Please post in the troubleshooting forum if you are having specific problems.

John

Another one ;)

This must be the 4th one in a coupla days :o

Hopefully it will clear up the issues with 2.2.3x

Stephen

From the announcement
We apologise for the frequency of updates recently. However, we are keen to maintain vBulletin's security, and to notify customers as soon as we are aware of issues, so we felt it was more important to get this information out to you as soon as possible, rather than sitting on it.

John

thanks :)

If I edited newreply & newthread as is told here (http://www.vbulletin.com/forum/showthread.php?s=&postid=258007#post258007). I need to make upgrade vb up to the version vb 2.2.4 or not? :confused:

No. If you edited newreply.php & newthread.php you do not need to upgrade.

Originally posted by inetd
I need to make upgrade vb up to the version vb 2.2.4 or not? :confused:

No, if you made those security fixes manually or downloaded 2.2.3c, then it is not necessary to upgrade to 2.2.4.

lucky i waited :p

Thank you for fixing the silly name bug that I've been manually patching since 1.1... It would be nice to finish a client's installation though without having to change the version number 3 times :D

Originally posted by Overgrow
Thank you for fixing the silly name bug that I've been manually patching since 1.1... Honestly, I'm not sure how that slipped through for so long.

But that's actually what caused this issue and 2.2.3c/4. So, uhh, it's you're fault. ;) (I'm completely joking here, so don't anyone say I'm blaming bugs on anyone but ourselves)

Did you see my guest "Ed Sullivan" post before they deleted it? lol... you are my favorite vB staffer.. and the only one I could think of with two names ;)

Just an FYI, I also remove the % and the ; from the username to prevent wonky ascii characters.. not a bad idea for 2.2.4a, right?

I think I'll wait for 3.0.

Thank you.
Hooper


Ps. Hi Overgrow. Long time no hear. Glad to see you are still around. :)

I thought it was a joke when I read, that you releases 2.2.4 but no, its not a joke.

It's not such a good service to make those many releases, so that the normal Admin has to work serveral times to fix your bugs with the upgrades. And when he hacked his board a little bit, he needs a lot of time to do this job :( :o

Here is a post I made in November of 2000 about this in 1.x, specifically new user registrations:

http://www.vbulletin.com/forum/showthread.php?s=&threadid=4662

Hey Hooper :D

>>And when he hacked his board a little bit, he needs a lot of time to do this job

See Araxis Merge (http://www.araxis.com/merge/), you will never need to re-apply hacks again. And with this small update they provided you with the lines you need to change already.

Originally posted by Hooper
I think I'll wait for 3.0.

Thank you.
HooperIf you are on < 2.2.3 I would not recommend that...2.2.3 and 2.2.4 are both security fix releases.

Thanks for the patch, nice and easy to fix.

I am on 2.2.1 and am waiting for VB3. I nearly upgrade to 2.2.2 but did not due to me losing hacks, then if i upgraded to 2.2.3 and got them all installed then had to upgrade to 2.2.4 it would be such a waste of time. I know a lot of other ppl waiting for VB 3 as well instead of upgrading to 2.2.2, 2.2.3, 2.2.4.

This is ridiculous... really.

We upgraded from 2.2.2 to 2.2.3 and lost a lot of custom hacks... spent the entire weekend emersed in this mess... to get another frigging patch.......

Why can't the upgrades work so that we are asked if we want to replace or over write the files and not an uncontrolled complete replacment !!!!


Or how about just publishing the patch code so we can manually insert the fixes.....


this is getting really bad for commercial software that we pay for folks.....

Silkroad,

If you look like your avatar, I'll upgrade your vb for you.

:)

Dibble.

from the upgrade17.php file:



echo "<p>All this upgrade script will do is update your version number. There were no template changes between all releases of 2.2.3 and 2.2.4.</p>\n";


What the $#$UI*#$I!!

Originally posted by Dibble
Silkroad,

If you look like your avatar, I'll upgrade your vb for you.

:)

Dibble.

:D :D :D

damn new upgrade:(

Do we really need a repeat of the 2.2.3 released thread?

Look, if you hack your board, you abandon your right to easy upgrades and you should abandon your right to complain about it. It says so very clearly in the license that they will not support hacked boards. YOU chose to change the code. If you did not, then upgrading would be as simple as uploading the files.

Since you chose to hack and change your code, you can also choose to learn a Merge program like Araxis Merge or Beyond Compare or WinMerge. It makes upgrading HEAVILY HACKED boards very easy. It took only 2 hours to go from 2.2.1 to 2.2.3b and 5 minutes to 2.2.4.

endofstory.

I think this forum software should be tested on beta testers and not on the general public who are told that they are buying a secure and reliable piece of software only to find it needs a "Patch" every month or so.

I just spent a day sat hacking my forum to find that a new version of vbull has come out and I have to re apply all the hacks to the board again.

This is totaly untolerable and is to be honest getting to be a bit of a joke.

HM

Originally posted by Dibble
Silkroad,

If you look like your avatar, I'll upgrade your vb for you.

:)

Dibble.


Thanks, but I already got the shaft from vBulletin :mad:

I just manually uploaded the files that changed as well an manually changed the version number in the database.... but the home page still shows 2.2.3 !!!!

vBulletin is really giving us the royal shaft and they want us to like it... well we don't.......

If they would offer software that didn't NEED to be hacked that would be wonderful. The hacks I have made aren't are for functionality that SHOULD have been included in the first place!

Most important to me and the way my board works is the ability to have the board appear different for paying members and non-paying members. I beleive the hack is called modify forums based on user groups or something like that. It's just something that seems to be missing from the release version and it had been brought up ages ago, but never incorporated.

I have heard it will be in V3 but I can't wait for that. My board is set up with advertisements for non-paying members and no ads for paying members. A very rational business plan.

Since I have only the slimest knowledge of how to manipulate multiple template groups re-hacking is a BIG deal for me and a waste of time.

My BIGGEST problem with UBB was the daily released of patches. It hadn't occured here until recently, but I have to tell you it is pissing me off now. Can't you guys throughly test the updates before you make them public???

Then there is the deal you wrote in the notification e-mail "be sure to at least change the functions.php and global.php files" or soemthing like that. So I figure if I change two files everything will be cool... right... Well, I don't think that's the case after wading through the discussion threads. And there is NO good explanation if just changing those two files and now modifing two more is all I need to do to make my board safe.

Releasing security patches is giving you the shaft? Is it that hard to learn a compare/merge tool? (If you run a Unix board it really can't be that hard.)

The easiest way to change the version: /forum/admin/setting.php it's right at the top.

HM: Dont let it get you down. Much worse things in life.
Anyway, I thought you 'retired' from running your board. Give it to 'Doc' - sure he'd love it.

Silkroad: I'm sure you look sexy when your angry.

Anyway, to add something of value to my post:
I have upgraded from 2.2.3 to 2.2.4 without problem, although my board is hack free.
I think VB have a valid point if they dont support hacks, but I can understand your frustration.

If it pissed me off too much, I'd probably go with Ikoboard or phpBB or something.

Dibble.

>>It's just something that seems to be missing from the release version

We all have things that we think are missing from the release version, otherwise there would never be improvements on the base software. Personally, I wouldn't care if your feature was in vBulletin or not. Probably less than 5% of vBulletin owners have "subscriber plans" so why should 95% of us care about that feature? I'm just pointing out that there are lots of things that could be included in the base but aren't for reasons of:

1) keeping reasonable release dates
and
2) keeping it simple enough to setup and understand

GRRRR. Oh well. Time to update again. :p

How come when I install it there is no PM bar? What happened to it? How do I get it back??

Originally posted by Overgrow
Releasing security patches is giving you the shaft? Is it that hard to learn a compare/merge tool? (If you run a Unix board it really can't be that hard.)

The easiest way to change the version: /forum/admin/setting.php it's right at the top.

Great logic.... if you run a UNIX board with over 11,000 registered users and have a busy life we don't know what we are talking about or when we are getting the shaft :confused: :confused:


Yes, we know lots.... and don't like rapid fire 'security releases' that show that vB developers are just hacking and not testing.

The lastest round of 'security releases' are poorly done and there is no argument.....

and, OBTW, the argument that people who make their boards special are somehow bad customers and deserve the pain these bug fixes are giving them are out of line.... IMHO.

Having ranted and raved... our upgrades are done..... at least and we only got the shaft once today ;)

Just to add to what Overgrow said... There is a balance between lots of features and software speed. The more features you add, the fatter your code will be.

Ahhh. It paid off reading the whole thread. Thanks!

And to the vB team, thanks for keeping on top of this. Even though you're taking a beating by some, most of us appreciate the conscientiousness and all of your efforts. And on a weekend, yet! Thank you.
:D



Originally posted by tubedogg
No. If you edited newreply.php & newthread.php you do not need to upgrade.

Originally posted by Max Albert
Just to add to what Overgrow said... There is a balance between lots of features and software speed. The more features you add, the fatter your code will be.

