This thread is for discussing the release of vBulletin 3.5.3.

Please use this thread to talk about things you like or installation experiences etc., but please do not use this thread to post troubleshooting queries or bug reports. These threads tend to grow very large and bug reports etc. tend to become lost and will not get attention from the support or development teams.

For troubleshooting and bug reporting, please use either the vBulletin 3.5 Bug Tracker (http://www.vbulletin.com/forum/bugs35.php?) for reporting and tracking bugs, or the vBulletin 3.5.0 forums (http://www.vbulletin.com/forum/forumdisplay.php?f=100) for general queries and troubleshooting.

You mean 3.5.3?

You mean 3.5.3?

*whistles* :cool:

nice glad you guys are so quick of fixing security issues

your quick reply is not working guys in this forum :confused:

OMG!!! I was wishing today that you release an update today!! I'm very busy for the next 2 weeks and I was afraid if you guys would release one later :D

YOU ROCK.

The quick reply works fine for me, oh well, i guess i have to dive into the documentation manual once again wish me look. Thanks for the upgrade though, always nice to get rid of any validation issues, and/or security vulnerabilities.

Thats cool that you can use a plug-in to fix it.... Makes me all giddy to upgrade my member account in January. :cool:

Should using the plugin update the version number?

Nothing updates the verison number short of upgrading.

Thanks for the recent update, Jelsoft! :)

The plug is was fast a painless. Thanks Everyone.

I guess I am stuck with the
There is a newer version of vBulletin available to download

message untill I do a full upgrade. Correct?

Yes

Just one question. For the template change for "memberlist_search", do we have to revert the template first and then apply the change?

Just one question. For the template change for "memberlist_search", do we have to revert the template first and then apply the change?
If you reverted the template (after the upgrade), you've effectively applied the change.

nice glad you guys are so quick of fixing security issues

your quick reply is not working guys in this forum :confused:

Yes it is you have to click the quick reply icon before typing in the box.

I had a feeling a 3.5.3 release was coming soon :)

Thanks for the upgrade/fix, Jelsoft ;)

I will be upgrading my forums soon, until that point I will temporary use the plugin to fix the hole, so easy!

upgraded using the upgrade.php and was seamless - will be testing on our boards when they open back up soon; THANKS!

i have few what i think are simple questions as im still so very new to vbulletin ..

when a security release fix like this comes about... why is it that so many other files are overwritten and so many changes are made?

Or do i have the whole idea wrong? and just 'core' files are replaced?

What should i be doing BEFORE the upgrade to 3.5.3 that will give me my environment back AFTER the upgrade?

I understand the file edits on those that were changed *.php files, but is this usually all that is necessary?

Is there also a great place to start and get a better idea of the templates and reverting and making edits after or before upgrades? (sorry if this is too off-topic) .. just would like to be current and at the same time learn along the way..

since we all are so busy these days..

thanks in advance..

Lenny :)

Thanks Kier

Thanks to the plugin-system updating is super easy :)

Iam uploading the new files right now, that's really the hardest thing :p:D

Upgraded from 3.5.2 to 3.5.3 - no problems !

Thanks a lot.

upgrade took me less than 15minutes 3.5.2-->3.5.3 everything looks fine for now


-back to the testing

i have few what i think are simple questions as im still so very new to vbulletin ..

when a security release fix like this comes about... why is it that so many other files are overwritten and so many changes are made?

Or do i have the whole idea wrong? and just 'core' files are replaced?

What should i be doing BEFORE the upgrade to 3.5.3 that will give me my environment back AFTER the upgrade?

I understand the file edits on those that were changed *.php files, but is this usually all that is necessary?

Is there also a great place to start and get a better idea of the templates and reverting and making edits after or before upgrades? (sorry if this is too off-topic) .. just would like to be current and at the same time learn along the way..

since we all are so busy these days..

thanks in advance..

Lenny :)
Its not just a security fix, the release was due to a security issue, but multiple bugs are fixed from the point of 3.5.2's release to the day that 3.5.3 was release, all fixed bugs as of the tracker were included.

I'd suggest reading over the Upgrading and Installing forums FAQ's if you have more questions, if your questions are still not anwsered please create a new thread there.

If you reverted the template (after the upgrade), you've effectively applied the change.
Oh right but my current template is heavily customized so I just can't revert the template and lose all of my stuff.

Oh right but my current template is heavily customized so I just can't revert the template and lose all of my stuff.
Use the compare feature then. :)

Its not just a security fix, the release was due to a security issue, but multiple bugs are fixed from the point of 3.5.2's release to the day that 3.5.3 was release, all fixed bugs as of the tracker were included.

I'd suggest reading over the Upgrading and Installing forums FAQ's if you have more questions, if your questions are still not anwsered please create a new thread there.gotcha Zachery and thanks!

Hi all

i got this error when i try to make a update is there something i do wrong ?

Fatal error: Call to undefined function: print_next_step() in forum/install/upgrade_353.php on line 72

Reupload all the files, overwriting your current files.

Also, please open a new thread in the appropriate forum if you need support.

Hehe I took 2 days off from work today. GREAT TIMING Jelsoft! :) I will upgrade tomorrow

Will this mess up any current plugins with a full upgrade to the system?

thanks again guys. keep up the good work :)

i have few what i think are simple questions as im still so very new to vbulletin ..

when a security release fix like this comes about... why is it that so many other files are overwritten and so many changes are made?

Or do i have the whole idea wrong? and just 'core' files are replaced? You raise an excellent point that a lot of people don't understand.

After every release of vBulletin, bug reports start coming in. They fix those bugs in the CVS version of vBulletin. vBulletin.com is running this CVS version. It is always slightly newer/better than what the rest of us are running. As the weeks go by, more and more bugs will have been fixed in the CVS version.

Whenever a security flaw is found and needs to be fixed, that is an excellent excuse to roll out all the bug fixes (some of which are very cosmetic or only apply to <1% of users) to the public.

If all you want is a secure forum and none of the bugs which have been addressed affect you and your forum, there is no reason you can't just use the security patch. Your forum will still report the older version number, but you will now be safe from the security flaw in question.

However, if you want the most stable verson of vBulletin available, you must do the full upgrade. Even though vB 3.5 makes upgrading easier, it is still far from painless due to template changes.


Some have clamored for Jelsoft to make the CVS version of vBulletin available to hardcore users and developers who don't mind upgrading their vBulletin on a daily or weekly basis.

I currently run 3.0.7 and refuse to upgrade to 3.5.x until the problem with the banning system is fixed.

I have upgraded other boards to 3.5.2 and a bug exists which shows users as banned even when they are not.

As an administrator, I have even been given the ban message and then allowed into the forum.

The bug is discussed in another thread and the reasons for it are shoddy programming. In a system as complex as vBulletin with such great features, there is simply no excuse for filtering IP octets incorrectly by parsing them as literal strings.

Please address this problem as quickly as possible.

- Sid

You raise an excellent point that a lot of people don't understand.

After every release of vBulletin, bug reports start coming in. They fix those bugs in the CVS version of vBulletin. vBulletin.com is running this CVS version. It is always slightly newer/better than what the rest of us are running. As the weeks go by, more and more bugs will have been fixed in the CVS version.

Whenever a security flaw is found and needs to be fixed, that is an excellent excuse to roll out all the bug fixes (some of which are very cosmetic or only apply to <1% of users) to the public.

If all you want is a secure forum and none of the bugs which have been addressed affect you and your forum, there is no reason you can't just use the security patch. Your forum will still report the older version number, but you will now be safe from the security flaw in question.

However, if you want the most stable verson of vBulletin available, you must do the full upgrade. Even though vB 3.5 makes upgrading easier, it is still far from painless due to template changes.


Some have clamored for Jelsoft to make the CVS version of vBulletin available to hardcore users and developers who don't mind upgrading their vBulletin on a daily or weekly basis.feldon,

outstanding.. lots of your words on this board have helped me a long way and thank you firstly for that ..

