PDA

Просмотр полной версии : Обновление vBulletin Version 3.6.5



Viper
01.03.2007, 22:44
Движек форума обновлен до версии 3.6.5.

Помимо обычного большого и маленького исправления разных ошибок безопасности, системе предупреждений, стилях и т.д, форум стал полностью совместимым с Internet Explorer 7!

Sergio
01.03.2007, 23:29
форум стал полностью совместимым с Internet Explorer 7!

Хммм... интересно, в чем он такой стал? С начала года пользуюсь только IE7, часто залезаю на форум и за все это время никаких траблов не обнаружил...

IP
01.03.2007, 23:35
vBulletin 3.6.5

This morning, an exploit was reported, which affects vBulletin versions 3.5.x and 3.6.x. Although the report is inaccurate and the published exploit does not work as claimed unless a highly unlikely set of circumstances exist, it has highlighted a potential security issue in these vBulletin versions.

Therefore, we have decided to release updated versions, these being vBulletin 3.5.8 and 3.6.5. We recommend that all customers running vBulletin 3.5.x or 3.6.x upgrade to the appropriate version or apply the supplied patch as soon as possible.

It is worth noting that in order to exploit the problem highlighted by the report, the attacking user must satisfy the following conditions:
Must already have moderator privileges
Must share the same IP address (or the number of IP octets specified in the Admin Control Panel for IP address matching) with an existing administrator who is currently logged in to the Admin Control Panel
Must know the Alt-IP and user agent (exact browser identification) of the administrator
OR must know the license number of the site being attackedGiven these requirements, the privilege escalation exploit claimed by the report is almost impossible to achieve.



Bugs Fixed in vBulletin 3.6.5

The Security Flaw
The reported security flaw described in this announcement, which could potentially allow a SELECT query to be hijacked, has been addressed.Safari Cookies
A problem where users of the Apple browser Safari would be logged off the system prematurely when vBulletin runs on specific servers has been resolved.
More info... (http://www.vbulletin.com/forum/bugs36.php?do=view&bugid=1116)Internet Explorer 7 Compatability
Much has been said about Microsoft's decision to make the Javascript prompt() function throw a security warning whenever it is called. This change resulted in vBulletin's text editor system throwing security warnings whenever a user tried to insert an image or an email link. The use of prompt() for Internet Explorer 7 users has now been discontinued in favour of an alternative method of collecting user input.
More info... (http://www.vbulletin.com/forum/bugs36.php?do=view&bugid=1263)

Additionally, improvements in Internet Explorer 7 mean that certain aspects of the vBulletin pop-up menu system, which were previously required to circumvent rendering issues, can now be bypassed. Most notable amongst these is the code that hides all <select> elements that would intersect with the menu when opened.Fix for Infractions Bug
A problem where infraction expiration was not cleaned-up properly has been addressed.
More info... (http://www.vbulletin.com/forum/bugs36.php?do=view&bugid=1448)Workaround for a FreeBSD Regular Expression Error on Login
Some users running recent versions of PHP running on FreeBSD have encountered a bug in the regular expression engine that caused an error to be shown when logging in. We have worked around this problem. However, it may still appear in other areas, so we are trying to find a proper fix for the issue.

Так яснее? Взял с офф сайта (не трудно догадаться). Тыкай в ссылки и изучай, если интересно.
IP добавил(а) 02.03.2007 в 08:42
В Firefox 2.0.0.2 перестала работать цитата выделенного.
Это только у меня?

Alexiy
02.03.2007, 09:34
В Firefox 2.0.0.2 перестала работать цитата выделенного.
Это только у меня?Только у тебя!

IP
02.03.2007, 09:59
Странно "сбросил" все настройки лисы в ноль не помогло. Переустановил и тоже не помогло:(