Kinda reminds be of the 'modular' approach ... :) Seems we studied that in computer science 101, didn't we .....

In other words... to be more direct (sorry I'm mad and hot at vB today), lots of features and speed are not mutually exclusive if the code is written in a modular way.

OK. BYE !!!! I'm off this thread and will wait for tomorrow's Jelsoft release of vB 2.2.5 !!!!! or maybe 2.2.4b (squared)

Bad timing on my part. I just spent a large portion of Saturday upgrading my board from 2.2.1 to 2.2.3 and now it's already outdated. I'm going to apply the manual fix and be done with it. No way I'm spending two hours re-adding hacks again.

how can i update 2.2.1 to 2.2.4 manually (without uploading all the files and running the upgrades)?

thanks

All this upgrade script will do is update your version number. There were no template changes between all releases of 2.2.3 and 2.2.4.

Updating version number .... Done!

Upgrade to 2.2.4 completed successfully!



Please read the announcement threads where you can see which files have changed, how hard is that.. pff .. all those users yelling. Weird.

The upgrade script changed the version number, the files that were changed, changed a lot more then just a version number. Bit logical if you ask me. BUT anyway ..





Upgraded, and just went perfectly. Thank you vBulletin developers for putting in time and effort to remain a stable and secure board.

Originally posted by HairyMonster
...who are told that they are buying a secure and reliable piece of software only to find it needs a "Patch" every month or so.Please. If you can't be bothered to upgrade once every month or two then you should not be running any sort of web script. Features are added, bugs are fixed, security is tightened. Every single product out there is the exact same way. Humans are not perfect and things slip by, which is why you have access to upgrades for 1 year. If vBulletin were perfect you would not and you would have to pay for new versions since they would only be comprised of (bugless) new features.

Show me one bug-free, completely secure script. You can't, because it doesn't exist (and one person alone cannot determine if a script is secure; you need multiple people who think about things in different ways to try and make it as tight as possible).

Why can't I see the PM bar? It's not there on 2.2.3 or 2.2.4...And I don't know why. I haven't changed any of the templates...How do I get it there?

Although I give kudos to vBulletin for keeping up on security issues, and it isn't anybody's fault....I think I'm going to throw a temper tantrum because I just completed re-hacking my forums this morning after the 2.2.3 upgrade. :mad:

Originally posted by Rick Horwitz
If they would offer software that didn't NEED to be hacked that would be wonderful. The hacks I have made aren't are for functionality that SHOULD have been included in the first place!There are currently 620+ hacks at vBulletin.org, plus many other things that have not been released as hacks but are things that are slated to be included at some point in time. Incorporating everything is neither possible nor is it even a good idea. You think certain things should be included, I may or may not agree. There are only so many hours in the day and at the end of the day the most popular things get included (usually) but sometimes not because there simply is no way to please everyone. Saying that x y or z SHOULD be included is arrogant; you are assuming that everyone (or anyone) agrees with your particular point of view.


My BIGGEST problem with UBB was the daily released of patches. It hadn't occured here until recently, but I have to tell you it is pissing me off now.We have had only two instances where we released something followed up very quickly by another release; both dealt with security. If you would prefer your board suseptible to hacks, don't upgrade. It's really that simple. We have had, in the 9 months since 2.0.0 was released, 7 releases. Less than one a month. "daily" is neither accurate nor fair.


Then there is the deal you wrote in the notification e-mail "be sure to at least change the functions.php and global.php files" or soemthing like that. So I figure if I change two files everything will be cool... right... Well, I don't think that's the case after wading through the discussion threads. And there is NO good explanation if just changing those two files and now modifing two more is all I need to do to make my board safe.As stated in the announcement:
If you are upgrading from 2.2.3b or below, you need to do a full upgrade. Otherwise you can simply upload the files mentioned (editpost, newthread, newreply, postings, member, admin/global) and run the upgrade17 script.

Originally posted by silkroad
Yes, we know lots.... and don't like rapid fire 'security releases' that show that vB developers are just hacking and not testing.
The lastest round of 'security releases' are poorly done and there is no argument.....Yes, I have an argument with that. The two security releases are completely independent of each other. Testing is always done but until something gets into the open there is always a chance things are missed. That's why the term "bug" exists. If we were superhuman and never missed anything there wouldn't be any need for bug fix releases, but until that time, there will continue to be.


and, OBTW, the argument that people who make their boards special are somehow bad customers and deserve the pain these bug fixes are giving them are out of line.... IMHO.You agreed to the license by purchasing vB. I'm sorry you don't agree with it but it is the same industry-wide.

Kevin,

How do we now if we downloaded 2.2.3b or 2.2.3c? I downloaded and upgraded yesterday morning, but it just says 2.2.3 at the bottom of my forums.

Guys, I hate to sound rude, but I've got an actual issue I'm trying to resolve and you people are just bickering about how "inefficiently vBulletin is testing their products" I don't care if I have to upgrade 500 times in one day, it might get annoying but at least it'll be more secure.

Now, on to my issue please. The PM bar is not there in 2.2.4, and I don't know why. I even moved the $pminfo around just to see if it would appear somehow and it's not. How do I get it back?

Easy update. Good work guys.

Originally posted by tubedogg
As stated in the announcement:
If you are upgrading from 2.2.3b or below, you need to do a full upgrade. Otherwise you can simply upload the files mentioned (editpost, newthread, newreply, postings, member, admin/global) and run the upgrade17 script.
Actually, according to John:

If you are running 2.2.3c , there is no immediate need to upgrade as you are secure (although there are a few minor bug fixes that make it worth while upgrading if you can). If you are running 2.2.3 or 2.2.3b , there are details in this thread telling you how to patch the files. If you are running older versions, you are recommended to upgrade as soon as possible.
So no need to upgrade if you are running 2.2.3 or 2.2.3b patched, right? Not sure if by "older versions" John means older than 2.2.3c or older than 2.2.3.

Here's the deal so let's please stop all of this bickering.

Say you are running 2.2.3 and are now mad because you spent X number of hours reinstalling hacks. This is what you do..

Are your attachments and avatars working fine? If so you don't need to make the newthread/newreply/member/editpost changes in that area. Those changes center around $enctype and if you look for that in both versions, you can clearly see what is changed. Do you enable guests posts? If not, than you don't need to worry about the changes in newreply/newthread in that area. If you do than there are DIFF's of those specific changes in the announcments forum. All it involves is adding two parenthesis in an area that is never hacked upon. The change to postings.php only stops the display of an ip address if someone clicks on the ip logged link and the ip is unable to be resolved. All it involves is moving one line a couple spaces down.

That's it.

Originally posted by RobAC
Kevin,

How do we now if we downloaded 2.2.3b or 2.2.3c? I downloaded and upgraded yesterday morning, but it just says 2.2.3 at the bottom of my forums. 2.2.3c was released this morning (at about 10:45am EST) so if you downloaded before then, you are running 2.2.3b.

Originally posted by mjames

Actually, according to John:

So no need to upgrade if you are running 2.2.3 or 2.2.3b patched, right? Not sure if by "older versions" John means older than 2.2.3c or older than 2.2.3. You're right - 2.2.3 patched or 2.2.3b patched does not need to be upgraded (unless you are having problems with uploading files/avatars). 2.2.3 or 2.2.3b unpatched should be upgraded immediately.

"Older versions" means prior to 2.2.3, e.g. 2.2.2 and below.

grrr....Am I just being ignored here? Please stop bickering at each other...I know people are reading this cuz they are replying in the thread. So...I'll ask yet again and hope I'll get an answer this time through all the bickering...Help me with this then go about your bickering please....pretty please? Do I have to fill out a support ticket?

I just wanna know how to get the PM bar back on the main index.php page...It doesn't show and I'm running 2.2.4 on a fresh install...Pretty please?

As John mentioned you should post troubleshooting messages in the Troubleshooting forum, this is just for discussion of the release in general.

But to your question...You installed 2.2.4 fresh, no modified files or templates, and you are logged in? Do you have PMs turned on in your options (if you installed it fresh, likely your PMs are turned off in your profile by default).

Originally posted by tubedogg
If you are on < 2.2.3 I would not recommend that...2.2.3 and 2.2.4 are both security fix releases.

Does the upgrades affect the templates? That's my only concern. I know I will have to re-hack the files, but if that's the only thing I have to worry about, then re-installing the hacks will be a breeze since I wouldn't have to re-modify templates also.

Yes it is turned on in the Admin CP. Under "Private Message Options" correct? yes, I have it turned on so it's supposed to show on the main index. But for somereason it's not...

Radon, there was nothing whatsoever changed in 2.2.3 or 2.2.4 that would affect PM's so you will have to fill out a ticket and have someone login to your board/server to see what is going on.

bah...that's not good..but ok, thx

Originally posted by Radon3k
grrr....Am I just being ignored here? Please stop bickering at each other...I know people are reading this cuz they are replying in the thread. So...I'll ask yet again and hope I'll get an answer this time through all the bickering...Help me with this then go about your bickering please....pretty please? Do I have to fill out a support ticket?