Thanks also for the explanation here.. im sure like myself; it will help others...

its coincidental also how what you said was what i had in mind exactly of the reasons also why the bugs are fixed in a security release fix .. just make sense..

great job and thanks again..

Lenny :)

I currently run 3.0.7 and refuse to upgrade to 3.5.x until the problem with the banning system is fixed.

I have upgraded other boards to 3.5.2 and a bug exists which shows users as banned even when they are not.

As an administrator, I have even been given the ban message and then allowed into the forum.

The bug is discussed in another thread and the reasons for it are shoddy programming. In a system as complex as vBulletin with such great features, there is simply no excuse for filtering IP octets incorrectly by parsing them as literal strings.

Please address this problem as quickly as possible.

- Sid If you're going to start throwing flame and FUD at the authors of vBulletin, you should be sure you have some firm ground to stand on.

I quickly searched (http://www.vbulletin.com/forum/search.php?do=finduser&u=73169)through your posts here on vBulletin.com and not one of them has anything to do with banning or IP octets. If nothing else, this tells me that you have expended no effort in trying to notify, troubleshoot, or remind Jelsoft that there is an issue that exists, affects users, and needs to be fixed.


I found this thread (http://www.vbulletin.com/forum/showthread.php?t=161692) which seems to be in the same category as the issue you mentioned, namely IP octets being interpreted as strings.
And I found this helpful bug report (http://www.vbulletin.com/forum/bugs35.php?do=view&bugid=1718) and ensuing discussion which indicates that the bug was fixed in vBulletin 3.5.2. It also provides replacement code to immediately fix the bug on any un-upgraded 3.5.1 forum.

Is this the issue you were talking about? Can you provide evidence where there is still a problem with banning? If the issue has been resolved, you might want to read up about the concept of due diligence (http://en.wikipedia.org/wiki/Due_diligence).

Upgraded from 3.5.2 with multiple products/plug-ins installed with no problems. Thanks for the update.

Coolio thanks!

laff.....a 3 in one day like last time....I think I'll go with the full upgrade and not the plugin and patch.

If you're going to start throwing flame and FUD at the authors of vBulletin, you should be sure you have some firm ground to stand on.

I quickly searched (http://www.vbulletin.com/forum/search.php?do=finduser&u=73169)through your posts here on vBulletin.com and not one of them has anything to do with banning or IP octets. If nothing else, this tells me that you have expended no effort in trying to notify, troubleshoot, or remind Jelsoft that there is an issue that exists, affects users, and needs to be fixed.


I found this thread (http://www.vbulletin.com/forum/showthread.php?t=161692) which seems to be in the same category as the issue you mentioned, namely IP octets being interpreted as strings.
And I found this helpful bug report (http://www.vbulletin.com/forum/bugs35.php?do=view&bugid=1718) and ensuing discussion which indicates that the bug was fixed in vBulletin 3.5.2. It also provides replacement code to immediately fix the bug on any un-upgraded 3.5.1 forum.

Is this the issue you were talking about? Can you provide evidence where there is still a problem with banning? If the issue has been resolved, you might want to read up about the concept of due diligence (http://en.wikipedia.org/wiki/Due_diligence).You start your answer as a true religious fanatic would. I've heard the same from Microsoft, Apple and their followers.

As for due dilligence, I simply follow what others far more experienced than I am do before I attempt anything.

There is replacement code but the point is that the problem should NOT have been there in the first place. I simply asked whether it has been fixed in 3.5.3; that is all.

I am angry over this because I paid for vBulletin and have been dying to upgrade to 3.5.x. I refuse to do so, however, since it would not be worth my time without asking these questions first and being satisfied that I can take care of issues properly after my choice.

- Sid

search_forums

Removed the Boolean / Natural Language buttons. The fulltext search now works off one permission. If the user has the boolean permission then that is what they use, otherwise the natural language option.

Requires Revert: No

PLease, can you specify the details of the changes to be made ?

Thank you.

Will upgrade in a just a few moments. :)

You start your answer as a true religious fanatic would. I've heard the same from Microsoft, Apple and their followers.

As for due dilligence, I simply follow what others far more experienced than I am do before I attempt anything.

There is replacement code but the point is that the problem should NOT have been there in the first place. I simply asked whether it has been fixed in 3.5.3; that is all. What does religious fanaticism have to do with your choice not to post anything on vBulletin.com forums about your concerns?

You, of course, have the right to be angry and express that anger. But you stated an issue and walked away. Why not harness your frustration and do something with it? The quickest way to improve vBulletin is to post about problems, provide evidence, and participate in discussions.

Obviously there has been some miscommunication here. I didn't see where you asked a question, but instead stated that there is a bug which affects you. Based on the information you provided, I did a search and found that the bug had been reported and fixed. If you are still having trouble, please open a Support Ticket, post a question in the Troubleshooting forum, or contribute a Bug Report.

The only way vBulletin can get better is if users get involved.

Just upgraded from 3.5.2, like Brad.Loo, We had several hacks and plug-ins. Went very smoothly, took me about 20 minutes including downloading and re-"hacking" files. Thanks for upgrades!

I applied the plugin for now.

What is a "FUD"?

What does religious fanaticism have to do with your failure to post ANYTHING on vBulletin.com forums about your problems with vBulletin?

You can be angry all you want, but unless you say something about it ('call your senator'), you're just an outsider spreading FUD. If you aren't part of the solution (posting about the problem, sparking discussion, providing evidence, nudging Jelsoft to improve the product), you're part of the problem.As a religious fanatic (in this case your religion is vBulletin, in this case the fanaticism is evident in your only searching for what I posted and not what others have posted before revising your statement later) you cannot see that I don't have to post anything on this forum. I can simply read what others have written before me.

I'm much more active on vBulletin.org or was until I found this problem and refused to play with vBulletin any more until it was fixed. I have many customisations on my board and I know what a headache it is to update anything at all and what it takes to redo your work.

You say that "I am an outsider spreading fear and uncertainty and doubt", but your key phrase is "outsider".

You see, I am not an outsider; neither is anyone who has bothered to pay for vBulletin and has not simply put up phpBB or some free option.

I have a right to raise my hackles. You perceive this as "spreading FUD" because it is your nature to do so.

Please simply tell me whether it is fixed in v3.5.3 and agree that the problem should not have been there in the first place.

This has become a flamewar and I refuse to respond any more to anything that doesn't clearly answer my query.

- Sid

http://en.wikipedia.org/wiki/FUD

As a religious fanatic (in this case your religion is vBulletin, in this case the fanaticism is evident in your only searching for what I posted and not what others have posted before revising your statement later) you cannot see that I don't have to post anything on this forum. I can simply read what others have written before me.

I'm much more active on vBulletin.org or was until I found this problem and refused to play with vBulletin any more until it was fixed. I have many customisations on my board and I know what a headache it is to update anything at all and what it takes to redo your work.

You say that "I am an outsider spreading fear and uncertainty and doubt", but your key phrase is "outsider".

You see, I am not an outsider; neither is anyone who has bothered to pay for vBulletin and has not simply put up phpBB or some free option.

I have a right to raise my hackles. You perceive this as "spreading FUD" because it is your nature to do so.

Please simply tell me whether it is fixed in v3.5.3 and agree that the problem should not have been there in the first place.

This has become a flamewar and I refuse to respond any more to anything that doesn't clearly answer my query.

- Sid
Monde, you clearly have a problem, or have found a bug in vBulletin, but have you reporeted it or started a support ticket or thread about it? If so you might have found that it has been fixed, its being addressed, or no one else has noticted it yet.

Untill you report a bug we might not know about it. and Untill the bug is reported, it cannot be fixed.

I believe feldon has shown you that the bug itself is fixed, however I may be wrong.

I applied the plugin for now.

What is a "FUD"?FUD is "fear, uncertainty and doubt".

