vBulletin 2.2.4 Released

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • John
    Senior Member
    • Apr 2000
    • 4042

    vBulletin 2.2.4 Released

    vBulletin 2.2.4

    vBulletin 2.2.4 is a release to clear up the issues that have been identified with 2.2.3 . There was a security issue that has been identified with guest posting: this was introduced in version 2.2.3 . If you are running 2.2.3c , there is no immediate need to upgrade as you are secure (although there are a few minor bug fixes that make it worth while upgrading if you can). If you are running 2.2.3 or 2.2.3b , there are details in this thread telling you how to patch the files. If you are running older versions, you are recommended to upgrade as soon as possible.

    Backing up forums

    Please be sure to check your backups, that they are complete before continuing with an upgrade. We had reports that PHP was causing time out errors when creating the back up SQL, and this was causing for incomplete or corrupted backups. The safest way to do a backup is to use the mysqldump utility through telnet, as it will not suffer from any such problems.

    Installation / Upgrade Instructions

    These are available in the Members Area.

    Changed Templates

    None

    Bug Fixes
    • Fixed security issue with guest posting (files: newreply.php, newthread.php)
    • Improved checks for file_upload status to help people struggling with the recent PHP file upload vulnerability (files: editpost.php, member.php, newreply.php, newthread.php)
    • Added a little error checking to the view ip address feature. (file: postings.php)


    Files changed (from 2.2.3b)
    • editpost, newreply, member, newthread, postings
    • And the usuals (all for just the version number): admin/global, admin/install, admin/upgrade1, admin/upgrade17

    In conclusion...

    We apologise for the frequency of updates recently. However, we are keen to maintain vBulletin's security, and to notify customers as soon as we are aware of issues, so we felt it was more important to get this information out to you as soon as possible, rather than sitting on it.

    John

    To discuss this, please post here:
    Last edited by John; Fri 29 Mar '02, 5:34am.
    John Percival

    Artificial intelligence usually beats real stupidity ;)
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...