I just wanna know how to get the PM bar back on the main index.php page...It doesn't show and I'm running 2.2.4 on a fresh install...Pretty please?

I am not ignoring you, I just do not know what could be wrong.
I do not have this problem with version 2.2.1 / 2.2.2 / 2.2.3 / 2.2.4.

If you post a support question and it doesn't get awsnered you can open a sales ticket through the members area, that way they will look into it for sure.

The priv msg box will not show up, if you are browsing the forum as a guest. Also, if you test it as admin, make sure the admin is actually added to the 'administrators' usergroup.

I want to upgrade from 2.2.1. I have modified the default template (the only one I use) in a number of spots - too many to easily track. Can someone please tell me the steps for upgrading now that I've downloaded 2.2.4? I suspect it's not as easy as uploading all the files (I will skip the Images directory as I'm using a modified colour scheme) and running the upgrade*.php files.

How do I upgrade without causing problems with the modified template?

Thanks.

K

Well I can see why some people are a little bit upset. I havent put any crazy hacks yet. I guess I'll just wait for vb3. But the upgrade was easy. Thank you

I can't believe I'm reading all this - I for one beg for bug fixes to come through, especially security related ones. Just this weekend I finally upgraded to 2.2.3b, so this morning I find out I have to upgrade yet again - yes that's a lot of work, but I WELCOME it and am grateful that Jelsoft are finally issuing bug fixes that don't include new functionality.

I have a sh#tload of hacks I have made to my forums so that they work and integrate the way I specifically need them to. But what I have done is carefully write (what is now) a three page document on these changes - ie search for "xxxx" in file xxxx and replace with "xxxx", search for "yyyy" in file yyyy and add "yyyy" above it, etc. To that end it takes me around ten minutes to rehack my forums.

I realise everyone's board is different and others may be more complicated, but code hacking is NOT Jelsoft's fault at all. I encourage them to keep putting out bug fixes, in fact I EXPECT and DEMAND it - I didn't pay for this software to live with bugs purely because their efforts are now vB3.

That said, and as I've discussed before, the need to edit templates IS Jelsoft's problem. The vBulletin software itself is entirely designed around the template system, and ENCOURAGES and REQUIRES you to custmise the templates for your needs. Yet each time there is a new version updating your templates is a pure nightmare (at least for me since wrote my templates 100% from scratch) - and that's with the little information that is provided, some template changes aren't even documented. I recall Freddie mentioning he has some really cool changes coming in regards to template management though, so I think this nightmare will be over come vB3.

Anyways keep up the fixes Jelsoft - so long as you keep identifying whether people "need" to do each upgrade then I'm happy (due to time I generally hold off until the update is security related or Jelsoft feels it is important to update).

Originally posted by Radon3k
Yes it is turned on in the Admin CP. Under "Private Message Options" correct? yes, I have it turned on so it's supposed to show on the main index. But for somereason it's not... I'm sorry, I meant under your options in the User CP > Edit Options. But the global setting would affect it too :)

Well I just LOVE making a complete ass outta myself. I figured it out...It was turned on in the Admin CP, but somehow my user options got reset and it went back to "Do not enable PM's", therefore, it wouldn't show. I love making an ass outta myself...Thanks anyway for the help....

::runs off embarassed::

hehe, some never get the point.

Originally posted by DVD Plaza
I recall Freddie mentioning he has some really cool changes coming in regards to template management though, so I think this nightmare will be over come vB3.No, Kier handles template stuff. You can inherit template sets now, can create a new template set based off a set you have modified and so forth. You will always have to compare our template changes to your modified templates to determine if something is needed. There is no way to get around that.

Originally posted by Kino
I want to upgrade from 2.2.1. I have modified the default template (the only one I use) in a number of spots - too many to easily track. Can someone please tell me the steps for upgrading now that I've downloaded 2.2.4? I suspect it's not as easy as uploading all the files (I will skip the Images directory as I'm using a modified colour scheme) and running the upgrade*.php files.

How do I upgrade without causing problems with the modified template?

Thanks.

K All you need to do is upload all of the .php files (not including install.php) and then run the following files:
upgrade15.php
upgrade16.php
upgrade17.php
As to your templates, your custom templates will be blue while default are green in the template list. Any that are both blue and on the list of templates changed in the 2.2.2 and 2.2.3 upgrade announcements should be reverted and recustomized, *or* you can use the View Original link to compare your custom version to the default and manually apply changes to your custom templates.

Originally posted by Radon3k
Well I just LOVE making a complete ass outta myself. I figured it out...It was turned on in the Admin CP, but somehow my user options got reset and it went back to "Do not enable PM's", therefore, it wouldn't show. I love making an ass outta myself...Thanks anyway for the help....

::runs off embarassed:: hehe, np :)

call me a freak (thats what mom does), but I enjoyed re-applying hacks. For me, the only way to learn about something is do it over and over. :)

I dont have too many hacks installed, and the only one that broke from 2.2.1 to 2.2.3b was the Welcome Panel Hack, which IIRC required 1 line of code to be re-applied.

I can sure see ppl being upset facing the fact they may lose a bunch of hacks, but like Overgrown said, Jelsoft doesnt support hacked boards, it would be impossible for them to create upgrades for every type of hack out there, hence why they are called Hacks in the first place. If it bothers you, either dont use hacks, or dont whine as much.

I for one am grateful there are releases like these. Some of the boards I've used before coming to vB rarely released patches or it was all "do it yourself".

Oh well, thats my 2 (insert world currency of your choice).

Originally posted by silkroad

Yes, we know lots.... and don't like rapid fire 'security releases' that show that vB developers are just hacking and not testing.
Without getting into details, the first security vulnerability was not directly related to vBulletin. This vulnerability most likely still affects all the other boards around, unless they released a fix, like vBulletin just did, or were lucky to avoid this problem in the first place, without even knowing of its existence.

I agree though that the second fixed problem (the bad SQL query), was sad, because it apparently was there since the first versions, and was discovered in a bad timing, so it's understandable why people might feel that way about the latest fixes...

(If anything I said is wrong or inaccurate, I apologize. Please feel free to correct me).

Mee too..... I am greatful for all the great work at Jelsoft...... and a great product :)

Having said that, 3-4 bug/security fixes in a week deserves a lot of harrassment !!!!

We love ya, Jelsoft... .but we like to abuse ya toooooooo.

I'm waiting for release 2.2.4b to arrive in a few days !!!!

Woooopeeeee............. I'm soooo happy...... yea, yea, yea.....


:p


Anyway, we've decided not to add most of our hacks back............. for obvious reasons :)

Originally posted by Tommy Boy
I agree though that the second fixed problem (the bad SQL query), was sad, because it apparently was there since the first versions...It was introduced in 2.2.3, it was not there since the "first versions". It was introduced due to a bug fix of a (non-security-related) username issue.

Originally posted by silkroad
I'm waiting for release 2.2.4b to arrive in a few days !!!!


no no no no no more upgrades please, let's all take a break and wait for v3.0.
oh God, i'm getting older, today i lost a couple of years, brrrr

I think the staff has done a great job! I have a board with somewhere in the range of 25+ hacks installed and had almost no trouble at all going from 2.2.2 to 2.2.3b, and then to 2.2.4.


Hackers should all be aware by now that file comparison tools are a wonderful timesaver for such things.

Thanks for the fixes. :)

Just curious, don't want to start some sort of flame war, but wouldn't it, perhaps be ok to not release exact modifications but a log of what files were modified?

IE: modified: functions.php moderator.php members.php memberlist.php

Just so those of us who have alot of modifications can at least know what to compare?

Thanks,
-Nafae

Originally posted by Nafae
[B].... but wouldn't it, perhaps be ok to not release exact modifications but a log of what files were modified?

IE: modified: functions.php moderator.php members.php memberlist.php

Just so those of us who have alot of modifications can at least know what to compare?



Agreed and also:


1. each release file should have the release in the name... i.e vbulletin_2_3_4.zip and not use vbulletin2.zip !!!

2. release upgrade files and not just full releases...... with upgrade options...... because when you 'upload' the files, old files are overwritten and some don't need to be.... or can be done CAREFULLY !!

Helllooo ......... why not??

Originally posted by Nafae
Just curious, don't want to start some sort of flame war, but wouldn't it, perhaps be ok to not release exact modifications but a log of what files were modified?

IE: modified: functions.php moderator.php members.php memberlist.php Actually John did just that in his announcement:


Files changed (from 2.2.3b)

editpost, newreply, member, newthread, postings

And the usuals (all for just the version number): admin/global, admin/install, admin/upgrade1, admin/upgrade17

Originally posted by tubedogg
It was introduced in 2.2.3, it was not there since the "first versions". It was introduced due to a bug fix of a (non-security-related) username issue.
Thanks for clearing that up! Sorry for the confusion. :(

How do I fix the username (it's vanished after upgrading)? Heh, yes, I did a search, but too many posts to sort through.