- Sid

Please simply tell me whether it is fixed in v3.5.3 Based on the limited information you have provided us, I've found a bug which seems to match those parameters. That bug was fixed in vBulletin 3.5.1:
http://www.vbulletin.com/forum/bugs35.php?do=view&bugid=1718

The bug was reported on November 1st, 2005 and a fix was available on November 2nd, 2005. I am not sure what more you expect?

Will you even bother to look at the Bug Report (http://www.vbulletin.com/forum/bugs35.php?do=view&bugid=1718) and see if this is the problem you were having?

agree that the problem should not have been there in the first place. I will not agree with the absurd notion that any flaw in software development is somehow not to be tolerated. People make mistakes.

I have posted on several holes in vBulletin that I think should be improved as soon as is possible. This includes the half-baked support of Additional Groups (you cannot properly search, prune, or e-mail users solely based on Additional/Secondary Groups).

Monde, you clearly have a problem, or have found a bug in vBulletin, but have you reporeted it or started a support ticket or thread about it? If so you might have found that it has been fixed, its being addressed, or no one else has noticted it yet.

Untill you report a bug we might not know about it. and Untill the bug is reported, it cannot be fixed.

I believe feldon has shown you that the bug itself is fixed, however I may be wrong.Thank you Zachery. I'll apply 3.5.3 as an update on one of the other smaller boards I support and see whether they still have the problem. If the problem does still exist, then I'll post a bug report for 3.5.3.

- Sid

http://en.wikipedia.org/wiki/FUD
Thanks

@m0nde

If you don't upgrade because of one thing then why stay on an almost outdated forum software that has a lot less then 3.5.3?

Edit: I posted before "m0nde" (well made a post before his existed), anyways I hope it works for you

thanks again guys. keep up the good work

I didnt understang how to update my vbb :\

I have the versione 3.51, I think I need to get 3.52 and after 3.53 right?
Ok
after did it

I uploaded 2 file of the patch_35x.zip via ftp, after I did "Find Updated Templates" but no update found, there is right?

If its right, after this I must modify the template searching memberlist_search and doing this $vbphrase[is_greater_than] => $vbphrase[is_greater_than_or_equal_to] ?

FORUMDISPLAY
Removed width="auto" from one table.
Requires Revert: No

I hope there is only one table...

Thanks all but Im new to vbb

I didnt understang how to update my vbb :\

I have the versione 3.51, I think I need to get 3.52 and after 3.53 right?
Ok
after did it

I uploaded 2 file of the patch_35x.zip via ftp, after I did "Find Updated Templates" but no update found, there is right?

If its right, after this I must modify the template searching memberlist_search and doing this $vbphrase[is_greater_than] => $vbphrase[is_greater_than_or_equal_to] ?

FORUMDISPLAY
Removed width="auto" from one table.
Requires Revert: No

I hope there is only one table...

Thanks all but Im new to vbb
No, you do not.

You just upload the newest verison and run upgrade.php.

Read the Upgrading FAQ in the vBulletin 3.5 Installation and upgrade forums.

I'm loving this plugin upgrade. I mean WOW, got it done in 30 seconds.

I did it but I dont find change in the template like the new url for skype... in the default and in the custom template.

I did update.php for the second times now and it is the result

Admin Control Panel (vBulletin 3.5.1)

I'm loving this plugin upgrade. I mean WOW, got it done in 30 seconds.
The plugin is not an upgrade, only a patch.

I did it but I dont find change in the template like the new url for skype... in the default and in the custom template.

I did update.php for the second times now and it is the result

Admin Control Panel (vBulletin 3.5.1)
Did you upload all of the vBulletin 3.5.3 files? Or just the patch/

Did you upload all of the vBulletin 3.5.3 files? Or just the patch/
just the patch

I understand now I need to upload all the file of the new version, but for wich use is usefull the patch?

If you do not have time to upgrade for whatever reason but need to remain secure..

Gnubittol.com done in 18 minutes ;)
Thanks for the upgrade/fix, Jelsoft

Regarding the upgrading process, we are currently running 3.5.1. Would upgrading to 3.5.3 also include everything that we need for 3.5.2? In other words, do we first need to upgrade to 3.5.2 before we upgrade to 3.5.3, or will 3.5.3 take care of everything? :confused:

Wahooooooo! Already upgraded.

Regarding the upgrading process, we are currently running 3.5.1. Would upgrading to 3.5.3 also include everything that we need for 3.5.2? In other words, do we first need to upgrade to 3.5.2 before we upgrade to 3.5.3, or will 3.5.3 take care of everything? :confused:When you do a full upgrade, you will see the installer upgrading through each version. It will do it all for you. So even if you are upgrading from 2.0.0, by doing a full upgrade to 3.5.3, you're safe.

Unless you have specific reasons to just patch the system, go through the full upgrade and watch the process.

- Sid

are the styles we have on our boards going to work in 3.5.3? I think I may use the plugin until styles are upgraded as well.

are the styles we have on our boards going to work in 3.5.3? I think I may use the plugin until styles are upgraded as well.
Which styles?

Depending on what was edited, some would have to be edited/reverted to properly work with 3.5.3.

Another, smooth, problem free upgrade, many thanks guys :cool:

I was going to have an early night, but thought I would stop by the forum just to catch up on a few things first. Oh well, you only waste your life if you sleep too much.

Did the 3.5.2 > 3.5.3 and reinstalled several hacks in about 35 minutes. Went sweet as a nut.

Thanks team.

Bob

Thanks for the security fix, Jelsoft. As usual, I'll be doing a full upgrade from 3.5.2 to 3.5.3.

At this point, I wonder how many people still run vB 2? Will they likely upgrade to 2.3.9?

Updated to 3,5,3 :cool:

It took more time for me, bcs i cut the upload 3 times :mad:

Anyway just done the updates and i saw the custom template warnings...

And i have 2 custom templates.

One of them is FORUMDISPLAY and other is MEMBERINFO.

Forumdisplay is edited too much and i dont want to revert it.Same is for memberinfo.

I couldnt understand what must i change at this template.I read width='auto' removed forum one of the tables but i still dont know what must i change.

Also i couldnt see memberinfo template changed at updated template thread at vb...

Is it updated but didnt written or is it smth special for my board:confused:

Good job team, I just bought vBulletin, and I'm glad to be part of this big family!

themgzr.co.uk done in less than 20 mins

:D :D

thanks for this release, we will upgrade our forums as soon as possible.

Is this version is only a security and bug fix version or are there new things implemented as well cause I am missing the obligatory Changes of Note?

Is this version is only a security and bug fix version or are there new things implemented as well cause I am missing the obligatory Changes of Note
?
Nothing new apparently.

Is this version is only a security and bug fix version or are there new things implemented as well cause I am missing the obligatory Changes of Note?
Basically just bugs and security. I guess there was a change relating to boolean searching becoming the default that could be considered a "change of note".

DAMN YOU BASTARDS!!! DAMN YOU TO HELL!!! I have to redo my Dev Site now too!! NOOOOOOO!!! *beats self to the ground*

DAMN YOU BASTARDS!!! DAMN YOU TO HELL!!! I have to redo my Dev Site now too!! NOOOOOOO!!! *beats self to the ground*

Just install the plugin or patch. There are almost no template changes, so just stay patched for now and upgrade at the next feature release. :)

I error out when I search member IP, check referrals, PM stats or merge users.

Any ideas?

I error out when I search member IP, check referrals, PM stats or merge users.

Any ideas?
Start a support thread in the proper forum :)

First time I've had to upgrade vB, and it went very well. ^^

I saw this thread when it had no replies, lol. I just never responded until now.

I currently run 3.0.7 and refuse to upgrade to 3.5.x until the problem with the banning system is fixed.

I have upgraded other boards to 3.5.2 and a bug exists which shows users as banned even when they are not.

As an administrator, I have even been given the ban message and then allowed into the forum.

