I'll wait for 3.0.9 just install half of my board hacks.

But then later it says "We recommend options 2 or 3, if possible."

Why?Because it's an option. Down the line, you may enable that option for whatever reason, not realizing what you did, leaving yourself vulnerable. If you take 2 or 3, do whatever you want, and you won't be vulnerable.

It's sort of like "this problem only occurs when you have millions of posts." You don't have millions of posts now, so you don't bother fixing the problem. But it's still there and if you ever have millions of posts, you'll want to fix it.

Another smooth 5 min upgrade. Thanks for keeping us current with security fixes :).

Patch applied. :)

I really can not understand what people's deal is with this. vBulletin does not support you hacking their forum. If you do this you do it at your own risk, expense and time. Therefore if you hack your forum and then a series of bugs are found that require you to upgrade don't come on here bitching about it because vBulletin supports its software untouched. If you havent modified your code then it takes about 15 minutes to upgrade to the latest version.

This isn't aimed at anyone in particular just all the people crying over this.

This is probably an ignorant post... but here goes anyway :)

There are features that I would like that are only available by means of hacking, I'm not on about big hacks but other things such as having that whose online over 24hours thing and other small things.. there are actually bigger things I'd like, a portal, chat room etc but don't install them because of all the faffing about when we have these necessary security fixes.

You say vb doesn't support hacked boards, but yet it links actively to boards which offer hacks and if they don't want us to install them why link like that? You know these hacks are what (some) people want so why can't we have more of them installed as features, ones we can turn on or off in the admin cp. then we wouldn't have to install hacks at all. We'd be fully supported and all updates would be completely painless.

I know that is probably ignorant and maybe not as easy as that but it seems to me, that if the boards had these features as standard nobody would complain about having to update again because they'd only have to update not then go on to reinstall stuff.

It seems to be the same pattern on here. The discussion starts and a few may have a little whine (which they/we all can do as paying customers) and then the die-hard vb fans will rigorously defend vb or put down the complainee. The complaints seem more like frustrations to me and it just seems we wouldn't have cause to complain/whine/etc if some of the more popular hacks were incorporated.
Saying all that I'm mostly happy with vb I'm frustrated but understand the need of the security updates and I think the devs do a stirling job. My only gripe is that I don't feel that features are really added enough.
And nobody need flame me its just an opinion I have.:rolleyes:

Yep, it's an ignorant post. :)

I have a portal, image gallery, arcade, and other hacks. Still only took me 15 minutes to upgrade.

I think I will wait until tommorow and upgrade to 3.08

me too :)

All upgraded, thanks. :)

Yep, it's an ignorant post. :)

I have a portal, image gallery, arcade, and other hacks. Still only took me 15 minutes to upgrade.

Good for you - my point is that we're all not as superb as you are. :rolleyes:


If I have to reinstall I have to spend time reading all the instructions for the hacks again, so it does take me a tad longer. Unfortunately I don't have time to spend too long on things like that although I do want those extra features so I have to. And its for that reason that all these little updates (necessary or not) do become frustrating.

I for one would really appreciate the extra features as standard
so I could have a better board without hacking at all, because I'm not now and never will be as superb as you..

Thanks for fixing the security issue guys. While I like lot are skipping the full upgrade, I really appreciate it that you give us a way to just resolve the security issue with out having to do a full upgrade.

Good for you - my point is that we're all not as superb as you are. :rolleyes:


And that's why you have an option to just patch, instead of doing the full upgrade. :D

I have upgraded, but it still says its 3.06 is this a problem or not done right?

Did you try refreshing or re-opening your browser? (I'm a newbie, but I thought I would suggest this.)

You sure you didn't patch instead?

That is a ignorant post if I do say so myself. Do you code in any languages? Do you have any idea how hard it is to get something perfect when coding a project as big as this?

Please stop commenting on things that you have no idea what you are talking about.

Why don't you go to another message board where they have just as many security problems as vbulletin but don't have the quick response to fix these problems that vbulletin has.

Please just stop.

Wow. That post that you quoted was silly.

NO forum is secure. You thinka group of people can find all the mistakes and exploits? We are HUMAN, not robots

Yes, the frequent updates do get a bit tedious, but I am grateful for them. It means vb is doing their job and staying on top of potential security issues, and that gives me peace of mind.

Besides, installing a patch or updating is definitely easier than rebuilding a hacked site from scratch. The patch took me > 5 minutes.

Thank you to everyone on the vb staff. You're doing a great job! :D

Rebecca

Another one? Already???

Seriously though, I appreciate all the work you put into keeping us up-to-date. As soon as I can find the hacks I've installed, and have the time, I'll upgrade.

So if I had 3.0.0, I could upgrade directly to 3.0.7 right? 3.0.7 will do all the changes every patch after 3.0.0 did right?

Also, does any patch after 3.0.0 contain any new bugs?

thnx for the update.

Because it's an option. Down the line, you may enable that option for whatever reason, not realizing what you did, leaving yourself vulnerable. If you take 2 or 3, do whatever you want, and you won't be vulnerable.

Okay, that's fair. Thanks.

I'm getting lost... :D

If I'll upgrade from 3.0.6 to 3.0.7, I'll lost my settings?

Jelsoft is the industry leader and, as such, is a major target. Sort of like Windows--everybody uses them, everybody tries to hack them. They deserve slack, to a certain point.

That's why I went over to Mac 3 months ago.

Seriously, this is getting tedious.

*me thinking i would not upgrade until they stop bringing out a new patch every week*
... so i upgraded from 3.0.3 > 3.0.6 last night, like literally from 12pm to 4am Aussie Time.... and i log into adminCP this morning and see 3.0.7 - i'm going to go crazy!

reply to #115 - nar dude, *nothing* changes... if you have mods, you'll lose them, unless you use 'araxis merge 6.5' and compare each file you edit, and just edit around your mods.
Jelsoft are smart with upgrades, so if you have edited any templates, the "original template" will change (i.e. the 'revert template') but yours will still stay ontop, as the customised version. if you want the new feature they speak about in the new template (i.e teh 'orginal' / 'revert' template) simply "view original" and 'view customised" copy data to araxis merge 6.5 and check what the differences are.

I have a problem if I upgrade to the last version ..

Some members use arabic passwords (non-English passwords)..
after upgrading .. the cannot use it again ..
so they have to take it again via "forget password?" ..

How can I fix it, and let them enter the forum with there arabic passwords ?

PLEASE HELP !

Yay for security fixes and bug fixies :D

;) :D :D :D That was priceless Zach........hehehehehehe;)

The specific exploit that is at issue here has been reported to the PHP team as unexpected behaviour and it is being reviewed.

We did the same thing with the exploit that 3.0.5 was released to fix. The PHP team recognized that we were correct in our assertion that the beahviour was unexpected. The next release of PHP will have fixed that issue when register_globals is enabled.

So, what I am getting at is that even when we go over everything back and forth, we can still be disrailed by code we can not forsee. I expect that the PHP team will again agree with us and insert a patch into the next release of PHP to handle this issue.

The important thing that I would like to stress is that when this happens, we immediately investigate it and prepare a release to handle it. I don't believe you need to upgrade for any of these release. We provide several options for you to secure yourself, with the easiest being to just replace the patched files that we provide.

Thanks for the diligence everyone at vBulletin!

May I have a question ?


All versions of vBulletin 3 up to and including 3.0.6 are affected only if you have enabled the Add Template Name in HTML Comments option (Admin Control Panel -> vBulletin Options -> General Settings). We hope most of you will not have had this option enabled anyway, as it is mostly for debugging and wastes a fair amount of bandwidth on a production site.