Originally posted by smachol
Actually John did just that in his announcement:



Ahh I didn't even notice that, thanks hehe :)

Because of the number of templates I've made custom html adjustments to all by hand, and the time necessary to compare to all the originals, I'm hoping for a listing of critical security fixes that we could manually insert into templates, and which (if any) corresponding .php files need to be replaced.

Is there just a small amount of code that could be hand fixed in a few places to carry at least the critical security fixes between 2.2.2. and 2.2.4?

The reason i ask is that I'm a newbie with vBulletin, and don't know anything about installed 'hacks', but have rather made lots of minor changes that I don't want to lose... (e.g., a real minor one that might be hard to 'catch' or remember would be changing the text atop the forums seen by guests that says 'you must register to post' instead of the default 'you may need to register to post', etc. Seems like almost every template of mine has some little word change here or there. So I wonder if it'd be a lot easier to hand-insert security fixes in a bunch of templates instead.

thanks in advance for any info you could offer on this!

Though there has been a lot of critism, I, for one, would like to thank and acknowledge the hard work that vBulletin and Jelsoft are putting out.

I want everyone who is complaining to realize how simple it is to upgrade your forums with Beyond Compare or A M. The time you spend complaining could be easily used to upgrade and keep all hacks with ease.

Thanks Jelsoft.

Originally posted by zaon
[B]Because of the number of templates I've made custom html adjustments to all by hand, and the time necessary to compare to all the originals, I'm hoping for a listing of critical security fixes that we could manually insert into templates, and which (if any) corresponding .php files need to be replaced.

Is there just a small amount of code that could be hand fixed in a few places to carry at least the critical security fixes between 2.2.2. and 2.2.4?


There are no template mods between 2.2.3 and 2.2.4. All modified templates between 2.2.2 and 2.2.3 were listed in the announcement about its release. You can then manually compare the changes.

I too have a complaint with having to constantly re-hack my board, but, the complaint is my own. I chose to modify the code, and it's not Jelsoft's responsibility. I applaud them for keeping their codebase secure.

If I were to make any changes in how they operated, it would be a diff system. Using Araxis Merge, re-hacking my board takes a little over an hour, but, if there were a standardised way of hacking things, one could create an application to automatically upgrade the code.

For example: If all hacks were applied in such a way as to have:

/* old code for X hack
old code
*/

// New code for X hack
new code
// End new code for X hack

it would be trivial to make an app to find the replacements, run through all of the code, and pop up a 're-apply this modification?' type dialog and do it automatically.

But hey, that's just an idea.

Ah well.

Awesome job with this release, from 2.2.0 - 2.2.4, I saw many improvements, spelling fixes, and trivial things fixed that could have been a problem. Bravo, Jelsoft. Keep up the good work.

Originally posted by neal
...All modified templates between 2.2.2 and 2.2.3 were listed in the announcement about its release. You can then manually compare the changes.

Thanks for the info... Where do I find this 'announcement page'?

I just thought of this, and I dunno if I'm talking out of my ass, but this seems like a damned good idea:

Instead of re-releasing the entire codebase for a minor fix, why not release it as a hack? IE:

in xxxxx.php:
find:
somecode

replace with:
someothercode

If that were an option in the members area, I would be extatic! Some of the fixes are only a few lines in a few files, exactly as a hack would be...

Once more, that would apply with my diff system idea. :)

Originally posted by zaon


Thanks for the info... Where do I find this 'announcement page'? http://vbulletin.com/forum/showthread.php?s=&threadid=41256

1.) The usernames are not there anymore (above avatars on posts)

2.) The "New code, PHP, and quote boxes" hack no longer works.

1) What version did you upgrade from? Does $post[username] still appear in your postbit template somewhere? However since you said that you hack we cannot support you unless you remove all hacks and are still experiencing the problem.

2) We do not support hacks. The author of the hack will have to update it to work with 2.2.4 apparently.

Originally posted by tubedogg
1) What version did you upgrade from? Does $post[username] still appear in your postbit template somewhere? However since you said that you hack we cannot support you unless you remove all hacks and are still experiencing the problem.

2) We do not support hacks. The author of the hack will have to update it to work with 2.2.4 apparently.

I fixed #2 using "replacement code problem fix". I upgraded from v2.2.2, so I'll see if $post[username] is in postbit.

Thanks vB for working over the weekend to provide these updates.

Originally posted by tubedogg
http://vbulletin.com/forum/showthread.php?s=&threadid=41256

Hmmm... a bit confusing to us first-timers..

Okay, let me see if I'm interpreting correctly:

1) We download the 'install' files as if setting up a new site, and then upload to our forums site all of the .php files except the install.php file... and doing this by itself does not affect any templates or custom changes? In other words, these .php files don't 'touch' the database at all?

2) Then there are like four templates they recommend we revert and then re-add our custom changes? Now, is this because some .php file is going to change those templates in some manner?

So basically these upgrades are just .php code and not really the database? Or, do they call upon some new 'functions' listed in those couple of templates?

Also, if you don't touch the templates, do the majority of the security fixes take place anyway by use of replacing the php files?

Finally, what is that upgrade php file all about? If we're supposed to run it, do I assume it's in some way akin to running an exe on my local system in that it goes out and does something? Is this more custom stuff I need to do? Does any of it affect the templates?

Thanks for putting up with us newbies!

tubedogg said:
As stated in the announcement:
If you are upgrading from 2.2.3b or below, you need to do a full upgrade. Otherwise you can simply upload the files mentioned (editpost, newthread, newreply, postings, member, admin/global) and run the upgrade17 script.


In the official announcement thread for 2.2.4, it says:



If you are running 2.2.3 or 2.2.3b , there are details in this thread telling you how to patch the files. If you are running older versions, you are recommended to upgrade as soon as possible

So if I patched the newreply and newpost.php files manually is there still a need to do a full upgrade? I just upgraded from 2.2.2 to 2.2.3b a day ago.

Thanks.

Originally posted by Radon3k
grrr....Am I just being ignored here? Please stop bickering at each other...I know people are reading this cuz they are replying in the thread. So...I'll ask yet again and hope I'll get an answer this time through all the bickering...Help me with this then go about your bickering please....pretty please? Do I have to fill out a support ticket?

I just wanna know how to get the PM bar back on the main index.php page...It doesn't show and I'm running 2.2.4 on a fresh install...Pretty please?

If you post your issue in the Support Forums you will get a better response. This thread is not for support but for discussing the new release. While this may be related it will get better attention in its own thread.

To answer your question, revert your forumhome template.

Originally posted by Hooper
I think I'll wait for 3.0.


me too. Lucky me I am still at 2.21

:D

Originally posted by silkroad


Agreed and also:


1. each release file should have the release in the name... i.e vbulletin_2_3_4.zip and not use vbulletin2.zip !!!

2. release upgrade files and not just full releases...... with upgrade options...... because when you 'upload' the files, old files are overwritten and some don't need to be.... or can be done CAREFULLY !!

Helllooo ......... why not??

We know that you are frustrated and upgrading can be a pain. We have taken steps to fix that in the 3.0 engine under development now. Unfortunately the time involved to roll these changes in to the vBulletin 2.0 series is just to great and would result in a lot of changes.

For vBulletin 3.0 somethings that you will be provided with include:
1) More modular code that is logically placed in files. You will be able to determine a files function by its name. This results is more files but they are smaller and leaner and will use less resources individually.

2) CVS version stamp in each file along with the vBulletin version that is applies to.

3) We are also discussing ways to make the upgrade process itself simpler but haven't settled on a solution yet.

We do constantly strive to make the product better for you which includes ease of upgrading and maintenance. We know releasing 4 upgrades in rapid succession is trying and opposes that goal. For this we apologize, however do to the nature of the fixes we felt we had no other alternative in the matter.

I trust that your upgrade did go fine in the end and everything is working properly.

Hi wluke I understand you're busy. However could you please see if you could answer my question on the 6th page? thx.

I'm at 2.2.2, I think I'll wait for vBulletin 3 since I have so many hacks to reinstall.

I think they are doing a great job jumping on security issues. The day I stop making mistakes is the day I will start complaining about security updates (Eva, Freddie, tubedogg, I know I am an NT guy stop laughing at me!)

Originally posted by silkroad
1. each release file should have the release in the name... i.e vbulletin_2_3_4.zip and not use vbulletin2.zip !!!I couldn't agree more. I seem to recall they have this static filename as part of that the dynamic build process that we go thru when we download each version. But that could and should be an easy fix. I for one like to keep old versions in the odd case it would be preferable to revert back a step or two.

2. release upgrade files and not just full releases...... with upgrade options...... because when you 'upload' the files, old files are overwritten and some don't need to be.... or can be done CAREFULLY !!

Helllooo ......... why not?? Apparantly it takes too long to build such patch/upgrade packages. :rolleyes:

Originally posted by postalbobo
I just thought of this, and I dunno if I'm talking out of my ass, but this seems like a damned good idea:

Instead of re-releasing the entire codebase for a minor fix, why not release it as a hack? I think, and please correct me for being wrong, this is oh-so intentional because Jelsoft flat out refuses to contemplate any and all suggestions that could be seen as directly or indirectly supporting hacked boards.