The bug is discussed in another thread and the reasons for it are shoddy programming. In a system as complex as vBulletin with such great features, there is simply no excuse for filtering IP octets incorrectly by parsing them as literal strings.

Please address this problem as quickly as possible.

- Sid

I was running vbulletin 3.0 when i updated to vbulletin 3.5.2, I knew it was going to be an absolutely massive update so instead of the usual upgrade route that would leave a mish mash database with old hack tables flying around i decided to use impex and i don't regret it either.

Try impex and set up your forums on localhost and see if everything is ok then ?

updated smoothly. ty guys

have fun

I just updated two sites painlessly :) Thanks guys, I really feel like I'm getting my money's worth :)

The plugin security patch is a nice. I am personally fully upgrading, but I appreciate that you are making it as easy as possible with virtually no excuse to have a vulnerable forum.

The plugin security patch is a nice. I am personally fully upgrading, but I appreciate that you are making it as easy as possible with virtually no excuse to have a vulnerable forum.Agreed

easy and painless upgrade as always...thanks for staying on top of the fixes!

I error out when I search member IP, check referrals, PM stats or merge users.

Any ideas?

Yes, also to my forum.
particularly:
member ip page, check referrals page, pm stats page, merge users (Parse error: parse error, unexpected ';' in /forum/admincp/usertools.php on line 523)

I'm very picky and I manually edit my template changes upon an upgrade. Luckily this time there were only two that I had to change. However, ONE of them is the "memberinfo" template (this comes up in the "There are currently xx customized template(s) that need to be updated or reverted. Some sections of vBulletin may not function if you do not do this!" link)

But in the announcement thread, I don't see any mention of what was changed in the memberinfo template.

Any help/suggestions? I know it's not from 3.5.1.. it even says, " Your Custom Template Last Edited in 3.5.2 by XXXXXXX"

Thanks,

There's a tiny edit in the MEMBERINFO template, but it's not at all relevant and does not need to be reverted.

The edit is a fix to this 'bug': http://www.vbulletin.com/forum/bugs35.php?do=view&bugid=1994

I've updated the announcement.

Nice work!
thanks! :D

Hi everybody,

I use 3.5.2 on my forums. I installed extensions like v3Arcade, vBAdvanced CMPS, vBShout etc.

For some of those, I edited templates. During the times I used PhpBB, I used to edit template files for template modifications but in vB, everything can be edited in admin windows. The question is this, in which files is this template information is stored ?

I want to make a full install of 3.5.3 but with those extensions installed, how can I make a full install ? Do I lose any data ? I dont wanna loose all the data about extensions. What can I do ?

Is there a great guide (what I mean is explaining in a well detailed form) to upgrade a heavily extended vB to 1 level up ?

Thanks in advance.

Hi

The template information is stored in the database and not in files. You can edit it through the AdminCP, as you correctly saw.

If you only have extensions, and no code modifications, you can simply overwrite all the files and run the upgrade.php script.

If you need further help with upgrading because of your modifications, you should ask at www.vbulletin.org though, as we can't support code modifications.

Wow!

How great vB is.
I was thinking that "Why should I pay 160$ for this forum software since forums like SMF and PhpBB is available as free" but by the time I administrate vB, I feel myself satisfied with the amount I paid.

You should use better advertisements. vB is really great! really really great...

hi guys,
I was wondering if
1. Patching vb3.5.2 to vb3.5.3 using the plugin manager is equally good as running the setup?

2. If I do use the plugin and use the XML file.. how does the actual source file gets updated!?

what does vbulletin recommend to run? the patch or setup?

thanks for ur time.. :)

Hi ...
thanx for the upgrade .and btw ,I'm really glad to see my suggestion to use the plugin system for fixing problems ,or at least as temporary solution :)
Nice work guys and you really my gratitude for your hard work .

nice work Vbulletin Team Thank You ;)

Viks,

Using the plugin and thus patching the code is not equal to a full upgrade, all that does is fix this one bug. The full upgrade fixes additional bugs that have been discovered in the meantime as well.

And the actual source file itself doesn't get updated, additional code simply fixes the security issue which prompted this release.

Thanks Colin.

I happened to install this new license and thanks for update!

I wasn't able to find what the plug in, the link only took me to a help file about how to install plug ins. Can you help?

Yes, also to my forum.
particularly:
member ip page, check referrals page, pm stats page, merge users (Parse error: parse error, unexpected ';' in /forum/admincp/usertools.php on line 523)

My upgrade to Short-Media.com (http://www.short-media.com/forum/) took less than 10 minutes (including reverting & re-editing templates). Sweet as a nut.. apart from the above.

I also have this problem with usertools.php in my admin control panel. Will file a bug report if I can't find a bug open for it :)

//Edit: Found the bug report and added the missing ) to my file. Working ok now :D

Thanks a lot for the patch...just wondering why it's called a plugin when it's actually a product?? (yep, I was actually trying to import it as a plugin ;))

Why can't vbulletin release a version for developers, testers or whatever that don't mind upgrading and testing everyday and then release one huge version of vbulletin when must bugs are ironed out? Of course providing security updates all the time to everybody.

I haven't upgraded since 3.5.1 because the minute I decided to do it for 3.5.2 and 3.5.3, a ton of people come up with a ton of upgrading bugs problems.

They release when there are security issues that need to be addressed. If you don't want to upgrade, just use the patch(es).

Yeah thanks. I know that...

Hola, soy español, alguien podria explicar como actualizar de 3.5.2 a 3.5.3, sin perfer modificaciones que he hecho en la web??

Espero respuesta :)

SALUDOS!

I'm getting good at these updates.
My routine is paying off.
I keep good documentation of the mods, hacks and products installed along with urls and the latest versions.

I note which scripts need to be edited and take care of all that while backing up my files and database.

Overwrite all my scripts.
Revert and edit whatever templates need to be changed.
Updated two sites in no time.

Just upgraded from 3.5.2. Everything continues to run smoothly.

Another smooth upgrade, Thanks team.:)

I ran the upgrade and everything seemed to go smoothly, but then after the upgrade I noticed it said:
Newest Member: [Too Old]

What? A time/date problem introduced by the upgrade? I thought.

Turns out a minute before I did the upgrade someone signed up with the username "Too Old" :D

Oh well, it's late. That's my laugh of the day!

donw with no problems

www.alraqee.com (http://www.alraqee.com)


keep the good work up

What exactly is cross-scripting?

I was running vbulletin 3.0 when i updated to vbulletin 3.5.2, I knew it was going to be an absolutely massive update so instead of the usual upgrade route that would leave a mish mash database with old hack tables flying around i decided to use impex and i don't regret it either.

Try impex and set up your forums on localhost and see if everything is ok then ?LOL :D. Been there, done that.
I'm going to wait until I see what other problems pop up. I've already updated a few smaller boards to 3.5.x.
There's a great tutorial on vbulletin.org that explains how to do a safe upgrade to 3.5.x from 3.x. I'm just hesitant to do so until I hear more from really large boards.
By board is by no means massive, but I want to know what kinds of problems pop up.

I've used impex before and find that it works well. In the end, I WILL go that route, but I've simply patched my board so that it has all of the security fixes for 3.x.

Thanks for your help.

- Sid

thanks for the update
hope that we wil not get 3.5.4 next week

What exactly is cross-scripting?
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure07152002.asp

What would be the best way for me to upgrade if all of my forums have mods and plugins?

If you are going from 3.5.2 > 3.5.3 then check the lists of changed files and templates against your hacks. Do the upgrade then redo any hacks that were affected by the new files and templates. I only had 4 to redo out of the 19 I have installed.

Bob

Thanks Bob! Sounds good.

Thanks for always looking out for us....I did the upgrade I was running 3.5.1 with the patches. Now I have a bunch of custom templetes. Aftetr the upgrade it tells me that There are currently 10 customized template(s) that need to be updated or reverted. Some sections of vBulletin may not function if you do not do this! Is it smarter for me to revert these templetes or alter the default ones with the info needed?