Thus, to fix the issue, you should choose one of these options:
1- Disable the Add Template Name in HTML Comments option on your board.
2- Download the zip file attached to this post (or from here) and overwrite the misc.php in the main vBulletin directory on your server with the version in the zip. (More extensive instructions are provided in the zip file.)
3- Upgrade to 3.0.7. A link to upgrade instructions is provided below.
We would strongly recommend options 2 or 3 if possible.

My question is:

If we upgrade to 3.0.7 version or uploaded the new misc.php file ..
Is it still problem if we allow or enable the Add Template Name in HTML Comments option (Admin Control Panel -> vBulletin Options -> General Settings) ?

And does this means, the members can posts html codes :
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off ??

.
.

regards :)

If you upgrade or install the patch, you do not need to leave Add Template Name in HTML Comments turned on.

And this has nothing to do with HTML posting. It's an option in the Admin CP:

Admin CP -> vBulletin Options -> General Settings -> Add Template Name in HTML Comments -> Yes

I am all for security updates but by the looks of the announcment you guys did lots more than just a security fix :) Good work.

I'm getting lost... :D

If I'll upgrade from 3.0.6 to 3.0.7, I'll lost my settings?

No, you shouldn't. This only happens when a hack adds settings improperly.


I have a problem if I upgrade to the last version ..

Some members use arabic passwords (non-English passwords)..
after upgrading .. the cannot use it again ..
so they have to take it again via "forget password?" ..

How can I fix it, and let them enter the forum with there arabic passwords ?

PLEASE HELP !

You should post in the appropriate support forum if you need help.

Steve Machol

Many thanks for your reply .. :)

.
.


daemon

np .. I will do so..

Thanks for your reply .. :)

:)

Upgraded, thanks

Upgraded vBulletin-Language.com and vBulletin-Fans.com !! Was very easy & Quick.

So. from 7:59pm to 8:16pm = 17 minutes, is just a bit less then 9 minutes per site (backup, download, unpack, upload, upgrade.php, delete install.php and done!)
Not everyone has 'cookie-cutter' sites like you, it takes a little more effort for people that do anything to their site to upgrade, be it by reinstalling add-ons, or using a tool to just change the files that are different.

It seems to be getting to the point where all the revision releases (0.0.X) can be skipped and just install the 'patch' for the security issue, and then just wait and do the minor release which should roll all these up.

Not everyone has 'cookie-cutter' sites like you, it takes a little more effort for people that do anything to their site to upgrade, be it by reinstalling add-ons, or using a tool to just change the files that are different.

It seems to be getting to the point where all the revision releases (0.0.X) can be skipped and just install the 'patch' for the security issue, and then just wait and do the minor release which should roll all these up.
You can do it that way but you don't get the bug fixes and optimized code that is also included in the releases.

If I have to reinstall I have to spend time reading all the instructions for the hacks again, so it does take me a tad longer.

...
Part of the reason why he takes less time than you, I'm sure, is that he doesn't have to re-read hack install instructions each time. If you do have hacks, do this:

Make a log of all required code modifications. This can be a simple text file! Put the line number and/or surrounding existing code. Make instructional notes to yourself. Put in inspirational or humorous quotes if you really want to so you're not so bored! You then read ONE document that has the instructions clearly laid out in a way that you know will work (because you're doing this the first time you install or upgrade such hacks.

Basic priniciple of administration is to spend a little extra time at the beginning keeping exact records of what you do to save you a lot of additional time in the future. Next time you upgrade, try it; it's just so easy. :)

By doing this, I spend <30 minutes adding my hacks back in because I can follow mindless instructions that I've written to myself. :P

All finished with the upgrade.......Thanks again VB Team........;) :)

reply #119, dude - submit a support ticket - you'll get a quicker reply from the creators that way.

im waiting for 4...

The specific exploit that is at issue here has been reported to the PHP team as unexpected behaviour and it is being reviewed.

We did the same thing with the exploit that 3.0.5 was released to fix. The PHP team recognized that we were correct in our assertion that the beahviour was unexpected. The next release of PHP will have fixed that issue when register_globals is enabled.

So, what I am getting at is that even when we go over everything back and forth, we can still be disrailed by code we can not forsee. I expect that the PHP team will again agree with us and insert a patch into the next release of PHP to handle this issue.

The important thing that I would like to stress is that when this happens, we immediately investigate it and prepare a release to handle it. I don't believe you need to upgrade for any of these release. We provide several options for you to secure yourself, with the easiest being to just replace the patched files that we provide.
Freddie, can you have a link to the bug report that was filed for this issue?

I have just upgraded to 3.06 and managed to get all nesseccary hacks back


not again ......... upgrade is 10 minutes getting that hacks back is 10 days

:confused: :mad: :(

Can someone please explain in more detail the Attachment optimizing that has been put into place? Link to where we can read up on it.. what it does?

Thanks

I think I will wait until tommorow and upgrade to 3.08

Yeah same. Just upgraded to 3.06 yesterday. :mad:

I have just upgraded to 3.06 and managed to get all nesseccary hacks back


not again ......... upgrade is 10 minutes getting that hacks back is 10 days

:confused: :mad: :(
Like it has been said over and over again. vBulletin does not support hacked boards. Their number one priority is security and they release updates when they are needed.

Yeah same. Just upgraded to 3.06 yesterday. :mad:
What do you think coming on here and saying that is going to do? Make them stop releasing security updates? Not hardly. Just upgrade the board man. If you really have a serious problem with the way that vbulletin releases their software updates contact them via email or simply find a better alternative. I do not think you will find a better alternative however as I do not know any forum that has the support that vbulletin offers and the timely upgrades to fix the issues. As was said previously by a developer this is a php issue within its self and not directly vBulletin's fault. There are somethings you just can not forsee.

Please guys remember this and understand they are trying their best. I know it bugs me to see these kind of responses over and over and over.

^Yeah I understand and I appreciate the support and security that vbulletin offers and I know they don't support the hacked boards. Just my luck I guess that I chose yesterday to do the upgrade. Should have done it straight away. It's just very time consuming when you have 2 or more boards. Oh well. My members love it so that's all that matters I guess.

I appreciate the hardwork put up by vbulletin team for security fixes :), and giving easier ways to apply the fix.

Warm Regards,

please tell me inthe nextel 12-24 hours if there will be a 3.0.8 realeased i dont wanna do all the hacks over 3.0.7 than 8 comes out thank you

please tell me inthe nextel 12-24 hours if there will be a 3.0.8 realeased i dont wanna do all the hacks over 3.0.7 than 8 comes out thank you

Again, vbulletin.com DO NOT support hacked boards. If it's painful for you to upgrade cause you have tons of hacks setup, it's your problem...

I have some hacks setup on mine and I use araxis merge to make upgrade easier and it's very quick ...

a small advice for those who complain about the hacks and re-installing them back, its so true that its a god damn pain in the .... but the best way to save your time and to upgrade your forum straight away with the hacks is as soon as you upload any new version of vBulletin try to add the hacks codes in the files needed before uploading them! and make a list in your PC with the hacks that u r using and thier way of install!


for me i never had a problem with the hacks, i just do everything in the new files of the new version and after that upgrading to the newer version with the hacks straight away! it will only consume time while being offline! and i think thats not a problem!!

those developers doing this for ALL OF US! fixing bugs and security holes and stuff :-) i really appriciate what they are doing! keep the good work up guys and many thanks!

regards

Downloaded the full version - twice, once for each of my vB boards - and ran the upgrade in 40 minutes.