While I understand and respect that stance, the child in me can't help but feel that's mean. :p

If I'm reading this correctly, people are bitching and moaning about a company constantly improving their products? Wow, that's pretty ****ty! I mean for that $160 license fee, I expected to have one update released a year. The rest of the year, the guys at Jelsoft would be on vacation, right?

Freaking cry babies.... :rolleyes:

**** when I was with Infopop, there software was PLAGUED with unbelievable amounts of bugs and security holes. They rarely ever released any updates and when you suggested new updates, you got kicked in the balls.

Good job Jelsoft! I'm a VERY happy convert and am amazed at how much effort and care is put into your products.

P.S. the update took me a whole 30 seconds. Uploaded the zip, uncompressed, ran upgrade17.php, and I was done.

What the hell are you guys whining about?

Originally posted by zaon


Hmmm... a bit confusing to us first-timers..

Okay, let me see if I'm interpreting correctly:

1) We download the 'install' files as if setting up a new site, and then upload to our forums site all of the .php files except the install.php file... and doing this by itself does not affect any templates or custom changes? In other words, these .php files don't 'touch' the database at all?You have to run the upgrade1x.php file(s) to have the necessary changes made to the database. Depending on your current version you may have to run one or more upgrades as laid out in the announcement.

Originally posted by ubbuser
Hi wluke I understand you're busy. However could you please see if you could answer my question on the 6th page? thx. See freddie's answer on page 4, where he broke down what needed to be upgraded under certain scenarios. Unless you're having the problem with avatars not being uploaded, you don't need to upgrade.

Originally posted by wluke
I trust that your upgrade did go fine in the end and everything is working properly.

Thanks for the details on the vision for the future release and asking about the install.... yes, it went fine and have minmized the number of hacks so we won't get our hands slapped for spending time to build a super presentation only to find upgrades overwrite files with no control over the process .... did I say it right ? :) :confused:

And yes, I agree with everyone who says that Jelsoft is a great company. In fact, you are a model of success in every way, a network-centric, web-based, forums-based software distribution company that builds a great product based on some of the best openware in the world and you address security issues fast and furious.

Your idea about a more modular distribution sounds great and I am confident that Jelsoft will take vBulletin to the next level and continue a great product. So, despite our rants over how upgrades overwrite our beloved board modifications and how we get lots of patches when we prefer to be going to movies and shopping, we love vBulletin !!!!

In other words, vBulletin is not nirvana but it is better than the rest by far and wide margin. Thanks for the dialog and superior support, BTW.

Just upgraded on Thursday to 2.2.3b. I think I'm going to wait this out a bit and make sure 2.2.5+ is not coming down the pipe.

good thing i hadn't got around to installing all the hacks after the last upgrade a day ago... lol

Originally posted by GK_3GO
If I'm reading this correctly, people are bitching and moaning about a company constantly improving their products? Wow, that's pretty ****ty! I mean for that $160 license fee, I expected to have one update released a year. The rest of the year, the guys at Jelsoft would be on vacation, right?

Improving it is adding more functions not fixing bugs that should not be there in the first place :(



Freaking cry babies.... :rolleyes:

Call me a cry baby again and you wont have a forum left to upgrade m8 :)



**** when I was with Infopop, there software was PLAGUED with unbelievable amounts of bugs and security holes. They rarely ever released any updates and when you suggested new updates, you got kicked in the balls.

Yeah and UBB sucks too



Good job Jelsoft! I'm a VERY happy convert and am amazed at how much effort and care is put into your products.

Yes I am sure I would be happy if I could sell something with bugs in and get away with it :)


P.S. the update took me a whole 30 seconds. Uploaded the zip, uncompressed, ran upgrade17.php, and I was done.

What the hell are you guys whining about?

Cos some of us have hacked our boards and are just damn right pissed off at having to spend so long adding the hacks back and telling our members that the hacks we added last week dont work this week.

Next time you post fkin read the thread your posting with as its full of reasons why.

HM

HM, who do you think you are? Oh yes, big Mr. 1337 |-|aXx0r, threatening someone else. Stop acting so childish. That's primal...brute force. It's a language only savages understand.


Yes I am sure I would be happy if I could sell something with bugs in and get away with it
Are you dense? NO PROGRAM OR APPLICATION IN THE HISTORY OF THE WORLD HAS BEEN BUG-FREE. EVER.

Originally posted by HairyMonster
Call me a cry baby again and you wont have a forum left to upgrade m8 :)Smiley face or not, I'd appreciate it if you refrain from making these kind of threats against other vB owners.

Originally posted by HairyMonster

Call me a cry baby again and you wont have a forum left to upgrade m8 :)

HM

watcha gonna do dude?
oh puh-lez, how old are you? :rolleyes:

Originally posted by TWTCommish
Are you dense? NO PROGRAM OR APPLICATION IN THE HISTORY OF THE WORLD HAS BEEN BUG-FREE. EVER.

When I submit papers / books to my boss, I don't turn to her 24 hours later and say "whoops, let me tweak that file one more time" only to tell her 48 hours later "whoops, let me tweak that file one more time." These rapid-fire releases, (oddly named 2.2.3b...2.2.3c..huh?) seem like sloppiness and panic to me rather than the status quo in the software industry.

Sorry vB, but that's just how it looks.

Originally posted by aldamon
When I submit papers / books to my boss, I don't turn to her 24 hours later and say "whoops, let me tweak that file one more time" only to tell her 48 hours later "whoops, let me tweak that file one more time." These rapid-fire releases, (oddly named 2.2.3b...2.2.3c..huh?) seem like sloppiness and panic to me rather than the status quo in the software industry.
Here's why you don't do that: because your boss does not have the potential to lose her entire Inbox because of your mistakes. If she did, yeah, you would go back and fix it.

Originally posted by HairyMonster
Call me a cry baby again and you wont have a forum left to upgrade m8 :)Please do not threaten other users.

Oh and this thread is very near to being closed, ending all discussion about this release since it seems some only like to make noise.

"From the announcement
We apologise for the frequency of updates recently. However, we are keen to maintain vBulletin's security, and to notify customers as soon as we are aware of issues, so we felt it was more important to get this information out to you as soon as possible, rather than sitting on it."

Folks, why is vB apologizing? Obviously, these releases are not normal. vB should have been "keen" on taking the time to edit the code the first time, not three times in 48 hours. Hence the apology. Perhaps if they "sat on it" for a harmless 48 hours more, we'd have had a clean upgrade instead of rapid-fire drivel. Anyone here feel secure? I sure don't. If these updates were so critical, then why didn't they take a little time (48 hours, cough) to get it right or test?


Originally posted by TWTCommish
Here's why you don't do that: because your boss does not have the potential to lose her entire Inbox because of your mistakes. If she did, yeah, you would go back and fix it.

Sorry TWTCommish, but don't be arrogant. My boss might not lose her "entire InBox", but such sloppiness would create the potential for me losing my job. Mistakes are no more excusable in the programming world than in the print world. Programmers just live the illusion that anything and everything can be tweaked and re-released at everyone ELSE's expense.

Originally posted by aldamon
Sorry TWTCommish, but don't be arrogant. My boss might not lose her "entire InBox", but such sloppiness would create the potential for me losing my job. Mistakes are no more excusable in the programming world than in the print world. Programmers just live the illusion that anything and everything can be tweaked and re-released at everyone ELSE's expense.
I'm being no more arrogant than yourself. I don't meant that to be offensive, but I am merely speaking firmly...if that makes me arrogant, it makes you just as arrogant.

Really? A minor inconvienence would cause you to potentially lose your job? I'll have to take your word on that. Mistakes are excusable in virtually everything...because we're human. And yes, they ARE more excusable. When you look up a word, to see that it is spelled right, there's really not much more to it in that respect. Programming is as much artistic as it is technical, in the sense that things can be created or exploited in a million ways.

vB apologized because they try to release things very rarely...and they've suceeded in this. This is a rarity...and anyone who's going to get all hot and bothered over it is over-reacting, IMO.

aldaman-

No one is forcing you to upgrade. Upgrading is at your own will. You have no right to be complaining. If you do not wish to upgrade, DON'T! You're not going to lose your vB liscense if you don't upgrade. If it is really causing you so many problems, pretend the release never came out.


Personally, I'm going to upgrade (and in less than an hour with BC or AM). I would think you'd be happy that a software company cares enough about its users to be releasing security updates.

Firstly, we are not trying to excuse ourselves, we are saying yes, we did make mistakes, and we are currently looking back and reviewing the situation that led up to this to identify how we can avoid it in the future.


Folks, why is vB apologizing? Obviously, these releases are not normal. vB should have been "keen" on taking the time to edit the code the first time, not three times in 48 hours. Hence the apology. Perhaps if they "sat on it" for a harmless 48 hours more, we'd have had a clean upgrade instead of rapid-fire drivel. Anyone here feel secure? I sure don't. If these updates were so critical, then why didn't they take a little time (48 hours, cough) to get it right or test?

