Forums › Life › Computers, Gadgets & Technology › Forum, Blog & Community Software › vbulletin security alert
probably doesn’t affect our version (I did try and couldn’t find the bit they are reffering too anyway) but flagged it just in case..
vBulletin vuln gifts admin credentials to unwashed masses ? The Register
I let our license expire consciously a week before this problem version (3.8.6) became available but even if it hadn’t I wouldn’t have installed unless it included a security fix because we’re running a well proven version.
Vbulletin development has been mess since Internet Brands bought Jelsoft (see below from wikipedia). So personally I’m looking for a way out, whilst secretly hoping the the original team might start a new project, failing that i might consider vbulletin 5 if IB have a handle on it by then…
—
vBulletin 4 release and controversy
On July 4, 2007, Jelsoft was acquired by Internet Brands.[18] On January 27, 2009, Ray Morgan was appointed General Manager of Jelsoft.[19] On May 13, 2009, the Administration section of vBulletin.com accidentally became accessible to the public for 13 minutes. Documents and discussions containing a detailed analysis of plans (and expected customer reaction) for vBulletin 4’s new pricing scheme were revealed.[20] A response was posted by Ray Morgan indicating that these were preliminary discussions and that customers should not make decisions based on leaked documents. On June 19, 2009, Kier Darby, lead developer of vBulletin since early in the development of version 2, leaves the company,[21] as well as Mike Sullivan (joined Fall 2000)[22] and Scott MacVicar.[23] Jeremy Hutchings moved to part time to maintain ImpEx the data migration system.
On July 2009, Peterska2 (Kerry-Anne) and Ashley part company with vBulletin.[24] Jelsoft offices in the UK were closed shortly thereafter. On August 19, 2009, Alpha testing of vBulletin begins with a selection of licensed customers under a Non-disclosure Agreement.[25] On October 13, 2009, Ray Morgan announces new vBulletin.com website, new vBulletin licensing structure, and pricing.[26] This announcement was nearly identical to the May 2009 leaked documents. Replacing the annual renewal of $60, the new vBulletin Forum license was priced at $195, with the Suite costing $285. With an announced release cycle of 18ā24 months for each point release, this was a cost increase of 200%. Customers with an inactive license were offered a small discount off the Suite and had less than 3 weeks to upgrade. Ironically, customers with the smallest investment in the productāLeased License customersāreceived the most cost-advantageous deal.
On October 23, 2009, The vBulletin.com website is upgraded to the vBulletin 4 software including a new splash page and FAQ. vBulletin.com is down for an unprecedented 28 hours during this upgrade, with visitors to the site being redirected to a maintenance message at Internet Brands-owned http://www.best-forum-software.com/. When the site returned, it remained sporadically inaccessible due to high loads for several days. On November 12, 2009, vBulletin 4.0 Beta 3 is made available to licensed customers. Previous betas were made available to the alpha testers.[27] Beta 4 and 5 as well as 2 Release Candidates would follow in quick succession. On December 7, 2009, Ray Morgan retires to the tropics.[28]
On December 22, 2009, vBulletin 4.0 Gold is released to the public amid customer concerns that it met a predetermined release schedule rather than producing a stable product[29] Substantial display issues in browsers including Safari, Opera, and Internet Explorer 6 are documented. The Content Management System resulted in over 100 MySQL queries even in the default configuration. On January 12, 2010, vBulletin 4.0.1 is released with over 200 bug fixes and style tweaks.[30] On April 8, 2010, vBulletin 4.0.3 is released with over 300 bug fixes as well as simple integration with Facebook Connect for single-signon between customer’s boards and Facebook.[31] On June 18, 2010, vBulletin 4.0.4 is released with over 450 bug fixes. Release came out with some “showstopper” bugs, some of them prevents upgrade process from working as expected. No PL fix came out as of June 23 so all users are encouraged to read this thread[32] to fix critical issues right after installation. On June 24, 2010, vBulletin 4.0.4 PL1 is out, but no showstopper bugs are fixed there except two widget bugs according to official announcement.[33]
—
0
Voices
1
Reply
Tags
This topic has no tags
Forums › Life › Computers, Gadgets & Technology › Forum, Blog & Community Software › vbulletin security alert