Second update failed to overwrite on five files, but resubmitted and they worked.

tnankx man

i upgrade now


just load patch and upgrade18.php

How many more releases will there be in the next week please?

Good job though ;)

tnankx man

i upgrade now


just load patch and upgrade18.php

Thanks, works well! :eek:

:) Thanks VB Team,
The upgrade took 5 minutes and as always went cleanly.

Kind Regards,
Mickey

tnankx man

i upgrade now


just load patch and upgrade18.php
That isn't upgrading....

If you run the upgrade file, you also need to upload all the 3.0.7 files as well.

Just applying the patch does not mean you are running 3.0.7, it means you are running a patched copy of 3.0.6.

Running the upgrade script without replacing the files could cause you problems down the line.

Greetings,

Do I have to put my forums down when I do the mysql dump and the upgrade or may I leave them running while I do the upgrade?

Greetings,

Do I have to put my forums down when I do the mysql dump and the upgrade or may I leave them running while I do the upgrade?
It's a good idea to close the site if you can when running the actual upgrade script and uploading the files.

If you're prepared then the downtime should be a few minutes, nothing more.

That isn't upgrading....

If you run the upgrade file, you also need to upload all the 3.0.7 files as well.

Just applying the patch does not mean you are running 3.0.7, it means you are running a patched copy of 3.0.6.

Running the upgrade script without replacing the files could cause you problems down the line.
That's the problem, in my view. If 3 files are changed, 3 files should be posted rather than every file in the package. This stuff where we have to replace every file is just plain nonsense. Instead of replacing a wheel we end up replacing the whole car.

I strip the garbage out of the admincp when I upgrade as well. If the vB site is running slow, my admincp loads slowly as well. The e-mail tells me about upgrades - I don't need a constant reminder, and the slowdown, as it checks the vB site for current version.

I know the arguement is "well, if you don't do any hacks this is all simple and quick". Well, if none of us 'hacked' our boards, we'd all be the same except for the skins. Some things my users and I want aren't in the standard distro. I don't have any data to show 'most' boards are hacked, but I'm betting most have at least one or two.

I have modified my board a bit, will I onlt need to upload the upgrade file, or do I have to overwrite all my modified ones?

we set up a SVN for our vB system. so its really simple to upgrade to a new vB version AND also keeping custom hacks.
just diff the changed files with tortoise svn under windows, commit them and update the server. last update took only a few minutes ;)

Upgraded 7 mins :D

Were gettin used to this :eek: :D :)

Like it has been said over and over again. vBulletin does not support hacked boards. Their number one priority is security and they release updates when they are needed. I hear this over and over again - But the reality is most of us do have one or more hack(s). Heck, there's an entire board devoted to hacks. Not everyone wants a Ford with the exact same 'options', the exact same engine, the exact same dashboard, the exact same seats, the exact same instruments, the exact same everything except you can change the colour (skins). Many of us have different needs.

Yes - No. 1 is security but I'm beginning to wonder why security patches are being issued every 2 to 4 weeks.

I'll wait for a while myself. Heck - I see a lot of sites online - very, very popular forums that have been online for years - which are still running 2.x versions of vB.

I would say that what Jelsoft does is to be very open about possible issues rather than brushing them under the carpet, and then we as users have the choice. There's always a manual patch as an alternative to a full upgrade.

I have said elsewhere that in the long term something will need to be changed on the modification side to avoid killing the modification community, since it's obvious that before long releases will be weekly, due to the constant efforts by people to find exploits in php at the moment.

I've upgraded but as from the next major release I am removing all but one of my hacks (the arcade) as there just aren't enough hours in the day, that way I'll be able to do each upgrade in less than 30 mins.

Now i have changed to the new version of misc.php, but it still says version 3.0.6

Anything more i need to change/do for a complete fix? :o

If someone visits your forum and sees you are running 3.0.0 and they know how to exploit one of the numerous security holes in that version then all it would take is them to use that exploit.

This is why versioning numbers should not be there by default. Others are removing version numbers from the footer VB should too. Only the admin needs to know what version it is. It shows him in the admin panel.

Footer version needs to be removed.


Thanks for all the hard work guys. Keep up the great work.

thanks

MentaL
ragezone.com

Now i have changed to the new version of misc.php, but it still says version 3.0.6

Anything more i need to change/do for a complete fix? :o
That is just the patch, not an upgrade.
The upgrade involves writing over files and reinstalling hacks, if any.

Now i have changed to the new version of misc.php, but it still says version 3.0.6

Anything more i need to change/do for a complete fix? :o

Patching a version isn't upgrading it. You're still on 3.0.6 and not 3.0.7.
If you only want to patch it you don't need to do a total upgrade.

a small advice for those who complain about the hacks and re-installing them back, its so true that its a god damn pain in the .... but the best way to save your time and to upgrade your forum straight away with the hacks is as soon as you upload any new version of vBulletin try to add the hacks codes in the files needed before uploading them! and make a list in your PC with the hacks that u r using and thier way of install!


for me i never had a problem with the hacks, i just do everything in the new files of the new version and after that upgrading to the newer version with the hacks straight away! it will only consume time while being offline! and i think thats not a problem!!

those developers doing this for ALL OF US! fixing bugs and security holes and stuff :-) i really appriciate what they are doing! keep the good work up guys and many thanks!

regards


Excellent work my brother ..

I am doing the same as you are doing ..

:)

www.gameralias.com/forums/ (http://www.gameralias.com/forums/) updated to 3.0.7 and hacks reinstalled with no problems.

Thanks for the update! :)

thanks vb team

Please use this thread to discuss the release of vBulletin 3.0.7.

Do not use this thread to report bugs, as it's likely they will be missed. If you believe you have found a bug, please file a report in the Bug Tracker (http://www.vbulletin.com/forum/bugs.php).

Also please do not post support requests here, these should be posted in the Support Forum or open a support ticket.

Have fun.

Smooth sailing as ever. :) It was all done within 2 minutes.

- Mark

System Administrator Asarian-host.org

---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx

This is why versioning numbers should not be there by default. Others are removing version numbers from the footer VB should too. Only the admin needs to know what version it is. It shows him in the admin panel.

Footer version needs to be removed.



Security through obscurity? No, thanks!

Seriously, an admin who has time to take out version info, certainly can, and should, be bothered to do the proper 2-minute upgrade process instead.

- Mark

System Administrator Asarian-host.org

---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx

Thanks for your diligence. The more I keep track, the easier it all is.

Upgraded flawlessly once again, thanks for the quick fix devs.!

so if I upload the fixed misc.php file and as an added measure, upload the changed .php files (provided I make the edits necessary to be compatible w/ my existing install), should I be ok? I fear doing a full upgrade because I've made some very heavy modifications to my templates AND I have 11 custom skins so upgrading would be extremely painful in my case.

How can I make the template adjustments w/o running the upgrade script? I didn't see a URL to fix the templates. Lastly, is there a way, after doing all the above, to change my board to think that it's a 3.0.7 install so that I don't have the prompt @ the top of the admincp?

This is why versioning numbers should not be there by default. Others are removing version numbers from the footer VB should too. Only the admin needs to know what version it is. It shows him in the admin panel.

Footer version needs to be removed.


Thanks for all the hard work guys. Keep up the great work.

I've been thinking about that too, but in a way, when I do upgrade it looks good to me.
If I wait it would be good to remove, which brings me too this...
Is it against the license to remove just that number, but leave all the rest,
or do I have to purchase the whole "remove branding" thing?


BTW through file comparision, and with about 7 hacks,
it took me about 15mins to upgrade....cool!