Let me try and explain what happened. vBulletin 2.2.3 was released and very soon (like 5 mins) after that was released, we discovered quite a serious bug, so that release was temporarily withdrawn. This was replaced by 2.2.3b a few hours later on Wednesday night.

The implications of the guest posting bug were first realised early on Sunday morning, and Chris S rightly posted an update on the forums very promptly to let people know about the bug. I found out about this later on Sunday afternoon, and made the decision to release a version 2.2.4, practically identical to 2.2.3c, so as to make a clean version number with a clean start. As we have stated, if you are running 2.2.3c, there is no need to upgrade.

Believe me, those 48 hours would not have been harmless, since this was a serious security issue.

Again, we know that we have made mistakes, and we apologise for the inconveniences caused. We are now trying to learn from our mistakes.

Cheers,

John

Since when was voicing an opinion and stating fact making noise ?

BTW I appologise for my earlier outburst that was totaly uncalled for and the result of me taking out the loss of a loved one on the person involved.

Please except my appologies I was just in a vile mood, and I aint known for having a nice temper.

HM

No one is forcing you to upgrade. Upgrading is at your own will. You have no right to be complaining. If you do not wish to upgrade, DON'T! You're not going to lose your vB liscense if you don't upgrade. If it is really causing you so many problems, pretend the release never came out.


Hmmmm dont upgrade and compromise the security of your forum, hmmmm not much of a choice is there now.

I have hidden forums on my board which are hidden for the reasons I wish them to remain hidden and not be viewed due to a mistake in the code by some one who wrote the software. I have every right to complain

And only an idiot would compromise the security of thier forum and I am not an idiot, so pretending the update never came out aint an option either is it :)

HM

Originally posted by John
Firstly, we are not trying to excuse ourselves, we are saying yes, we did make mistakes, and we are currently looking back and reviewing the situation that led up to this to identify how we can avoid it in the future.

Believe me, those 48 hours would not have been harmless, since this was a serious security issue.

Again, we know that we have made mistakes, and we apologise for the inconveniences caused. We are now trying to learn from our mistakes.

Cheers,

John

Thank you John. As tubedogg illustrated, these releases were NOT normal for you and your excellent crew. I'm glad to hear that future releases will be handled differently.

Personally, I appreciate the efforts of Jelsoft to ensure that their software works well and is as secure as possible.

My experience with vb so far indicate that they are doing a very good job, not only on engineering itself but also on quality. This doesn't happen every release, so I don't know why some are so excited.

John, it's in moments like these that we need 'real' support, and Jelsoft and vB team stood up for us, even on a weekend :)
It makes you feel proud and fulfilled, i am a very proud vB member and i will never leave.
here's a huge hugg to the team :)

Originally posted by HairyMonster
And only an idiot would compromise the security of thier forum and I am not an idiot, so pretending the update never came out aint an option either is it :)

That wasn't directed towards you ;p And I agree with you completely, I'm talking to the people who are COMPLAINING about vBulletin making its software better. You don't like them fixing bugs and upgrading their software... don't upgrade!

Well your dammed if you do and dammed if you don't. Sheesh, I was one of the posters on the 2.2.3 thread that complained that we were not being told what files had changed. I disagreed with the need to replace every file for a security update. That said, John stated that (no promises) Jelsoft would look at providing some sort of list for future updates. Well folks the man provided detailed instructions for 2.2.4 to save you overwriting all your files so what’s the problem? It took me 10mins to update to 2.2.4, I re-hacked the 2 main change scripts, uploaded and overwrote postings.php and ran the final upgrade script to update the version number. That’s it done and dusted.

We really can't complain, you can't have it both ways.

Hi about the IP display issue with postings.php, I have not upgraded to 2.2.4 (have 2.2.3 patched running).

Does this mean that a regular member who is not a admin/moderator can click on "IP:logged" and if the IP is not resolvable, he/she will be able to see the IP address of another member?

Thanks for the great work in fixing security issues.

Originally posted by ubbuser
Hi about the IP display issue with postings.php, I have not upgraded to 2.2.4 (have 2.2.3 patched running).

Does this mean that a regular member who is not a admin/moderator can click on "IP:logged" and if the IP is not resolvable, he/she will be able to see the IP address of another member?

Thanks for the great work in fixing security issues. That's exactly what will happen.

Just upgraded to 2.24 and spend 2 hours re-hacking the forum . :)

Originally posted by Shaman
Personally, I appreciate the efforts of Jelsoft to ensure that their software works well and is as secure as possible. I agree, I like a fully secure board.

Anyone ever considered writing a script that could save and reset hacks before and after an upgrade? The originals are still in there because you can always revert them, so you could have a script to scan for differences, save them, and re-add those changes after an upgrade. Just a thought...dunno how hard it would be to do something like that though..

We are running on 2.2.2 now we wanna upgrade .
could someone tell me what templates will be modified because i cant figure it out anymore.

tnxs

Originally posted by Wizard
We are running on 2.2.2 now we wanna upgrade .
could someone tell me what templates will be modified because i cant figure it out anymore.

tnxs


Please read this thread: http://www.vbulletin.com/forum/showthread.php?s=&threadid=41570

The upgrade instructions for 2.2.2 > 2.2.4 are there, below them are the templates that have been altered. (also the files)

Originally posted by Wizard
We are running on 2.2.2 now we wanna upgrade .
could someone tell me what templates will be modified because i cant figure it out anymore.

tnxs

There were no template mods between 2.2.3 and 2.2.4. You can find what templates were modified between 2.2.2 and 2.2.3 in the announcement concerning the release of 2.2.3.

Originally posted by Webdude™
Anyone ever considered writing a script that could save and reset hacks before and after an upgrade? The originals are still in there because you can always revert them, so you could have a script to scan for differences, save them, and re-add those changes after an upgrade. Just a thought...dunno how hard it would be to do something like that though..

This is exactly what you can do with AM or BC. Save your current files, download the new version and compare the folders. It will show you individual changes for each file.

Please post this in the vBulletin 2 Installation forum - this thread is only to discuss the release, not for troubleshooting.

As mentioned after the upgrade to 2.2.0 (if it was this version), I have got performance Problems after updating from 2.0.3 to 2.2.4.
As written in update 2.2.4. the performance issues should be fixed with this upgrade?!
Anyone else has got performance problems? The displaying needs damn long at www.flashforum.de..

Thanks for help,
marc

Originally posted by marc_t
As mentioned after the upgrade to 2.2.0 (if it was this version), I have got performance Problems after updating from 2.0.3 to 2.2.4.
As written in update 2.2.4. the performance issues should be fixed with this upgrade?!
Anyone else has got performance problems? The displaying needs damn long at www.flashforum.de..

Your site loads like lightning for me. It's much quicker than most of the sites I visit.

Ok, thanks for testing.. probably it is my connection. The only thing that is irritating me is that other users also mentioned the slow loading... but I will watch it the next days, as we have alot of users online each day..

thanks again... .. . marc

Originally posted by fastforward

Your site loads like lightning for me. It's much quicker than most of the sites I visit.

When I read your post I thought "pfff' lame dailup users".. but ofcourse I had to fight my thoughts and find the truth.


DAMN


That is scary, its like this is running on my RAID-5 box localhost :D from cache... no delay WHAT so ever.. what server specs you have?

heh xiphoid, his board is hosted in Germany and you're in Netherlands, so, i guess you're neighbours :D
hmm, dedicated packages only give you 5GB transfer/mo? :confused:

I have 60 hacks installed on my vB 2.2.2, and I was able to upgrade to 2.2.4 manually using a file comparison utility in under 1 hour without taking my site offline. After the uploading of the upgraded files, I just ran the 2 upgrade php files provided, and then reapplied the hacked templates and everything worked without a hitched. Well, so far anyway! ;)

Just wanted to let other hacked forum owners know that it can be done.

Thanks to the vB developers for their hard work in coming with the security patches. Well done.

Hmmm... I never did get a reply to my long post at the bottom of page 6... so, perhaps I should rephrase :-)

Okay, moving from 2.2.2 to 2.2.4?? So, first question is what will I risk by not upgrading from 2.2.2?

If I do upgrade, do I understand this right:

Step 1) Copy/upload all "install" files (as if uploading a new vB board for the first time) to my forums directory ----except for the install.php file.

Step 2) Upload "upgrade16.php" and "upgrade17.php" and run both of them from my forum site, then delete them. BUT, before running these, I use the 'revert' function to restore the original templates for those listed below in step 3, but leave all other templates as-is.

Step 3) Re-copy&paste hand-made custom html code that I previously wrote down for each template into the following templates:
postbit_signature
navbar (the instructions say something about 'forumhome navbar' which I DON'T seem to have, and so this scares me already as the only 'navbar' I could find was in the root... or do you mean 'navbar' and also the basic 'forumhome' template in the Forum Home Page Templates group????
editpost (in the root "directory" ??)
modifyavatar (is this the one in the 'user option templates group' ??)
newreply (is this one, and the newthread one below, only from the 'new posting templates group'?)
newthread

That's it, I'm done?

btw, where do i get upgrade16/17 files?