Again thanks for the help in advance.

I don't think you need to revert them. Just click edit, then save them as they are to get rid of that annoying message.

I don't think you need to revert them. Just click edit, then save them as they are to get rid of that annoying message.
I would at least edit the templates with the appropriate updates, instead of just saving them. ;)

I don't think you need to revert them. Just click edit, then save them as they are to get rid of that annoying message.I've read some dumb advice, but wow.

I've read some dumb advice, but wow.
Depends the template feldon :op

great :)

If one of the changed templates mentioned in http://www.vbulletin.com/forum/showpost.php?p=1046297&postcount=4 (http://www.vbulletin.com/forum/showpost.php?p=1046297&postcount=4)
says "Requires Revert: No" is there ANY reason to make the change?

If one of the changed templates mentioned in http://www.vbulletin.com/forum/showpost.php?p=1046297&postcount=4 (http://www.vbulletin.com/forum/showpost.php?p=1046297&postcount=4)
says "Requires Revert: No" is there ANY reason to make the change? That means that the change was cosmetic. XHTML compliance, language issues, etc.

That means that the change was cosmetic. XHTML compliance, language issues, etc.
So, out of curiosity, why do the developers even mention the templates that don't require Reverts?

The change is not meaningless. Some people want a 100% XHTML compliant forum which they can translate into any language. A perfect example is that in a version of vBulletin 3.0.x, 'User CP' was hard-coded into the navbar template instead of being in the language system. It was subsequently changed to $vb_phrase[usercp]. That change did not require a Revert for users to have a fully functional forum, but the change was a necessity for International users.

Requires Revert means if you don't, functionality will be broken or a bug will not be fixed.

I will be upgrading my forums soon, until that point I will temporary use the plugin to fix the hole, so easy!
me 3, cause I have so many hacks install.:)

Okay, I've never updated before - so I have a few questions.

Basically all I do is upload the entire package and run the update script? right? And if I have mods all I do is reupload them?

If I just do a temporary plugin to fix the hole or whatever, will it be harder to upgrade when the next version comes out?

If you have any vBulletin 3.0.x series mods, they are not compatible with vBulletin 3.5.

The plugin/patch does not make it harder to upgrade in the future.

again? I picked vbulletin because I was sick of PhpBB always releasing security fixes all the time. And now vbulletin does the same?? wtf is up with that???

again? I picked vbulletin because I was sick of PhpBB always releasing security fixes all the time. And now vbulletin does the same?? wtf is up with that???
Would you prefer them not to?

You could always just patch it instead of doing a full upgrade. ;)

again? I picked vbulletin because I was sick of PhpBB always releasing security fixes all the time. And now vbulletin does the same?? wtf is up with that???

Get a dedicated server (so your laziness does not affect others) and ignore all the security updates. Of course you will need to make current backups a couple of times a day so that when you get hacked you can fix it. If this is too much hassle you can always close your site, take a hammer to your PC, move to the woods and build your home out of mud.

again? I picked vbulletin because I was sick of PhpBB always releasing security fixes all the time. And now vbulletin does the same?? wtf is up with that???
Security updates on phpBB take 10 times as long to apply to your forum as vBulletin updates.

Nice version , but i faced some problems ( bugs ) , well done

and waiting for the bugs fixes :)

Great release. I just updated my Military site and it worked perfectly. Thanks to the Jelsof Team!
Glenn

Easy upgrade, even on a very customized board (http://www.koww.net/forum/index.php), thanks Jelsoft :)

im upgrade to 3.5.3

.. but
problem about ajax for arabic
how to fix this problem?

We are using mySQL version 3.23.58.

After upgrade the search script gives an SQL error informing that the problem is the Boolean text search.

In version 3.5.2 we have no error. In the Admin CP -> Search Type section there writes that we are using fulltext search without boolean type.

Is the Boolean Search is a requirement for 3.5.3 release?

Thanks

I would state exactly what you just stated but in a new thread in the Troubleshooting forum. And when you get that SQL error, pull down your IE/Firefox/Safari Edit menu to View Source and it will have some details on the actual SQL error. Copy and paste those error details into the thread here on vB as well.

Upgrade complete; no problems(except the user created ones...)

(when upgrading your testvb forums to prepare for any surprises, make sure your testvb config.php points to your testvb dbase, as opposed to your live dbase. Oops! :/)

I was doing a search a few minutes ago and ran across this, did a search and didnt find it posted, submitted to bugs also.

519 $db->query_write("
520 UPDATE " . TABLE_PREFIX . "reputation
521 SET whoadded = $destinfo[userid]
522 WHERE whoadded = $sourceinfo[userid]
523 ";

Seems we have a missing ) from this last line here when searching for ips site wide.

523 Corrected. ");

Post in the appropriate forum for support. ;)

who's asking for support?

you might want to read that again, its a statement letting everyone know there is a issue in that file and a simple fix posted along with it.

you note its also added to the bug list, even tho its a simple file edit issue.

Will be slapping this on tonight ;)

I've been trying and trying to downoad the patch file (my setup requires that I use this method instead of the plugin), but with no luck. I've added this account's email address to my membership information, as described at the top of this thread. Does anyone else have some advice, or can someone provide me with the patch file directly?

Vulnerable Version: 3.5.2 (prior versions also may be affected) Bug: Html_Injection (Second order Cross_Site_Scripting) Exploitation: Remote with browser


Html_Injection : The software does not properly filter HTML tags in the title of events before being passed to user in 'calendar.php'&'reminder.php AS include'. that may allow a remote user to inject HTML/javascript codes to events of calendar. The hostile code may be rendered in the web browser of the victim user who will Request Reminder for those Events (persistent). For example an attacker creates new event (Single-All Day Event , Ranged Event OR Recurring Event)with this content:


TITLE:--------->Test<script>alert(document.cookie)</script> BODY:---------->No matter OTHER OPTIONS:->No matter


Demonstration XSS URL: -------------------- http://example.com/vbulletin/calendar.php?do=addreminder&e=[eventid]

Credit

Savsak.com [Ejder And The_BeKiR And Liz0Zim And CyberLord]




They mention reminder.php as well, but I noticed the patch does not contain a new reminder.php.

Does the patch (calendar.php and functions_online.php) cover the problem with reminder.php as well?

Thanks

I'm thinking that's what the Plug-in covers.

I'm thinking that's what the Plug-in covers.


The way I read it, it was an either-or situation.

You could either close the hole(s) by swapping the files (the patch), OR you could use the plugin.

If I'm wrong, please let me know :o

salam for all


i have problem on the server now
ensha allah after 4 or 5 days i wil make the upgrade


abna2005

Hi - i isntalled the plugin, but still says version 3.5.2?

is there away to change this?..

thanks!

Hi - i isntalled the plugin, but still says version 3.5.2?

is there away to change this?..

thanks!
No, the plugin simply fixes the XSS flaw, it does not upgrade you to 3.5.3.

You can go poking around in the languages & phrases system if you want to remove the 3.5.2 mention on the front of your forum. Jelsoft realizes that many people don't have the time to do full upgrades which is why these patches are made available.

I would strongly recommend that you don't force the version number to be 3.5.3 if you have only run the patch, as it will confuse the upgrade system when it comes time for you to fully upgrade.

No, the plugin simply fixes the XSS flaw, it does not upgrade you to 3.5.3.
Kier...

But it is plugin OR patch right? One does not do more (or less) than the other?

And either will also address the issue with reminder.php as well?

Couple of questions from a newbie...

I installed the 3.5.3 plugin all went well there.

My question is: should this plugin have made the changes to the templates as per this topic: the actual post: http://www.vbulletin.com/forum/showpost.php?p=1046297&postcount=4 the complete topic: http://www.vbulletin.com/forum/showthread.php?postid=1046289 ?

I ask because it didn't and don't know if messed up on the plugin.