That's the problem, in my view. If 3 files are changed, 3 files should be posted rather than every file in the package. This stuff where we have to replace every file is just plain nonsense. Instead of replacing a wheel we end up replacing the whole car.

I strip the garbage out of the admincp when I upgrade as well. If the vB site is running slow, my admincp loads slowly as well. The e-mail tells me about upgrades - I don't need a constant reminder, and the slowdown, as it checks the vB site for current version.

I know the arguement is "well, if you don't do any hacks this is all simple and quick". Well, if none of us 'hacked' our boards, we'd all be the same except for the skins. Some things my users and I want aren't in the standard distro. I don't have any data to show 'most' boards are hacked, but I'm betting most have at least one or two.Marc, we do very clearly post what files have been changed since the last version in the announcments :)

I am currently using 3.0.5

If I run the 307 patch, am I covered?

or

Do I have to go from 305 to 306 then patch it to 307????

Hello,

Good job about the patches. I've a few hacks installed and the 3.03 board is mostly running ok. Great to see that all fixes 3.04, 305, 3.06 3.07 also came with those one file fixes. I've applied only those corefixes and only lost two simple hacks, which were put back within 60 seconds.

I think Jelsoft couldn't have provided a better range of options to please a wide audience.

Security through obscurity? No, thanks!

Seriously, an admin who has time to take out version info, certainly can, and should, be bothered to do the proper 2-minute upgrade process instead.

- Mark

System Administrator Asarian-host.org

---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx


Who said that? There is no reason a version number needs to be displayed other than for someone adminring your forums wondering what version of VB it is.
I never said so we didn't need to upgrade.

Go on vacation for week, the wek there's a patch come out and you're not there to get to it. Others are there though, and know what version you are running.

*Installs Patch*

Don't forget there is a long list of improvements / fixes in this release too!


Here's a crazy idea: vBulletin provides a "Hack Installer" to the hacking community. This allows hack authors to pick out specific vB files, the lines of code that need to be replaced and the new hacked code to replace it.

The installer creates a xyzHack_Install_3.07.php as a result, then installing a hack is as easy as running all the hack installers for your new versions. It is just up to the author of the hack to release a new version of the install for the new version of vB. :cool:

Crazy?

r

I got this error, I know the table prefix is not empty but which files should I modify to do an upgrade to 3.0.7 from 3.0.6?


$tableprefix is not empty!

Within config.php $tableprefix must be empty for the upgrade to proceed.

Reminder: This is a discussion thread. If you have a specific problem, please start a new thread in the approppriate forum. Thanks.

I am currently using 3.0.5

If I run the 307 patch, am I covered?

or

Do I have to go from 305 to 306 then patch it to 307????

::: Waiting Patiently :::

::: Waiting Patiently :::
You would need to apply both the 3.0.6 patches AND the 3.0.7 patch.

Or, just run the full upgrade to 3.0.7, this will cover everything.

I just upgraded to 3.0.6 a few weeks ago and I really don't want to have to do yet another upgrade because I've made a lot of midifications to the forum.

Can you please post the actual code changes made to misc.php and the other bugs that you fixed since 3.0.6 in the Bug Tracker so I can manually update the files. Some of the bug threads have the fixes, but some merely say it's fixed but doesn't include the code changes for the fix.

I know you don't support hacked forums, but as a courtesy to your customers who may not even have hacks, but have a forum running smoothly and don't wish to chance something going wrong if they do an upgrade... it would be a nice service to provide the code.

Thanks,

-eBlivion

Thanks VB Team for the security heads up. Id rather patch/upgrade then have a forum that gets hacked. The more times you upgrade, the better and quicker you get at it.

You would need to apply both the 3.0.6 patches AND the 3.0.7 patch.

Or, just run the full upgrade to 3.0.7, this will cover everything.

Ok, I dl'ed the patch for 307.
I did NOT see the UPGRADE, where is that? If upgrading once will take me from 05 to 07, that is for me. :D

Why do users in posts 166 and 172 show 0 for post count?

Why do users in posts 166 and 172 show 0 for post count?

In this area, posts are NOT counted & applied to the posts counts.

Ok, I dl'ed the patch for 307.
I did NOT see the UPGRADE, where is that? If upgrading once will take me from 05 to 07, that is for me. :D
To upgrade you need to download the latest version from the members area. There are upgrade instructions linked in the announcement.

The upgrade will take you first to 3.0.6 then to 3.0.7 in one easy sweep.

we finally upgraded our forums to 3.0.7 and reinstalled all the hacks (around 10 hacks) .. with no problems ..

:)

To upgrade you need to download the latest version from the members area. there are upgrade instructions linked in the announcement.

The upgrade will take you first to 3.0.6 then to 3.0.7 in one easy sweep.

I am on 3.0.5 currently

I am on 3.0.5 currently
Yes, I know, hence my post above. You either need the security patches for 3.0.6 and 3.0.7 or you need to upgrade which will take you through 3.0.6 and then to 3.0.7.

To upgrade you need to download the latest version from the members area. There are upgrade instructions linked in the announcement.

The upgrade will take you first to 3.0.6 then to 3.0.7 in one easy sweep.

To be fair, I think that's the problem: the announcements never give a link to the Upgrade part of the member area, just to the patch files and the upgrade instructions.

It'd be nice if the link to the member area was in the announcement as well.

In this area, posts are NOT counted & applied to the posts counts.

Interesting!


Upgrade went well!

I have upgrade my forum from 3.0.1 to 3.0.7. I am so happy.
It was pretty hard cos i have lot's of modified files. I had to re-aply the chances. But it seems everything works ok :)

Thanks for the upgrade guys. I have been waiting to upgrade from 3.0.1 for a while (I know, it's stupid) and was going to attempt 3.0.6 today, then got the email notifying me that 3.0.7 was out, so I went ahead and did it.

Everything went well, it was easier than I thought. I don't understand what everyone is complaining about.

One thing happened though, my vB Arcade isn't working, if anyone knows what's up please let me know.

http://www.elantraxd.com/forums/arcade.php

That's the error, when I look at line 2997, it's the same as it was when I did the backup, infact, the whole section is the same...

thats pathetic when you say "we don't control this" then who? is it the people that volunteer their time to find these flaws that vbulletin failed to code correctly from the beginning?

hell, for all i know, if it was coded correctly we wouldn't need to be upgrading every week with all these security issues.. so, i believe vbulletin does control this.. thanks god we have these people that find these flaws, otherwise vbulletin would be nothing but a mine waiting to explode if it wasn't for them...

sure there are mistakes in coding, but this many? since vb3 came out 99.9% of all the updates are security issues... i want to get features when i upgrade.. not hassles..


Sebe - I agree ---- thats ignorant for you to say. Jelsoft has no control what others devise to hack software. If the internet wasnt a hackers paradise there wouldnt be any viruses. Jelsoft doesnt create the hassles, hackers do. Jelsoft does what its suppose to do, try tro respond to any vulnerabilities ASAP and protect our sites.

Maybe you want to go ask the folks at PHPBB about how secure their software is.

i have had enough with so many updates i wish you guys just sort it out i am sure if you keep this up the way its going you will loose many customers.
it takes ages to update if you have mdified board.
only thik i can think of is not to install mods no more.

please please sort it out i dont have time for updates every few days.
thanks

please please sort it out i dont have time for updates every few days.

Every few days? If you look at the release of the last update, 3.0.6, it's been a MONTH between updates. That's hardly an inconvenient 'every few days.'

True, back in Janurary, they had to release a couple of security updates within a couple weeks, but do YOU complain about needing to upgrade your windows box ever month for Microsoft security fixes? (Security fixes, I might add, that take them months to fix from the time it was known? Jelsoft fixes new security problems immediately.)