Please respond to this re-worded (and hopefully more clear) post... thanks!

moving from 2.2.2 to 2.2.4?? So, first question is what will I risk by not upgrading from 2.2.2?

By not upgrading, your site will be more vulnerable without the security fixes. The most important fix had to do with XSS... which you can read the announcement for more information.

In addition, if you offer guest posting, there is a potential security risk if they figure it out, as well as a few other issues, which you'll need to read the announcements about.


Copy/upload all "install" files (as if uploading a new vB board for the first time) to my forums directory ----except for the install.php file.

If you are upgrading from 2.2.2, you only need to upload upgrade16.php and upgrade17.php


Upload "upgrade16.php" and "upgrade17.php" and run both of them from my forum site, then delete them. BUT, before running these, I use the 'revert' function to restore the original templates for those listed below in step 3, but leave all other templates as-is.

Yes, upload those two files to your admin directory. Run them both. You do not need to restore your templates, they are updated through the install scripts.


Re-copy&paste hand-made custom html code that I previously wrote down for each template into the following templates:

Copy and paste into your template, then click to view the original template. View the changes so you can add in any of the changes from your custom templates to those of the updated version ones.


navbar (the instructions say something about 'forumhome navbar' which I DON'T seem to have, and so this scares me already as the only 'navbar' I could find was in the root... or do you mean 'navbar' and also the basic 'forumhome' template in the Forum Home Page Templates group????

Those are two seperate templates, the navbar template and the forumhome template.


editpost (in the root "directory" ??)

yes


modifyavatar (is this the one in the 'user option templates group' ??)

There is only one modifyavatar template, and all templates are in alphabetical order.


newreply (is this one, and the newthread one below, only from the 'new posting templates group'?)
newthread

There is only one of each template


btw, where do i get upgrade16/17 files?

When you download vB from the members area, it will be in the upload folder, in the admin directory.

Just to clarify:



If you are upgrading from 2.2.2, you only need to upload upgrade16.php and upgrade17.php


This is not accurate :) You need to upload all of the files except the images.

Sorry, let me clarify... out of the upgrade files you only need to upload those two. All other files besides images need to be uploaded, just not the other upgradex.php and install.php files.

Btw, there is now an upgrade hack available at vb.org for those who want to upgrade to 2.2.4 from 2.2.2:

http://www.vbulletin.org/forum/showthread.php?s=&postid=229217

Just cut and paste to upgrade. You still need to run the upgrade files.

Originally posted by neal
Copy and paste into your template, then click to view the original template. View the changes so you can add in any of the changes from your custom templates to those of the updated version ones.

Thank you for taking the time to reply. But this one tidbit (above) has got me stumped still. Why am I going to view the changes between my template and the original one? As I understand it, the original one would be identical to my template except for what I copy and paste back into it because 'my template' would be identical to 'original template' (both new) until I copied&pasted into it which leaves an 'original copy' and the current 'default'. The new current default should equal the new current 'original' except for what I copy&paste into it from my saved notes of custom html additions (like some word changes, added links, etc.).

This is an assumption on my part but the reason you are asked to revert to your original templates is because vBulletin does not overwrite your custom templates. Therefore you would not get any code changes in the new templates.

Any templates you modified - you should cut and paste into a text file. Then revert to the original templates (green) Use something like beyond compare to take care of script hacks and do the necessary changes to the NEW scripts. Upload the lot, remember these PHP files already have your hacks installed, so no problem overwriting the older files.

Next re-apply the template changes, look at the new template and compare with the old one (your text files), apply your hacks. You’re done.

Is it sure, that this Upgrade (2.2.4) from 2.0.3 doesn´t make the board slow? I get a lot of complainings about why the board is that slow in the last days?

No one has got performance problems?

regards,
marc

There were no changes made that would slow down the board between 2.0.3 and 2.2.4. It's probably a temporary problem with the server/connection.

First of all I thought this as well, but is is really exactly since I made the upgrade.
What was the mistake in V 2.2.2, when it was statet, that there are performance probs (was it 2.2.2?). This "bug" is fixed?

marc

I install some Hacks in my board, and i modify the index.php file in Vb 2.2.1

The 2.2.4 Vb have some change in the index.php file??

Becauso i dont change the index.php fron the 2.2.1 when install 2.2.4

Originally posted by cerebro
I install some Hacks in my board, and i modify the index.php file in Vb 2.2.1

The 2.2.4 Vb have some change in the index.php file??

Becauso i dont change the index.php fron the 2.2.1 when install 2.2.4

Yes,
because:
2.2.1 > 2.2.2 or even 2.2.3 had some index.php stuff changed.
Due to the sec. issue, i advice you to not ignore index.php and check out the changes, or afterwards, reply the hacks.

in this year 6 hackers atack my board...i will re hack the index.php just for security!

Thanks!

i just remember to ask something...

There are some one who check Forums security?

Becauso i really have a lots of hackers around my board...and that isnt funny.


Allways use the Last Version...but allways someone find some bug and ...boom..hack!


Or maybe some Code Hack to make backup dayli


(sorry for my english, but im from argentina :) )

Originally posted by cerebro
i just remember to ask something...

There are some one who check Forums security?

Becauso i really have a lots of hackers around my board...and that isnt funny.


Allways use the Last Version...but allways someone find some bug and ...boom..hack!


Or maybe some Code Hack to make backup dayli


(sorry for my english, but im from argentina :) )



Hackers dont always use the forum software to break in, they also use other system flaws.
it is always smart to do as many backups as possible :P
both from the mysql database as well as the files on the server, as well as the server logs.
If you run a unix server you can try to set up crontab.
Maybe ask the hosting company to do this.
ofcourse, dont save the backup on the same server :)

i use a CRON script to make a Backup of the Database.

but the script overwritte the last backup..and i lost that...bad script.

Now i will try to make some better script, to save the database under the time and date name...to dont overwrite the last backup.

i hope you understand my poor english :)

You understand jejje...Just Edit becauso i dont want to make a Post Chat jeje.

Originally posted by cerebro
i use a CRON script to make a Backup of the Database.

but the script overwritte the last backup..and i lost that...bad script.

Now i will try to make some better script, to save the database under the time and date name...to dont overwrite the last backup.

i hope you understand my poor english :)

unixtimestamp.sql
:)

cerebro, go here --> http://www.vbulletin.com/members/forums.php and enter your username please.

Done.

Sorry...i did for vb.org and is the same user name!.

:)

I just upgraded from 2.2.1 to 2.2.4 and everything appears to be just dandy.

Thanks geeks!

I'm running 2.2.2 with no obvious problems, but plenty of hacks I'd like to keep and not reapply.


How essential is it for me to upgrade to 2.2.4?

Originally posted by NewsGuy
I'm running 2.2.2 with no obvious problems, but plenty of hacks I'd like to keep and not reapply.


How essential is it for me to upgrade to 2.2.4? why not read the posts in this thread... that has been asked...

Originally posted by DWZ
why not read the posts in this thread... that has been asked...

Well, DWZ, maybe I'm asking because this thread has more than 160 replies at this point. After reading through about 80 of them, all I've noticed is that there's no need to upgrade from 2.2.3b, so I figured I'd ask again about just how necessary it is to upgrade from 2.2.2.

If you know the answer, please tell me.

If you are running anything lower than 2.2.3c you should immediately upgrade because of the security problems found in 2.2.2 and below, and in 2.2.3/2.2.3b.

Originally posted by tubedogg
If you are running anything lower than 2.2.3b you should immediately upgrade because of the security problems found in 2.2.2 and below, and in 2.2.3/2.2.3b.

Tubedogg, I'm sorry if I missed something, I read the first few pages and it looked like nothing but a bunch of whining and bickering so after that I skimmed through the rest of it pretty fast... My time is rationed pretty tight... I have all attachments turned off so that nobody is allowed to post them and I allow no guests - not even to read the boards... My question is this; From what I've read I get conflicting ideas... I have 2.2.2... *In my situation,* do I need the upgrade?

For the record, I will take the extra work and the extra upgrades in the name of security over the opposite any day... I find it interesting to read the responses here... One wonders how many of the people bitching here have been on other boards giving M$ a hard time for failing to address security concerns when they come up, instead sweeping them under the carpet and only dealing with them when they run out of alternatives...

I deal with end users too... Some will complain no matter what you do - in a situation like this you know ahead of time that no matter what you do you're going to catch it, so you make the right choice, grab a cold one and wait for the incoming... :) (And hope your patience lasts longer than their perseverence.) Keep up the good work...

Hi,

I'm just in the middle of changing servers, and I was wondering if this hack creates changes to the database, or is it all script changes?

Does the upgrade process allow us to make changes to the database - will such changes allow the site to still work with the 2.2.1 scripts?

It's not a problem either way - would just like to know so that I can plan my upgrade across servers properly with minimum downtime.