My next question is: the files that were altered as per this post: http://www.vbulletin.com/forum/showpost.php?p=1046351&postcount=5, will I have to redo the plugins after these are uploaded?

Security question:
My host is recommending that I put my includes file below the root for much stronger security.

Is this something that can be done with vB? If so, what changes would I need to make to to complete this?

Thanks in advance.

Kier...

But it is plugin OR patch right? One does not do more (or less) than the other?

And either will also address the issue with reminder.php as well?
Correct, it's plugin OR patch.

As far as I can tell, the report of a flaw in reminder.php is bogus, as that file only sends plain text emails, which are not affected by XSS.

Couple of questions from a newbie...

I installed the 3.5.3 plugin all went well there.

My question is: should this plugin have made the changes to the templates as per this topic: the actual post: http://www.vbulletin.com/forum/showpost.php?p=1046297&postcount=4 the complete topic: http://www.vbulletin.com/forum/showthread.php?postid=1046289 ?

I ask because it didn't and don't know if messed up on the plugin.By installing the plugin you have merely fixed the XSS flaw, you have not upgraded to 3.5.3 so the templates will not have been reverted, nor do they need to be.


My next question is: the files that were altered as per this post: http://www.vbulletin.com/forum/showpost.php?p=1046351&postcount=5, will I have to redo the plugins after these are uploaded?Again, as you have not upgraded your board but merely fixed the XSS bug, there is no need to re-do your plugins.


Security question:
My host is recommending that I put my includes file below the root for much stronger security.You can't move the location of the includes folder, but you can easily achieve the same level of security by creating a file called .htaccess in the includes folder and editing the contents to say deny from all. This will prevent the web server from serving any scripts in the includes folder to visitors, while still allowing vBulletin to access the necessary files internally.

Thanks for the prompt reply Kier :D

Was the security bulletin I received this morning just delayed, or was it a duplicate announcement? I upgraded to 3.5.3 a few days ago and for a moment I thought there was another update.

I think it was delayed...?

I think it was the first I heard about it via email.

But don't take my word for it... wait for Kier or someone to respond.


Either way, take a look at Mod_Security (http://www.modsecurity.org/index.php)for apache. It can be a life-saver for problems like this.

Just be sure to exclude yourself from the security rules or you'll get a lot of dead pages while working in the admincp (on templates and stuff)

You can do that with a line in modsecurity.conf like:

SecFilterSelective REMOTE_ADDR ^11.22.33.44$ nolog,allow

Where 11.22.33.44 = your ip.

You might drop the nolog too & pipe out errors to a .php page that will alert you differently on errors triggered by users and errors for yourself (your ip) that way you can help identify what rules are setting off false alarms.

If I am running a old version 3.0.4 and am planning to update soon, what will I need to patch?? Please Help.

If I am running a old version 3.0.4 and am planning to update soon, what will I need to patch?? Please Help.I am pretty sure you will need to run through their "Full Upgrade" steps.

ok
sorry I read through 9 pages and didnt see the answer. I am running 3.5.0 and did the security patch when 3.5.2 came out. Should I patch again with the new files supplied or should I be good with the previous patch?

Sorry I just didnt see 3.5.0 mentioned anywhere:rolleyes:

The plug-in option sounds nice too.

Is there a code change that will secure the older sites like 3.0.3 and up...come on , someone has to know ...please

Is there a code change that will secure the older sites like 3.0.3 and up...come on , someone has to know ...please
3.0.3 is just too old to be secured with patches alone. You really should run the full upgrade procedure and get yourself to 3.5.3.

Was the security bulletin I received this morning just delayed, or was it a duplicate announcement? I upgraded to 3.5.3 a few days ago and for a moment I thought there was another update.
We tend to wait a few days before we do the eBulletin, just in case a horrible problem is discovered in the new package. We'd rather fix problems like that before we announce the release to the entire customer base, the majority of whom hear about it through the email.

Is there a code change that will secure the older sites like 3.0.3 and up...come on , someone has to know ...please
You'll have to check and see if there are patches for 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 and if so, install them all in subsequent order. Until you upgrade or patch, your forum is vulnerable to numerous security flaws!!!


I am running 3.5.0 and did the security patch when 3.5.2 came out.
Did you also do the 3.5.1 security patch?

Sorry I just didnt see 3.5.0 mentioned anywhere
Securing 3.5.0 is covered in the 3.5.1 announcement.
Securing 3.5.1 is covered in the 3.5.2 announcement.
Securing 3.5.2 is covered in the 3.5.3 announcement.

You'll have to check and see if there are patches for 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 and if so, install them all in subsequent order. Until you upgrade or patch, your forum is vulnerable to numerous security flaws!!!This won't necessarily work. Patch files are designed to work with the immediately previous version of vBulletin, not necessarily with all prior versions.

For example, if we found a problem with profile.php and released a patch, it would work with 3.5.2 and 3.5.3, but 3.5.1 and prior versions would break fairly badly as their systems don't include support for the Skype field.

Therefore, I can only recommend that patching is done to the most-recent-but-one versions of vBulletin - if we release 3.5.3 and a patch, the patch will work with 3.5.2 but not necessarily with 3.5.1, and the further back you go the more unlikely it is that the patch will work at all.

OK I have a couple questions, this is the first time I have had to think about an upgrade so forgive me if these seem redundant or even stupid. (I am new at this)
I am considering doing the full upgrade from 3.5.2 to 3.5.3 BUT I am running a couple things and I am not sure if they would be interferred with. I have an arcade and a shoutbox. Those are two of the main things that I am afraid might be effected. My other admin has also put in a couple of hacks but they I think can be easily redone.
SO will this upgrade effect my arcade? or my shoutbox(can you see how lazy I am?) Thnaks for letting me know!

If there were templates that were changed from 3.5.2 to 3.5.2 and you customized those templates either in the course of creating the layout of your forum, or in the process of installing the Arcade, Shoutbox, etc. AND those templates are listed as being affected in the upgrade from 3.5.2 to 3.5.3, then you will have to compare the templates by hand to see what changes were made and apply the same changes.

I currently have 3.5.2 installed with modified templates.

It appears than none of the template changes in 3.5.3 require a revert. So then I should be able to just upgrade to 3.5.3 and not worry about having to modify any of the templates? Is that correct?

That's correct.

Requires Revert means that functionality will be broken or bugfixes will not be applied IF you do not Revert.

The other templates listed (but which do not say 'Requires Revert') have had cosmetic improvements which you'll miss out on. You can use the Template Compare feature to see what they changed.

Using template compare feature, you should understand the differences between your version and vB stock version. Sometimes it's ok just do the revert, but other times, you'll have to keep the changed part (green color) and fix the yellow part only. If you'll just revert everything, your customized skin may break.

update went good, good job team!

I just did the upgrade from 3.5.2 to 3.5.3 and seem to have lost my buttons (reply, edit, quote, etc) and the new message indicators. Where can I find them to set them back to what they were?

New member here.
I've tried to download the patch file, and get a "no permission" message.
Same message with the plugin file.

Am I doing something wrong?

Forget the above message........sorted!
Needed to register for Forum Support.....Doh!

You shouldn't be having any problems with this now.

Upgraded NetBusinessTalk (http://www.netbusinesstalk.com)!

One thing I don't understand is this:


search_forums

Removed the Boolean / Natural Language buttons. The fulltext search now works off one permission. If the user has the boolean permission then that is what they use, otherwise the natural language option.

Requires Revert: No

How do I fix this?

If you have not edited the template "search_forums", don't touch anything about this.

If you have edited the template "search_forums", you must to revert the template quoted. For this, select the template in the Style Manager and click on the "Revert" button.

Is there a list somewhere where I can find all the new vBulletin 3.5.3 features included in 3.5.3? As you can see I am more of a newbie.:rolleyes:

There is no new features in vB 3.5.3, the last new feature added is the Skype support in vB 3.5.2.