Jelsoft could possibly be slightly more accomodating for hacked boards, true, but I definately don't fault them for that. It's difficult just supporting unmodified software, I know! The fact that they provide quick patches for security flaws is a credit to their great support. But customers could be a whole lot less whiney if they would simply think for themselves: there are plenty of ways to make upgrades, even with hacks, mostly painless. Loggging changes so that you can reapply them easily on an upgrade. Diff utilities (of which there are plenty!)

Jelsoft SHOULDN'T have to support hacked versions of their software. By modifying their code, you should be nullify your support then and there. Don't expect a company to save you from your own stupidity of making upgrades difficult. :P

I recommend reading Freddie's post here:

http://www.vbulletin.com/forum/showpost.php?p=819924&postcount=121

If someone visits your forum and sees you are running 3.0.0 and they know how to exploit one of the numerous security holes in that version then all it would take is them to use that exploit.

Wrong, you can just install the patches without having to upgrade to the different versions, although it is recommended that you do so,

i have had enough with so many updates i wish you guys just sort it out i am sure if you keep this up the way its going you will loose many customers.
it takes ages to update if you have mdified board.
only thik i can think of is not to install mods no more.

please please sort it out i dont have time for updates every few days.
thanks

Just patch your installation and stop whining, Jelsoft are not going to loose customers because they like to plug security holes and release new versions as soon as they are discovered.

You guys who complain every single time a new version comes out should come up with some routine to make it easier for you to re-install your hacks, instead of complaining. More and more people on here spend too much time complaining that could be spent upgrading your forums.

Use a file comparison utility like most people on here do and just get on with it. :mad:

i have had enough with so many updates i wish you guys just sort it out i am sure if you keep this up the way its going you will loose many customers.
it takes ages to update if you have mdified board.
only thik i can think of is not to install mods no more.

please please sort it out i dont have time for updates every few days.
thanks

dude u act like these have all been bug fixes, they are security patches, (holes) , the simple fact is, someone will always find a new way to exploit something, so a new security fix will always be needed, thats how it is in life


if u have a hacked forum and dont want to loose the hacks, use the patches, otherwise it takes about 5 mins to upgrade the forum, (upload, type in url, click 5 steps, delete install file, done)

how is that so difficult?

Say that is true.

Lets say all the changes merely bug fixes.

SO WHAT

At least they stay on top of things. :rolleyes:

I mean I wish my Operating System Tech's were as worried about these issues. Security, reliability, & customer satisfaction.
I spent more for my WinXP Pro than I did for vB.

for the record, i have 4-years experience coding in php. i never said it was easy making an application secure.. though, its not impossible and not that hard either.




The ignorance of an alleged coder who has never had his apps be the deliberate and constant target of skilled hackers.




Yeah i know, But why not do complete check of secuirty holes, Test it then release just one version instead of 3 or 4? :)




Because most of the time, there is no such thing as a "complete check of security holes".

You're asking for a fairy tale.




thats pathetic when you say "we don't control this" then who? is it the people that volunteer their time to find these flaws that vbulletin failed to code correctly from the beginning?

hell, for all i know, if it was coded correctly we wouldn't need to be upgrading every week with all these security issues.. so, i believe vbulletin does control this.. thanks god we have these people that find these flaws, otherwise vbulletin would be nothing but a mine waiting to explode if it wasn't for them...

sure there are mistakes in coding, but this many? since vb3 came out 99.9% of all the updates are security issues... i want to get features when i upgrade.. not hassles..




Sebe, it's fairly clear that you don't have a clue what you're talking about.

Security fixes are not necessarily a matter of shoddy coding. It can be, but most of the time, it's because others are spending their considerable time and intellect to find out how to bypass the current security measures.

In other words, it's a game of chess. Each side will continue to make progress, alternating from one to the other. But unlike chess, there isn't necessarily a final outcome.


Please learn what you're talking about before you make such ignorant comments again.




I've been on the net all day sorting my forum. only to have to do it all again !
Can you please give me a clue when 3.0.8 will be out ?




How can they give you a clue as to when the next security hole will be discovered?

If you'll notice, they're not making the majority of these releases for regular bugs. They're doing it for the security fixes. You can't guess when a new hole will be found to any degree of accuracy.




my God, i have waited for a lone time to make sure vB wont release a new version any more caus in Jan they have released 3 versions and just yesterday i decided to upgrade my vB 303 to 306 and today i receive this new vB 307 hehhee i think i should wait until and of this year to upgrade to vB4.x hehehe . thanks to God i must only replace the misc.php :) Gott sei Dank!




Bugs and security fixes are an ongoing process of software development. It's just the way it is.
If you want to wait until there won't be any more updates, than you'll be looking at one of two scenarios:


1. You'll be waiting until you die. In your next life, you'll keep waiting. Rinse and repeat. :)

2. Jelsoft will go out of business and vB will no longer be developed.


Those are the only two scenarios that will yield you a cessation of updates. So, my recommendation to you is that you simply update and enjoy! :)




i have had enough with so many updates i wish you guys just sort it out i am sure if you keep this up the way its going you will loose many customers.




The only customers Jelsoft will lose are the stupid ones.

These releases are not primarily for bugs, but security fixes. And those security holes are not there due to shoddy coding - the exploits in question are found by very intelligent and dedicated hackers. (And, frankly, the good ones are doing us a favor)

So what's Jelsoft doing? They're responding very quickly to any serious and legitimate security exploits that are discovered.


So what customers are Jelsoft at risk of losing? The ones who are too stupid to realize that all these updates are coming out because Jelsoft is acting responsibly.

And those customers are going to move to who? To another company who comes out with significantly fewer releases. Which means what? That they're more secure? No. It means that they're not good enough or responsible enough to put out those security fixes.


So, if you want to move to a company who is less responsible and significantly more insecure - you go right ahead. But make no mistake about it - that's your loss. No one else's.

The only customers Jelsoft will lose are the stupid ones.

These releases are not primarily for bugs, but security fixes. And those security holes are not there due to shoddy coding - the exploits in question are found by very intelligent and dedicated hackers. (And, frankly, the good ones are doing us a favor)

So what's Jelsoft doing? They're responding very quickly to any serious and legitimate security exploits that are discovered.


So what customers are Jelsoft at risk of losing? The ones who are too stupid to realize that all these updates are coming out because Jelsoft is acting responsibly.

And those customers are going to move to who? To another company who comes out with significantly fewer releases. Which means what? That they're more secure? No. It means that they're not good enough or responsible enough to put out those security fixes.


So, if you want to move to a company who is less responsible and significantly more insecure - you go right ahead. But make no mistake about it - that's your loss. No one else's.


I read All your commant and this one is the bad commant i read it from u ..

First i need to ask u .. do u have a community ? even if u have i think it is small Community .. The people is Sick From VB Released every week is the user that have a larg Community with over then 20000 Members and 200000 Post.. and who have Modded The board and modify it..

I by my self i was use phpBB and becz i'am so sick from every time they Relesed a new v.. i have move to vb this was one of the Reson ..

Also i'am Study and work at the same time.. i have no time to sti and upgrade or add the mod all over again .. poeple who have a full time and 24 hour they do not have any problem with this.. but poeple like me.. i dont think .. they are going to be sick ..

