vBulletin upgrade - 2.2.3

  • Hey - turns out IRC is out and something a little more modern has taken it's place... A little thing called Discord!

    Join our community @ https://discord.gg/JuaSzXBZrk for a pick-up game, or just to rekindle with fellow community members.

Martz

Martz

Staff member
May 26, 2001
5,707
63
These forums have been upgraded to vBulletin 2.2.3, released today, from 2.2.0, the previous secure version. "vBulletin 2.2.3 fixes a number of small bugs, but more importantly it fixes a potential XSS (Cross-site scripting) issue."

Its taken a while, as we don't run it as standard and unhacked. The upgrade doesn't bring any new features to the end user, but we hope to be offering everyone the option to upload attachments very soon once the system Relax has been developing is stable. This will rely on orange.net to store uploads in its mySQL database instead of ours. :crazy:

Please report any bugs, typos, or errors either in a PM to me in this thread. Enjoy.
 
vB 2.2.4 released. Patch used instead of upgrade to prevent "guest can post under any registered nickname" exploit.
 
There are in most web applications Ace, as you may know. However I gotta hand it to vB, they keep up with it and before most holes are even widely known about they release a new version. This fix was mainly to do with the larger inheriant problem that was present in Apache, php and zend products and many other services. The other was the "guest posting as registered member" which didn't directly effect us, but had to be plugged anyway.

Ubb doesn't even correct their security issues even when they are known, and the users are crying out for them.

Still, gotta be done. :)
 
You must log in or register to reply here.
Top Bottom
Back