There is no new features in vB 3.5.3, the last new feature added is the Skype support in vB 3.5.2.
Thanks.

However I am curious what is new in 3.5.2 then, it is the newest version correct? What is the advantages that we get in upgrading to 3.5.2?

They already said it: Adding Skype integration. Besides that, just bug fixes mostly.

If you have edited the template "search_forums", you must to revert the template quoted. For this, select the template in the Style Manager and click on the "Revert" button.

Well, I don't think I need to revert. There must be an option to edit it somehow. I just need to know what I'm suppose to edit.

All edits are listed in the announcement.

Hi all,

I'm a newbie

I have only uploaded new files that are listed here (http://www.vbulletin.com/forum/showthread.php?p=1046368#post1046368) (post #5) and run the upgrade.php successfully. Version changed to 3.5.3 and everything works well. This can be considered "full upgrade" right? just wanna make sure.

Thanks vB team :)

Technically yes, that is correct.

Did something change with the way web links are processed from posts?

It seems since the upgrade that links are opened in the active browser window rather than in a new window like they used to. (and I can't seem to find an option to change that but I vaguely remember something like it... :) )

Edit: A bit of a clarification: It seems that only certain links do that. For example links to eBay ads. Not sure the cause but might it be the dynamic nature of the link?

Here is a template change quote from Kier:


memberlist_search


$vbphrase[is_greater_than] => $vbphrase[is_greater_than_or_equal_to]

Requires Revert: Yes


If I have customized this template, would I just be able to add the code above instead of reverting?

Just curious.

That's correct. You can fix the problem with this template that Jelsoft fixed by making the same change.

Remember the template changes marked with 'Requires Revert' solve major bugs. There may still be cosmetic and validation bugs left in.

There may still be cosmetic and validation bugs left in.
Do you mean that there may still be cosmetic and validation bugs in the template that requires revert?

If so, why don't they include the cosmetic and validation fix in the revert?

Every template that you Revert will include all the changes/fixes from the latest version of vBulletin. In this case, 3.5.3.

The problem with customizing templates is that they are frozen in time at the version you modified. If you modify a template in vBulletin 3.5.1 and upgrade your forum to vBulletin 3.5.3 and vB 3.5.3 contained a critical template bugfix in that template, that bug will NOT be resolved in your forum until you either:

1) Revert your changes to that template
2) Implement the change as described in the notes in the vBulletin release announcement.

The example you gave shows you how to change one phrase to fix a bug instead of Reverting and Recustomizing which can take 10-15 minutes per template depending upon how customized they are.


The 'Requires Revert' notations are there to help users who have heavily customized forums who simply do not have the time to revert and recutomize every template every time there is a new version of vBulletin. 'Requires Revert' means that a template change is critical to fixing a significant bug or security issue.

I'm seeing a 2-4 page PDF on 'How to Upgrade vBulletin' in my future.

Actually, 'Requires Revert' isn't only for significant bugs or security issues, but simply for everything that can break the way your forum is supposed to function.
If you're missing a hidden field in a form, and vBulletin requires this, that change will require a revert, otherwise that form won't work.

Actually, 'Requires Revert' isn't only for significant bugs or security issues, but simply for everything that can break the way your forum is supposed to function.
If you're missing a hidden field in a form, and vBulletin requires this, that change will require a revert, otherwise that form won't work.
So adding
$vbphrase[is_greater_than] => $vbphrase[is_greater_than_or_equal_to] to the "memberlist_search" template won't don't the same thing to the as a revert will?

I don't have time to check if that's the only change, sorry.

Yes, it should.
In this case I assume the revert is needed because otherwise nothing or the wrong thing will show up instead of that phrase.

If you have not edited the template "search_forums", don't touch anything about this.

If you have edited the template "search_forums", you must to revert the template quoted. For this, select the template in the Style Manager and click on the "Revert" button.Maybe I missed something, but where does one set which users have the boolean permission vs. the natural language option? And why must it be one or the other when there was a choice before?

It's not user-specific. Natural Language was much less accurate than Boolean and was only used for server optimization reasons. If a server is overloaded, Natural Language searches (which return less results) should be turned on to keep the server healthy.

Is there a place to switch from one to the other? I didn't see anything in the adminCP.

I don't have an issue, particularly, as I have more server than I need thus server load is small. I'm just trying to understand the particulars. I'm assuming that boolean is turned on now, but how do I know that? Is there a switch somewhere?

BTW - I am using MySQL's Fulltext search.

The boolean option is now automatically used if the user's group can use it:

Admin CP -> Usergroups -> Usergroup Manager -> Edit Usergroup -> Can Use Boolean Search

This group permission only shows if fulltext is enabled:

Admin CP -> vBulletin Options -> Search Type

The same goes for natural language:

Admin CP -> Usergroups -> Usergroup Manager -> Edit Usergroup -> Can Use Natural Language Search

If both advanced search options are enabled for a group, then the option will show up on the search form. Otherwise the single selected search option will automatically be used.
....

ThankS

**edit oops... sorry wrong forum

What's the minimum version of PHP I need to be on to upgrade from 3.5.0 to 3.5.3? I'm assuming what I'm running on 3.5.0 will be fine for 3.5.3, but want to make sure.

What's the minimum version of PHP I need to be on to upgrade from 3.5.0 to 3.5.3? I'm assuming what I'm running on 3.5.0 will be fine for 3.5.3, but want to make sure.
If you're already running vBulletin, then you shouldn't worry about the PHP version.

Thanks vBulletin!

Thnkz for ethe info

....Thanks! I mssed that post.

But -
Originally Posted by Steve Machol
The boolean option is now automatically used if the user's group can use it:

Admin CP -> Usergroups -> Usergroup Manager -> Edit Usergroup -> Can Use Boolean Search

This group permission only shows if fulltext is enabled:

Admin CP -> vBulletin Options -> Search Type

The same goes for natural language:

Admin CP -> Usergroups -> Usergroup Manager -> Edit Usergroup -> Can Use Natural Language Search

If both advanced search options are enabled for a group, then the option will show up on the search form. Otherwise the single selected search option will automatically be used. I'm looking at the user group settings in 3.5.3 and there are only 2 options:

1. Can use search
2. Can use boolean search

There is no button for Can Use Natural Language Search.

Yes - I have Fulltext search enabled.

In the Search page, there are no buttons like there were in 3.5.2.

This isn't a real big deal to me, but what is being said is not what I'm observing.

Thanks for the update ;)

Just hope its a while until a new update is released as modifying 11 templates is hard work lol

Thanks for the update ;)

Just hope its a while until a new update is released as modifying 11 templates is hard work lol

just 11 ? :D :D :D :D

just 11 ? :D :D :D :D

Yes thank god ;)

I know I am late to do this, but I am looking at doing this update.

Now I'm not good at changing things, and it takes me a while to figure things out,

So,

1) In one post it said v.3.6 and 4 are not as far away as you think,
Timewise how far is that, as it may be worth me waiting and doing it all at the same time ;)

2) If I do the update I will do the full one, so the CSS file will change, how does this affect the saved template I am using.

3) I have changed the nav bar, is there a way I can save this and put it back afterwards? I have not got a clue what file it is held in.

Thanks all :)

vBulletin is database-driven software. The forums, styles, CSS, templates, etc. are all stored in the database.

1. Don't try to include the release of 3.6 and 4.0 in your figuring.

2. You shouldn't be changing CSS files. You should use the built-in style editor in vBulletin.

3. vBulletin 3.5.x has a Template History feature. You can, at any time, type in a comment and Save and it will create a save point that you can always restore to.

In any version of vBulletin, you can always hit 'Revert' and it will remove all your changes and become a 'virgin' template again. If you customize the navbar template at 3.5.3 and then you upgrade to 3.6, the navbar template will still be 'frozen' at 3.5.3. If you hit Revert and then the navbar template will be the default 3.6 template.