Just 2 day ago .. i have done to add all my hack and mod and theyjust released a new v.

i will show u some commant from my member .. this is only for today



Yo, bro!
Bad surprise this morning, the site looks like **** and your name has gone !!!!
What the hell is goin' on here?
Had to close many threads in music forum and warn the poster...
I'm sick and the site today makes me even more...
Talk about upgrade... this is DOWNgrade to me...
no code seeing, no more shoutbox, mainpage title "not found", having to register each-time... and the music forums had its cleanup undone! GRrrr...
Well, i go back to bed!
PM me when u got GOOD news! hehe! Or email, your PM's full again!?
C-ya!
Can't even email to you! reason of this thread...

i show u only one commants .. there is 100 commants by members same this and more so how do u feel when your mod or members posting this ..

Anywa your last commant is not good i can't really reply to you with the good reply becz my english is not that good. so i hope u think by your last commant

It's Truth am getting sick from this.. adding mod and removeing move.. i have Move from phpBB Becz of this Reson .. they keep Relesed every manth .. but i can't Imagine that VB in this manth have Released 4 v.. from 30.3 to 3.0.4 to 3.0.5 to 3.0.6 to 3.0.7

anyway thankyou and i knwo we should upgrade as soon as we can we have no Choise and i'am not thinking to leave vb becz i like this projact.. but it make me really sick when i have to Re Add all my hack and mod..

Thankyou

So just patch it and don't upgrade. Quick and easy.

I read All your commant and this one is the bad commant i read it from u ..

First i need to ask u .. do u have a community ? even if u have i think it is small Community .. The people is Sick From VB Released every week is the user that have a larg Community with over then 20000 Members and 200000 Post.. and who have Modded The board and modify it..

I by my self i was use phpBB and becz i'am so sick from every time they Relesed a new v.. i have move to vb this was one of the Reson ..




The security holes in question are NOT vB's fault. That means that there's nothing vB can really do about it except to deal with it once an exploit is found.

The alternative is to leave the security flaw in place - which puts YOU at risk.


So, you have absolutely no grounds to complain about Jelsoft's actions. They are responding to newly discovered exploits.

If you don't like it, you're not truly understanding what's going on, because the alternative is to get hacked.

Another smoothe upgrade .. installed without problems, many thanks Guys :cool:

The security holes in question are NOT vB's fault. That means that there's nothing vB can really do about it except to deal with it once an exploit is found.

The alternative is to leave the security flaw in place - which puts YOU at risk.


So, you have absolutely no grounds to complain about Jelsoft's actions. They are responding to newly discovered exploits.

If you don't like it, you're not truly understanding what's going on, because the alternative is to get hacked.

i know this .already but i only commant When u say ..People Who is going to Leave Vb is Stupid and what company they are going to Move no bady is going to lose but As.

Well i just say this is wrong commant to tell the vb Community it is not realy good..
and yes if one of the Larg community here.. have moved to anther Company and they annouse it that they are no longer with vb's so how do think for the newbie. and they are going to make the internet full of commants about vb is not source and this and that.. yes vb is going to lose alot of customers .. this happen to me .. when i move from phpBB over then 20 of my member leave phpBB this is what iknow maybe there is more.. and i get in my board a bad commant about phpBB

I have no problems to upgrade my board in any time.. but as i said the only think is .. becz i'am study and work at the same time.. i have no time for upgrade or adding mod.. know my member is really upset becz there is no addon and all mod i have install is gone..

Thankyou very much :)

When I login to my admin panel acn see that there is a new version I get pissed off usually but I dont make this a big problem. I have a heavily modified board but upgrading takes only 30-35 minutes (even with a slow internet connection) .
In vbulletin.org there is a tutorial for how to upgrade your hacked board less then 30 minutes. If you follow that tutorial upgrading is no porblem. Check the thread (http://www.vbulletin.org/forum/showthread.php?t=38545) and you will see how easy upgrade is.

Also I am not angry about new updates cause I know Jellsoft is releasing the new versions if there is a serious security hack. In any kind of computer program there can be security holes discovered and in all of them you have to upgrade your software. Yes maybe upgrading your board and your computer software is totally different but you are running a comminity board so you have to work more than your users.

What I beleive is people who scream and complain about upgrades can leave their boards in the hands of hackers and continue without upgrading.

Personally I am very happy about vbulletin and feel my board safer after I upgrade.

My god, quit your bitching people. You won't find another board as secure vBulletin. Quit installing hacks if you have a problem with it. I for one appreciate the update, even though I have hacks installed. vBulletin is the biggest name out there for forums....of course people are going to try and get in one way or another. You sound like a bunch of grade schoolers who got their lunch stolen away from them. If you knew anything about computers or technology, you know this is going to happen. Just be thankful you paid for a product who supports YOU! Are you going to keep beating the same dead horse with the same stick?

Is this update absolutly necessary?? or can I just skip it.

I don't mind upgrading and redoing all my hacks, that's not a problem at all. but If i can avoid it, then cool, I'll wait till something comes up later that has some new features.

I haven't had any of the problems that are listed with the fixed bugs, which i find odd. But i guess everyone is different.

Thanks to the vBull staff for fixing things up as soon as they see them. :)


My god, quit your bitching people. You won't find another board as secure vBulletin. Quit installing hacks if you have a problem with it. I for one appreciate the update, even though I have hacks installed. vBulletin is the biggest name out there for forums....of course people are going to try and get in one way or another. You sound like a bunch of grade schoolers who got their lunch stolen away from them. If you knew anything about computers or technology, you know this is going to happen. Just be thankful you paid for a product who supports YOU! Are you going to keep beating the same dead horse with the same stick?

I understand yours and everyone elses frustrations when it comes to the complaints, but they have a right to voice their opinions and complaints. So telling them to stop isn't going to help. And this will of course maybe make the dev's find different ways of releasing updates in the future that may help people with hacked boards have a smoother updating process.

No I'm not saying don't complain about the people who are complaining.

See complaints can be useful.. and then some can just be for the sake of complaining. it all comes down to how they're complaining.

Remember people. they paid for the software, let them complain, and get over it. Because in the end it doesn't change the fact that there is an update.

If this is going to be a personal attack on eachother I will just close the thread.

Please respect our forum rules and have a constructive discussion here. Feedback is welcome and everybody can have their oppinion.

I apologize, no personal attack intended, I was merely defending vBulletin because i appreciate the updates, and do not want to see them stop coming out when necessary. It just really bugs me when every time you release an update, everyone complains about there being an update. I'm finished, and will stay out of it....not sure why I chose this time to defend, my apologies.

Seriously, anyone who wants to complain about upgrading - then don't upgrade. There is a single file patch which fixes the exploit. Get over it.

I find it funny how people moan about upgrades.

Other forum softwares are vulnerable too, the difference is that vB staff patches the god damn exploits before they spread around the globe and everyone and their mother know how to exploit your forum.

You should be thankful no one has hacked you. I know I am, because I was once, and its no walk in the park I tell ya.

I normally keep well away from these discussions.. but

I've spent the last year keeping a VB hack alive and going, and have been very impressed by these points
- The general robustness of the main VB code
- The enormous and growing proportion of my hack that is now devoted to simple error checks, to try to make sure that malicious users don't deliberately break things and normal users can't accidentially break things.

I set as a deliberate design goal to keep the code I wrote as separate as possible (i.e. no changes to the main VB code), so that people did not need to reinstall my hack whenever there was a VB upgrade. I know it's not always possible, but it's a good design goal to aim for.

Finally, looking at the fix that the VB team have provided in the new misc.php, it seems clearly aimed at preventing a possibly deliberate, malicious act. It's hard to anticipate all the things that people will get up to. I applaud you.

already upgrade to 3.07

www.aroclubindonesia.com/forum/index.php (http://www.aroclubindonesia.com/forum/index.php)

probably a dumb question
I used the 3.0.7 patch this was only the misc.php file to upload, that wasnt a big deal :D

but my vB still says its version 3.0.6, so now I start thinking this patch just closed the security hole, but I still got the 3.0.6 version with those little bugs, am I wrong with that ?