Many thanks,

Ross

I'm still all confused about this stuff...

Someone mentioned that the security flaw was in guests posting, but that if guest posts were turned off that their was no fear?

So, can anyone offer what the security danger is if we don't allow guests posts, if any?

Just stumbled on something, not sure if it is actually a bug, but damn sure does look like it :/

thread (http://vbulletin.com/forum/showthread.php?s=&postid=263153)

Not a bug, that's the way it's always been and is by design.

Tubedogg I see you just posted to this thread but didn't address my question... Can you do so? There appear to be authorative posts that say that if you have 2.2.2 or before you need to upgrade... On the other hand, there are other equally authorative posts that seem to say that if no guests are allowed on the board and if no attachments are allowed, it is a non issue...

Since I allow neither guests nor attachments, do I need the upgrade? If I can avoid without compromising security, I will do so... I've got a real mess to deal with here <unreleated> and what would normally be a very simple thing is not quite so simple... (My network here is laying in pieces all over the place and I'm working on borrowed equipment... My priorities need to be focused where they are actually needed.)

I would also like to hear an answer to bill-t's post... I neither allow guest posting nor attachments (except by admins) and run 2.2.2.... do I risk anything by not upgrading?

:)

2.2.3b+, don't allow guest posting, and not having problems with any of the other bugs addressed -- fine.
< 2.2.3b -- upgrade in all cases.

Originally posted by Ed Sullivan
< 2.2.3b -- upgrade in all cases.

But what's that mean? We're still left wondering if our entire board can be lost with a single keystroke from a malicious hacker or if all we're risking is someone being able to post as a guest or something even if that's restricted. Not sure what the concern is. No one, that I know of, has outlined what the risk is for 2.2.2

Can ya give us a hint?

The original reason 2.2.3 was released was because of a cross-site-scripting (XSS or CSS) vulnerability. If you are running anything less than 2.2.3 you should upgrade to fix that security problem.

Now, when 2.2.3 was released, there was a serious bug discovered a couple minutes later. 2.2.3b was released to fix that, very shortly afterwards, so if you downloaded 2.2.3 within the first couple minutes of it being out, you should redownload the files and upload them again - no need to run an upgrade script.

If you have 2.2.3 or 2.2.3b installed and allow guest posting, there is a major security flaw that you must upgrade immediately to fix.

If you have 2.2.3, 2.2.3b, or 2.2.3c installed and are having problems with attachments or avatars, upgrade to 2.2.4 as there was a problem fixed regarding that in 2.2.3.

If you have 2.2.3c and are not experiencing problems with file uploads as noted above, there is no reason to upgrade at this time.

Thanks Tubedogg!

Now, I'm not sure what 'cross-site-scripting' can do, but does that mean my entire db is likely to be wiped out or practically nothing could happen or somewhere in between? Any specifics on what the danger of this 'cross-site-scripting' thing could do?

:-)

zaon et al., in the time it takes you to repeat these questions over and over, you could have upgraded your boards several times. Ed Sullivan clearly pointed out what's what. Get with it already!

I'm upgrading the board from 2.2.1 to the latest version I just wanted to know if there are anychanges to the database between the version. if not does that mean I can just do a clean install then copy the database over?

Originally posted by zaon
Not sure what the concern is. No one, that I know of, has outlined what the risk is for 2.2.2

Can ya give us a hint?


No, VB staff will obviously not spell out the security holes being patched up - doing so will jeopardize the security of all the thousands of forums out there which still have not upgraded. Hackers read these forums too you know. Sufficient to know there are security issues, and if you have a pre-2.2.3c forum to upgrade.

Originally posted by Erwin
No, VB staff will obviously not spell out the security holes being patched up - doing so will jeopardize the security of all the thousands of forums out there which still have not upgraded.

I can appreciate that...and do.

Rather than asking what the 'holes' are, may I ask what is at stake? As in, is the very existence of my sql database at stake? Something more minor such as email spamming my members?

I noticed this little bug the other day after the forum where I hang out upgraded, this affects all versions of vBulletin from what I see...wait, I can't post it...Where can I email the info to?

Either way, it has major potential, but it's VERY easy to fix(from what I can see of the code).

Originally posted by plato
I noticed this little bug the other day after the forum where I hang out upgraded, this affects all versions of vBulletin from what I see...wait, I can't post it...Where can I email the info to?

Please sent it to support@vbulletin and we will have the developers investigate.

Thanks. Sent.

bug for me: if you enter the wrong password logging into the admin control panel and then use the forum jump option from there it does not locate properly.

Originally posted by Asendin
bug for me: if you enter the wrong password logging into the admin control panel and then use the forum jump option from there it does not locate properly.

Just tried that on my board too, and yes, this happens here too.

http://www.marietje.nl/vbb/admin/forumdisplay.php?s=&daysprune=&forumid=4

^--- it tried to load that (after selecting a board from the forum jump) , which returned a 404 page.

Looks like the path for forumjump is wrong because it is trying to access it from the admin/ dir. while this file is ../here :)

Originally posted by xiphoid


Just tried that on my board too, and yes, this happens here too.

http://www.marietje.nl/vbb/admin/forumdisplay.php?s=&daysprune=&forumid=4

^--- it tried to load that (after selecting a board from the forum jump) , which returned a 404 page.

yes thats exactly what i get also.. :cool:

Originally posted by Asendin


yes thats exactly what i get also.. :cool:

Tomorrow: 2.9.9 :P

I do not think this is a priority that needs to be fixed, as long as it doesn't happen with vb3 i will forgive the person responsible :D

What will be coming in the next version? 2.2.5?

I wonder what will be new in the next version, how much better can it get?

Originally posted by Seph
What will be coming in the next version? 2.2.5?

I wonder what will be new in the next version, how much better can it get?

shouldnt be a 2.2.5 next should be 3.0 /

As far as I know 2.2.5 is not being planned and would not be released unless absolutely necessary. All development is focused on v3.

Originally posted by centris
This is an assumption on my part but the reason you are asked to revert to your original templates is because vBulletin does not overwrite your custom templates. Therefore you would not get any code changes in the new templates.

Any templates you modified - you should cut and paste into a text file. Then revert to the original templates (green) Use something like beyond compare to take care of script hacks and do the necessary changes to the NEW scripts. Upload the lot, remember these PHP files already have your hacks installed, so no problem overwriting the older files.

Next re-apply the template changes, look at the new template and compare with the old one (your text files), apply your hacks. You’re done.


Great. Finally someone puts black on white. Thanks centris.

I sent that security info to support@vbulletin.com, but I haven't received a reply. :eek:

Originally posted by plato
I sent that security info to support@vbulletin.com, but I haven't received a reply. :eek:

I thought I had replied and it's already being worked on.

i downloaded 2.2.4 from the members area

uploaded everyhthing to directory vb224

made backup

hooked vb224 config file with vb222 db

ran upgrade16

and got

a....
blank white page!!!


by the way opening any of these files with notepad gives me all these scribles????


downloaded vb 2.2.4 like 4 times

still same problem :(

Make sure you are uploading in ascii format.

also make sure you dont upload install.php

i did upload in ascii
and deleted install.php


but the problem is

i download the zip file
unzip it on my pc and open any file with notepad and get scribbles??


not after i upload

A blank white page means there's something wrong with the php file. There is no need to open any of the upgrade files with notepad. Try reuploading the unaltered files in ASCII again.

i did what u told me

same thing :(

What browser and OS are you using? Also if you're using a download manager program like GetRight or GoZilla try disabling it before downloading.

IE 5
windows 98

no getright nor nothing


not the first time that i installed vb like i always do it since vb2.0

and for more than one site and server


and i did upgrade from 2.03 --> 2.2.2 couple of months back


everything went smoothly

back on topic, I'd like to say that although I'm frustrated with the constant releases, I'm also glad that Jelsoft is more inclined to get off their ass and fix things, also to be more open and not condensending like some other BB company out there.

I'm going to wait for v3, considering it seems like it is set to come out in the near future, however instead of complaining every time a new released is issued, I'm going to do the following every time I hack:


- keep every hack instruction file
- index the hacks in the order I did them under the files modified.
- backup every template I modify

Then as they are released, all I have to do is upgrade then re-implement them according to the index. problem solved.

Is there a converter to convert Ikonboard 3 to vBulletin 2.2.4 ? Thank you!

Originally posted by hang
Is there a converter to convert Ikonboard 3 to vBulletin 2.2.4 ? Thank you!

http://www.vbulletin.com/forum/showthread.php?s=&threadid=40861

If I were to have VB version 2.2.3c, would it say so at the bottom of my board? Mine currently says 2.2.3.

Originally posted by 0ptima
If I were to have VB version 2.2.3c, would it say so at the bottom of my board? Mine currently says 2.2.3.

No, I think I read in a thread that 2.2.3(x) will show up as 2.2.3 at the bottom of the page.

Originally posted by 0ptima
If I were to have VB version 2.2.3c, would it say so at the bottom of my board? Mine currently says 2.2.3.

no the revision b or c would not show.