Thanks Developers of vBulletin ,,, :cool:

Feldon23 I have some templates like 3.5.1 that have been modified like you state in your comment would it be best if I revert to the 3.5.3 and then redo the modifications in the new template.
This has me confused a little by it not over writing an older template but we can use revert back to do it.
Give me your ideas on what would be best to do in this situation. :) Thanks

Depends if the changes in the templates that Jelsoft made from 3.5.1 -> 3.5.2 and 3.5.2 -> 3.5.3 are marked as Requires Revert and those are the same templates you customized in 3.5.1. If so, you are missing out on some important bugfix or even a critical security update. If not, you are maybe missing some cosmetic bugfixes.

To save your sanity, compare each affected template by comparing the virgin 3.5.1 template to the virgin 3.5.3 template. It's too bad the Template Compare feature in vB3.5 can't do it in a vertical orientation. I don't have a 32" screen to use their side-by-side comparison.

Thanks for the infromation Feldon23.

So if I revert the ones that says require revert after an upgrade and do have another that does not require revert like a nav bar template then I should be ok if I understand you correctly.

I don't use hacks other than adding a couple links in my nav bar to places like my photo gallery and chat room which both are standalone programs that just requuire a link to get to them. :)

Thanks vBulletin
I love u

When will vBulletin 3.5.4 be released.

When will vBulletin 3.5.4 be released.
When one of two things happen:

1) There is a patch needed to be released for security issues

OR

2) When the developers feel it is time to release another maintanence update.

Other than that, no dates or anything on when it (if there would need to be one) released.

Nice version

When one of two things happen:

1) There is a patch needed to be released for security issues

OR

2) When the developers feel it is time to release another maintanence update.

Other than that, no dates or anything on when it (if there would need to be one) released.

Oh, ok. Its because im in the mood for running a install or upgrade script :p

Hehe :)
Go to vbulletin.org, and install everything you can :D

quick question, i'm running 3.5.0 but patched with the 3.5.3 patch, does that patch include the same things that was in 3.5.1 patch and 3.5.2 patch, they are the same files so i'm guessing the 3.5.3 should cover all three? just want to make sure i'm at least secure until I do the upgrade in a few weeks


thanks

The patch is only verified to work with the previous version - 3.5.2. I strongly suggest you upgrade, particularly since more that one security issue has been found since 3.5.0.

The patch is only verified to work with the previous version - 3.5.2. I strongly suggest you upgrade, particularly since more that one security issue has been found since 3.5.0.
hi steve,
any idea if we are planning to release another version in next few days ?
concerned cause of a bugtrack post on securityfocus yesterday.

thanks.

Currently that security report means nothing, the user is trying to exploit money from us in order to get a security threat that may or may not exsist, have you read that exploit?

Anyway, Upgrading in 3.5.x is much easier, evne if you have hacks and plugins.

You should _always_ upgrade, regardless, its best for everyone involved.

Currently that security report means nothing, the user is trying to exploit money from us in order to get a security threat that may or may not exsist, have you read that exploit?

Anyway, Upgrading in 3.5.x is much easier, evne if you have hacks and plugins.

You should _always_ upgrade, regardless, its best for everyone involved.
thanks Zachery.
appreciate fast comments on such issues.

You should _always_ upgrade, regardless, its best for everyone involved.

one more question, my template edits and strict plug in hacks I'm not worried about but i have one hack that used quite a bit of file edits, 3-4 files but multiple edits in each

if i download 3.5.3, do my file edits, then upload and upgrade will that work ok? or should i upgrade then do my file edits?

Download the 3.5.3 files, edit those files as needed, then upload the 3.5.3 files (including your modifications) and perform the upgrade.

I am waiting for 3.5.4 :) i think this is too close

Don't encourage them. :)

I am waiting for 3.5.4 :) i think this is too close
If you are always waiting for the next version to upgrade, you shouldn't hold your breath anytime soon.

I'm looking at the user group settings in 3.5.3 and there are only 2 options:

1. Can use search
2. Can use boolean search

There is no button for Can Use Natural Language Search.

Yes - I have Fulltext search enabled. Same here.

According to the 3.5.3 announcement,

search_forums

Removed the Boolean / Natural Language buttons. The fulltext search now works off one permission. If the user has the boolean permission then that is what they use, otherwise the natural language option.

so it seems to me like the option to the user is not there anymore, which is a contradiction to what was said in post #205 of this thread:



The boolean option is now automatically used if the user's group can use it:

Admin CP -> Usergroups -> Usergroup Manager -> Edit Usergroup -> Can Use Boolean Search

This group permission only shows if fulltext is enabled:

Admin CP -> vBulletin Options -> Search Type

The same goes for natural language:

Admin CP -> Usergroups -> Usergroup Manager -> Edit Usergroup -> Can Use Natural Language Search

If both advanced search options are enabled for a group, then the option will show up on the search form. Otherwise the single selected search option will automatically be used. So is there or isn't there the "Can Use Natural Language Search" option in the ACP...? :)

Currently that security report means nothing, the user is trying to exploit money from us in order to get a security threat that may or may not exsist, have you read that exploit?

Anyway, Upgrading in 3.5.x is much easier, evne if you have hacks and plugins.

You should _always_ upgrade, regardless, its best for everyone involved.
Yep,

I've informed the 'blackhat' user as he claims he is to provide any evidence of this being valid.. I informed him that if he wants us to take him serious that we require additional information, otherwise we can't do much but consider it to be a hoax.

He replied that he wants to see money for his proof of concept.

I never liked the idea paying money for something without knowing what it is, does or how it works ... so he's out of luck. Personally I think it is quite unlikely that there's a security issue in both vB and IPB that results with shell access. And this user is also very unknown in the underground scene.

Hopefully if what he claims he has is real and he has any morals, he decides otherwise and contact us with the PoC and we can fix our software and he gains respect.

He replied that he wants to see money for his proof of concept.

I assure you he would try first to get vbulletin.com, deface it, upload backdooor shel or grab db.
He would scan google for vbulletin installations too and probably scan those sites for the exploit mentionned... Its always same scheme.. Lets check out our logs and show him "middle finger". :o

He replied that he wants to see money for his proof of concept.


I'm inclined to agree. He's either lying or is complete scum - only interested in lining his own pockets rather than helping make the best(</shameless plug>) forum software as secure as possible.

Now, who wants the soapbox next? <grin>

i love u vbulletin

Ok more related to SkypeWeb than vb 3.5.3, but is there a way I can give the users the option of disabling it like signatures, avatars etc. ?

I have some members who don't like using their work machines to send several requests to Skype every thread.

(will remove the plugin for the time being, but it would be nice for it to go if this is going to be a part of a future release)

Ok more related to SkypeWeb than vb 3.5.3, but is there a way I can give the users the option of disabling it like signatures, avatars etc. ?

I have some members who don't like using their work machines to send several requests to Skype every thread.

(will remove the plugin for the time being, but it would be nice for it to go if this is going to be a part of a future release)
Please post support questions in the appropiate forum. Thank you :)

I assure you he would try first to get vbulletin.com, deface it, upload backdooor shel or grab db.
He would scan google for vbulletin installations too and probably scan those sites for the exploit mentionned... Its always same scheme.. Lets check out our logs and show him "middle finger". :o
I really don't want to continue with this particular topic, but if he does that we can trace his steps and know where the flaw is. Then we can fix it and offer our customers a professional patch. He might get his 15 minutes of fame, but we get a PoC that it works and don't have to pay for it. Of course, we hope he does it in a more morally acceptable manner and using common sense.

I upgraded to vB 3.5.3 two weeks ago and so far I'm happy I did. I really like the new plugin/product system. Good job!

Yes the plugin/product system is the bomb! When does the next update come out?

Yes the plugin/product system is the bomb! When does the next update come out?
When it's ready. ;)

3.5.4 has been released
http://www.vbulletin.com/forum/showthread.php?t=176178

Please read the full announcement and continue the 3.5.4 discussion there.