I really hate to upgrade because like many, I have tons of mods. Luckily, I got rid of that ugly UTT store hack (phpbb's store hack is 10x cooler) the last time I moved to a different server. But hey, vbulletin is the best board there is and sets the standard for the rest, even to non-forum scripts like photopost or coppermine etc... Thanks! Don't attack me now, I'm just being honest. :D btw, for those who dig updating, I'm looking for volunteers to update my vb for me including the hacks. Thanks!

I used the 3.0.7 patch this was only the misc.php file to upload, that wasnt a big deal :D

but my vB still says its version 3.0.6, so now I start thinking this patch just closed the security hole, but I still got the 3.0.6 version with those little bugs, am I wrong with that ?

No: you're spot on. Only the security issue is addressed with the patch, not the other bugs.

Upgraded in less than 5 mins (with hacks), thanks to
- You letting us know exactly which templates were modified and in what way
- Letting us know exactly which files were modified
- Beyond Compare.

People would be able to upgrade alot faster if they actually got on with it, rather than bitching about it.

Is it annoying to have to upgrade your software, redo your "unsupported" hacks and run uploads? Yes, of course it is, it takes time which could be better spent on many things that would help grow out your site. Of course if your vb files aren't modified an upgrade takes all of 5 minutes (I run 4 forums, 1 with a lot of hacks, 3 with none). More importantly, if the upgrade didn't come out you could be looking at loosing your entire forum which is certainly more than 15 minutes or even 4 hours of work (and be honest now, how many of you really have a backup from the last few hours to restore should you loose your data?).

The bottom line is upgrades are a part of the software process. I've had the pleasure of working as technical support for a web software company in the past which means doing hundreds and thousands of installs and let me tell you, getting upgrades in a timely and efficient is not common in this business. Obviously vB's code could have been made without the bug but that means spending months testing every single aspect of every single script and even then there would still be issues.

If you are upset with the upgrades and patches, hey, that's ok... there is nothing wrong with not liking upgrading! However, take a second to put yourself in the hot seat for a minute. As a forum administrator you probably receive a fair number of support inquiries from members. Sometimes the problems are simple (forgot a password, don't know how to do this or that) but every now and then an issue pops up that you simply can't duplicate. Even after trying to follow what your user did the error just doesn't appear for you but clearly it did for them. This is of course because of the different methods in which you use a site. Things that seem simple to us may be complex to a user because they don't spend hours and hours playing with the site or touching the code. The way you close a post may not be the way your moderator does and even if it is only one click different, one stroke of the enter key, it makes a big impact on the backend. Most bugs and security issues aren't oversights or mistakes so much as they are the result of looking at a program (both the code and the user interface) from a certain perspective. Other people from a different perspective (like us or our users) may see things differently and thus discover a problem but that isn't bad, that's how it works.

From where I sit vbulletin does a lot more to help us through these upgrades then they have to or certainly more than I would have expected. Each update provides you with information on how to apply a patch without doing anything major (like what single file to upload). Each upgrade lists the files that have been changed so you can avoid changing everything all over. Each upgrade lists the importance of changes and the exact bug fixes leaving you to decide -- do I want to bother with a full upgrade, do I want to redo my hacks or, do I just want to get the additional security by doing the minimum which has been explained to me already. This gives you choice and choice is not something you commonly see in this industry.

Does that mean an upgrade should come out every 24 hours? Certainly not. There is a line between a reasonable number of bugs/security issues that are simply hard to spot and a bad program. Again, from this seat, from the perspective of a ubb installer, a former technical support person for a web software company, an admin of 4 forums including one at around 1M posts, vb has not crossed that line. If you disagree that is your right and your power lies in your wallet. You choose what you buy so if you feel this isn't right for you, if you feel there is something better then by all means, use that. Anyone who sticks with product X while preferring product Y obviously isn't thinking from a business perspective. If however you are simply frustrated with upgrading and reapplying addons then take a second to breathe, look at your options and take pride in how good you have it. It's ok to dislike the process but it's also easy to forget that vbulletin is giving us choice and it isn't their fault if you choose to take the complicated path. At the end of the day I choose to keep my sites secure, I thank vbulletin for releasing patches immediately and 9 out of 10 times I apply the entire upgrade the same day but sometimes that doesn't fit my schedule and the patch is all I get to, thankfully I have that option.

And that concludes my personal insight into the issue, please feel free to ignore this post and continue bickering if that makes you feel better (although I’d listen to the moderators about the limits less this post end up ceasing to exist). You always have a choice, if you don’t like the option, act on it, don’t just talk about it.

OK, I haven't upgraded myself before - have always had a coder do it for me but I want to have a go myself now.

I read in the Upgrade section of the instructions included with the zip that I should:

Upload all files from the 'upload' folder in the zip, with the exception of install/install.php and includes/config.php.new

... does this mean I actually upload all the upload folder (except the files mentioned) to the directory my forum is in (in my case /vb), over the top of the current files...?

which there are plenty!)

Jelsoft SHOULDN'T have to support hacked versions of their software. By modifying their code, you should be nullify your support then and there. Don't expect a company to save you from your own stupidity of making upgrades difficult. :P

what are you talking about.
i didnt know installing hacks in according to your needs is bad.

what are you talking about.
i didnt know installing hacks in according to your needs is bad.

Installing your own modifications is great but it also isn't the norm. Pick up the phone and call Microsoft or Eudora and ask them if you can modify their email clients, they aren't going to say yes. vbulletin gives us this choice but the cost is that upgrading is harder and they can't feasibly support problems that may emerge. That makes sense and seems reasonable -- I make the choice, I get the benefits, I take the risk, we pay cost in time and effort.

i know this .already but i only commant When u say ..People Who is going to Leave Vb is Stupid and what company they are going to Move no bady is going to lose but As.

Well i just say this is wrong commant to tell the vb Community it is not realy good..




I wasn't making that as a general comment. I was specifically referring to the circumstances as stated by Spinzone.

He made a particularly unintelligent comment to the effect that if vB continued to act quickly and responsibly to security threats, they would lose customers.

I replied that the only people who would leave for those reasons would be stupid ones.


The logic is reasonably self-evident, and I stand by my response as a result.

OK, I haven't upgraded myself before - have always had a coder do it for me but I want to have a go myself now.

I read in the Upgrade section of the instructions included with the zip that I should:

Upload all files from the 'upload' folder in the zip, with the exception of install/install.php and includes/config.php.new

... does this mean I actually upload all the upload folder (except the files mentioned) to the directory my forum is in (in my case /vb), over the top of the current files...?




TheMusicMan, this question would probably have been better served in the Installation & Upgrades sub, but nevertheless...

When you're doing that portion of the upgrade, you have two choices as to how to go about it:


1. Overwrite the existing files by uploading the contents of the Uploads folder directly into the root of your vB file structure.

2. Completely empty your vB file structure, and then upload the contents of the Uploads folder into your newly empty directory.


Personally, I prefer the latter option every time. It's cleaner, with fewer chances of mistakes or problems. However, if you do it that way, it does take a little more work, as you have to reconfigure your config.php file, and you have to re-copy over any files that have been added to the initial install (hack addons, custom avatars, images, etc...).

But ultimately, the choice is up to you. Just remember to always do a FULL backup first! (both the database AND the file structure)

1. Overwrite the existing files by uploading the contents of the Uploads folder directly into the root of your vB file structure.
I think that is the safest way. That way you don't forget to save your config file. I also delete favicon.ico from my upload. But if you have hacks and mods they are going to have to be reapplied.

