vBulletin 2.2.8 Released

vBulletin 2.2.8

vBulletin 2.2.8 includes several bug-fixes, and also a few small security fixes for (hard to exploit) XSS and SQL injection issues. We recommend you upgrade as soon as possible.

This code is now stable.

Backing up forums

Please be sure to check your backups, that they are complete before continuing with an upgrade. We had reports that PHP was causing time out errors when creating the back up SQL, and this was causing for incomplete or corrupted backups. The safest way to do a backup is to use the mysqldump utility through telnet, as it will not suffer from any such problems.

Installation / Upgrade Instructions

These are available in the Members Area.

Templates changed: (from 2.2.7)

• error_emailflood - new template for people flooding email
• privmsg - message title not showing and deleting a message doesnt take you back to the correct folder

Bug Fixes

• Main Directory:
• forumdisplay.php; marking forum read doesnt mark the threads read
• forumdisplay.php; forumdisplay_newthreadlink included twice in $templatesused
• global.php; users running php as a cgi weren't able to login if guests couldn't view the board.
• index.php; a check to insert a birthday template if the row was deleted
• member.php; possible XSS issue
• member.php; stop email flooding
• memberlist.php; prevent users from specifiying a high perpage value
• memberlist.php allow searching for users with <>& in their username
• newreply.php; allow quoting of a username with html characters within it
• newreply.php; remove a foreach as its php4 specific
• newthread.php; remove a foreach as its php4 specific
• postings.php; guest usernames weren't displayed when splitting a thread or deleting posts
• private.php; possible security issue
• private2.php; possible security issue
• register.php; stop email flooding
• showthread.php; first unread post going to the first since you last posted and not since you last read
• Admin Directory:
• adminfunctions.php; if user enters a dollar symbol in any settings it will prevent the board from working
• forum.php; setting a private forum still leaves attachment downloads set to yes
• functions.php; Allow ! in image urls
• functions.php; Prevent emails from being sent to users who can't view the board or are awating confirmation
• sessions.php; changed tabulation
• template.php; searching now includes custom templates
• user.php; some references to do instead of action
• Mod Directory:
• global.php; possible security issue
• thread.php; now updates forum post counts and removed references to misc.php
• user.php; possible security issue

Files changed: (from 2.2.7)

• Main Directory: forumdisplay.php, global.php, index.php, member.php, memberlist.php, newreply.php, newthread.php, postings.php, private.php, private2.php, register.php, showthread.php
• Admin Directory: admin/adminfunctions.php, admin/forum.php, admin/functions.php, admin/global.php, admin/sessions .php, admin/template.php, admin/user.php
• Mod Directory: mod/global.php, mod/thread.php, mod/user.php
• And the usuals (all for just the version number): admin/global.php, admin/install.php, admin/upgrade1.php, admin/upgrade21.php

DB Schema Changes

• Indexes changed on adminutil table

In conclusion...
Go and upgrade! This release includes important fixes for everyone, and we would recommend that you upgrade as soon as possible. vBulletin 3 is on its way, so keep your eyes peeled on this forum. However, you will only be able to upgrade to vB 3.0 from the latest version of vB 2.2.x so we would recommend that you upgrade to this version for the time being.