Kier
Thu 8th Jan '04, 12:16am
JELSOFT E-BULLETIN
http://www.vbulletin.com/
January 7th 2004
~ vBulletin 2.3.4 Released
~ vBulletin 3.0.0 Release Candidate 2
~ Unavailability of vBulletin.com and Affiliated Sites
~ Your License Information
~ Contact Us
--------------- VBULLETIN 2.3.4 RELEASED -----------------
A recently published flaw in past versions of vBulletin
2.x has highlighted a possible SQL injection exploit in
the Calendar system, which affects all previous versions
of vBulletin 2, and in particular those running on servers
with MySQL 4.x installed.
Version 2.3.4 fixes this problem, and also addresses
several other non-security-related bugs and problems.
If you are already running a 2.3.x version of vBulletin and
would rather not make a full upgrade to vBulletin 2.3.4,
you can patch your installation to resolve the Calendar
problem by downloading the vBulletin 2.3.4 installation
package from the vBulletin Members' Area, and simply
overwriting your existing calendar.php file with
the new version contained within the 2.3.4 zip file.
We recommend that all sites running vBulletin 2 either
patch their installations or upgrade to version 2.3.4 as
soon as possible.
For complete information about this new release, including
upgrade instructions, please visit the vBulletin 2.3.4
release announcement:
http://www.vbulletin.com/forum/showthread.php?t=91409
or visit the vBulletin announcements forum:
http://www.vbulletin.com/forum/forumdisplay.php?f=1
vBulletin 2.3.4 is available for download now:
http://www.vbulletin.com/members/
-------- VBULLETIN 3.0.0 RELEASE CANDIDATE 2 ---------
Progress towards the final, 'Gold' version of vBulletin 3
has now reached the 'Release Candidate' stage, with the
latest version available to customers being Release
Candidate 2 (RC2).
RC2 fixes several bugs found in previous versions,
including a bug affecting RC1 that could leave
newly-registered members unable to log in.
vBulletin 3.0.0 will not be declared 'stable' until the
'Gold' release, so installing it on your publicly
accessible sites must be done at your own risk, although
a large number of sites have already made the switch to
vBulletin 3.
You can upgrade to vBulletin 3.0.0 RC2 from any previous
version of vBulletin 3, or from vBulletin 2 versions 2.2.9
and later. You can also make a fresh vB3 install with an
empty database.
For further details about RC2, visit this link:
http://www.vbulletin.com/forum/showthread.php?t=91204
vBulletin 3.0.0 Release Candidate 2 is available for
for download by all licensed customers in the vBulletin
Members' Area:
http://www.vbulletin.com/members/
------------- UNABLE TO REACH VBULLETIN.COM? -------------
If you have tried to access vBulletin.com or any of the
affiliated sites in the past couple of months you may have
found yourself unable to connect to the site.
Unfortunately, in early November vBulletin.com became the
target of a campaign of distributed denial of service
(DDoS) attacks, which left the site inaccessible to staff
and customers alike.
In response, we have had to put in place very aggressive
IP address blocking systems to counter these ongoing
attacks. While these blocks have lessened the impact of
the attacks, they have also had the unfortunate side-
effect of blocking many legitimate customers from
accessing the site. While regrettable, these blocks have
been necessary in order to keep vBulletin.com available to
the majority of customers instead of being knocked totally
off the internet by the attacks.
If you find that you are unable to access
www.vbulletin.com, we may be able to help you out. Please
send an email to support@vbulletin.com, including your
current IP address and customer number. If you are unsure
of your IP, you can visit this link to find it:
http://www.whatismyip.com/
We apologize for the inconvenience caused to all customers
affected by the current situation. We are actively
searching for better solutions to this ongoing problem and
hope to have normal service restored to all customers in
the near future.
Thank you for your understanding and support in this
matter.
http://www.vbulletin.com/
January 7th 2004
~ vBulletin 2.3.4 Released
~ vBulletin 3.0.0 Release Candidate 2
~ Unavailability of vBulletin.com and Affiliated Sites
~ Your License Information
~ Contact Us
--------------- VBULLETIN 2.3.4 RELEASED -----------------
A recently published flaw in past versions of vBulletin
2.x has highlighted a possible SQL injection exploit in
the Calendar system, which affects all previous versions
of vBulletin 2, and in particular those running on servers
with MySQL 4.x installed.
Version 2.3.4 fixes this problem, and also addresses
several other non-security-related bugs and problems.
If you are already running a 2.3.x version of vBulletin and
would rather not make a full upgrade to vBulletin 2.3.4,
you can patch your installation to resolve the Calendar
problem by downloading the vBulletin 2.3.4 installation
package from the vBulletin Members' Area, and simply
overwriting your existing calendar.php file with
the new version contained within the 2.3.4 zip file.
We recommend that all sites running vBulletin 2 either
patch their installations or upgrade to version 2.3.4 as
soon as possible.
For complete information about this new release, including
upgrade instructions, please visit the vBulletin 2.3.4
release announcement:
http://www.vbulletin.com/forum/showthread.php?t=91409
or visit the vBulletin announcements forum:
http://www.vbulletin.com/forum/forumdisplay.php?f=1
vBulletin 2.3.4 is available for download now:
http://www.vbulletin.com/members/
-------- VBULLETIN 3.0.0 RELEASE CANDIDATE 2 ---------
Progress towards the final, 'Gold' version of vBulletin 3
has now reached the 'Release Candidate' stage, with the
latest version available to customers being Release
Candidate 2 (RC2).
RC2 fixes several bugs found in previous versions,
including a bug affecting RC1 that could leave
newly-registered members unable to log in.
vBulletin 3.0.0 will not be declared 'stable' until the
'Gold' release, so installing it on your publicly
accessible sites must be done at your own risk, although
a large number of sites have already made the switch to
vBulletin 3.
You can upgrade to vBulletin 3.0.0 RC2 from any previous
version of vBulletin 3, or from vBulletin 2 versions 2.2.9
and later. You can also make a fresh vB3 install with an
empty database.
For further details about RC2, visit this link:
http://www.vbulletin.com/forum/showthread.php?t=91204
vBulletin 3.0.0 Release Candidate 2 is available for
for download by all licensed customers in the vBulletin
Members' Area:
http://www.vbulletin.com/members/
------------- UNABLE TO REACH VBULLETIN.COM? -------------
If you have tried to access vBulletin.com or any of the
affiliated sites in the past couple of months you may have
found yourself unable to connect to the site.
Unfortunately, in early November vBulletin.com became the
target of a campaign of distributed denial of service
(DDoS) attacks, which left the site inaccessible to staff
and customers alike.
In response, we have had to put in place very aggressive
IP address blocking systems to counter these ongoing
attacks. While these blocks have lessened the impact of
the attacks, they have also had the unfortunate side-
effect of blocking many legitimate customers from
accessing the site. While regrettable, these blocks have
been necessary in order to keep vBulletin.com available to
the majority of customers instead of being knocked totally
off the internet by the attacks.
If you find that you are unable to access
www.vbulletin.com, we may be able to help you out. Please
send an email to support@vbulletin.com, including your
current IP address and customer number. If you are unsure
of your IP, you can visit this link to find it:
http://www.whatismyip.com/
We apologize for the inconvenience caused to all customers
affected by the current situation. We are actively
searching for better solutions to this ongoing problem and
hope to have normal service restored to all customers in
the near future.
Thank you for your understanding and support in this
matter.