Since I have two sites with similar mods, I edit one and duplicate the edited files. Then I edit the license numer to reflect my other site and apply whatever additional hacks I need. Then upload it all at once.

Upgrading 2 sites doesn't take that long. I spend most of the time editing one, then the 2nd takes maybe 15 minutes more to add a few edits.

While I don't like upgrading it is a way of life. I'd rather upgrade then face a hacked board. It also forces me to keep a clear change log to make upgrades easier.

I apologize, no personal attack intended, I was merely defending vBulletin because i appreciate the updates, and do not want to see them stop coming out when necessary. It just really bugs me when every time you release an update, everyone complains about there being an update. I'm finished, and will stay out of it....not sure why I chose this time to defend, my apologies.
You know it is going to happen again with 3.0.8.:D
I have just come to accept that people will be moaning.
Let them vent. It probably gets more of us more agitated by replying.:rolleyes:
If you look at the number of posts that people gripe are a very small number. So looking it in that perspective it really isn't so bad. Eventually they will either accept it or not upgrade and then there will be new license owners and the moaning starts again.

Lastly, is there a way, after doing all the above, to change my board to think that it's a 3.0.7 install so that I don't have the prompt @ the top of the admincp?

was this answered and I missed it? I have the same question.

Is this update absolutly necessary?? or can I just skip it.



Why don't you read the announcement that has the list of bugs fixed and the security fixes and decide for yourself? You aren't required to upgrade at all.

It's not that hard people... you either upgrade and you fix the security holes and bugs found or you patch and you just fix the security hole and leave the bugs in the code.

or you don't upgrade at all and you get none of the above :rolleyes:

was this answered and I missed it? I have the same question.
No upgrade and you do not see it. Simple as that. It is put there to keep you updated on releases so you are not vulnerable

wow installed and automaticallay get rid of all custom hacks.
I thought it was bad now i tahnk to vbulletin.
Used to have so many garbage hacks now will install only what i need,
Bu t i am sure the 3.1 is coming soon or 4.0

Thank You VBull

Gah I cant be bothered for yet another security upgrade. I will patch and wait for a version with new features to come out so its actualy worth the time it takes to upgrade and fix all my hacks.

I for one appreciate the updates and patches. The last upgrade barely took me 5 minutes - but I don't have any extensive hacks - just a few style/template modifications and 1 hack that requires a file edit.

I uploaded the patch and will probably run the upgrade later.

Upgraded in less than 5 mins (with hacks), thanks to
- You letting us know exactly which templates were modified and in what way
- Letting us know exactly which files were modified
- Beyond Compare.

People would be able to upgrade alot faster if they actually got on with it, rather than bitching about it.
Exactly. :) Took me 15-20 minutes using Araxis Merge. :)

Thank you fellas for another quick and easy peasy upgrade! :)

I just went from 3.03 to 3.07 in about 10 minutes or less. As usuall, the only things I didn't upload were images and cpstyles. (I did upload the new manual though).

This made my one teeny hack which displays post and threads since last visit very easy to re-apply.

*Bows low* You folks rock!

there is one thing I always wanted to ask, If I got custom templates, mods and hacks installed, I guess I am pretty doomed with a vB update, it have to be redone everything ???

there is one thing I always wanted to ask, If I got custom templates, mods and hacks installed, I guess I am pretty doomed with a vB update, it have to be redone everything ???

http://www.vbulletin.com/forum/showthread.php?t=124989

This issue was analysed by the PHP Security Team and unlike previous statements within this thread (from vBulletin Team members) this turned out to be expected behaviour and is not a security bug within PHP.

This language feature is actually documented within the paragraph

Complex (curly) syntax

within the PHP manual at:
http://uk.php.net/manual/en/language.types.string.php

In short this paragraph says that any complex expression (this includes of course functions calls etc...) is possible

This issue was analysed by the PHP Security Team and unlike previous statements within this thread (from vBulletin Team members) this turned out to be expected behaviour and is not a security bug within PHP.

This language feature is actually documented within the paragraph

Complex (curly) syntax

within the PHP manual at:
http://uk.php.net/manual/en/language.types.string.php

In short this paragraph says that any complex expression (this includes of course functions calls etc...) is possible
I would argue that terse documentation about what a complex expression entails could lead one to the conclusion of unexpected behaviour. At any rate, we fixed the issue with this release and we never rely on the PHP team to agree with us.

:cool: :( :confused: :mad: :rolleyes: :eek: :p :o :D :)

Even though it helps sometimes to vent your frustration in this thread :) there are some important points to read sometimes too. Maybe you could have two threads for all releases. A "complain about another upgrade" thread and a release discussion thread.

I've seen some pretty neat hacks over at vbulletin.org and I'm afraid to install any of them. I originally installed 3.0.3 and now it's at .7. I agree this is frustrating, but I also understand that the security issues need to come first, but can't you guys make this easier.

For comparison, I had Windows 2000 installed on my PC, I installed Windows XP. I also accept all of the security updates that come with XP, and they seem weekly (too). In all of these updates I have never needed to reinstall Word. Isn't this somewhat analogous?

As of now, I only have one template installed and even with that I don't feel too comfortable.

Not complaining (I hope) I really love this forum, just wondering if the future releases will be easier to update.


there is one thing I always wanted to ask, If I got custom templates, mods and hacks installed, I guess I am pretty doomed with a vB update, it have to be redone everything ???

There actually is a good example dilbert.
The quickreply used to be a hack. When vB incorporated it, it is
updated along with the rest of the forum, if need be.

The other hacks, are like some programs. I know some that worked fine on
windows 98, but didn't work on 2000 or xp. :shrug:

For comparison, I had Windows 2000 installed on my PC, I installed Windows XP. I also accept all of the security updates that come with XP, and they seem weekly (too). In all of these updates I have never needed to reinstall Word. Isn't this somewhat analogous?

No it isn't... When you update vBulletin it doesn't affect your installation of Mambo CMS or Miva Shopping Cart. That is similar to your analogy.

When you apply a hack, addon or modification from vBulletin.org you are rewriting vBulletin in such a way that it is not the same program. When you upgrade, it reverts to the standard vBulletin. A correct analogy would be upgrading Windows 2000 to Windows XP. If you made major changes to the 2000 installation, overwrote DLLs and changed major portions of functionality with your own coding, they would all be overwritten and no longer function after the upgrade. Depending on your version of Microsoft Word, it may also need upgrading to work properly on the new OS.

Thanks, I stand humbly corrected. I just wish it were easier to install hacks. I doubt I'll even install any. :o
No it isn't... When you update vBulletin it doesn't affect your installation of Mambo CMS or Miva Shopping Cart. That is similar to your analogy.

When you apply a hack, addon or modification from vBulletin.org you are rewriting vBulletin in such a way that it is not the same program. When you upgrade, it reverts to the standard vBulletin. A correct analogy would be upgrading Windows 2000 to Windows XP. If you made major changes to the 2000 installation, overwrote DLLs and changed major portions of functionality with your own coding, they would all be overwritten and no longer function after the upgrade. Depending on your version of Microsoft Word, it may also need upgrading to work properly on the new OS.

Thanks, I stand humbly corrected. I just wish it were easier to install hacks. I doubt I'll even install any. :o

I got the impression somewhere that VB3.1 (?) is being designed to be a bit more extensible so that it will be easier to keep hacks separate from the VB code. However, this is just guesswork - feel free to ignore / agree / correct / flame as appropriate! :D