A potential XSS vulnerability has been identified in vBulletin 4.0.2 PL3 in relation to the CMS article editor. In addition, a bug was introduced in PL3 in regards to bbcode parsing in CMS... More...
They'll only throw the towel in when the customers do. Without customers there's no reason to develop anymore. People who purchased are fueling this bonfire that destroys people spirits. lol If I read somewhere correctly, was there an introduced bug put into pl4?
I know I know...but it so depressing to see what is happening. I think if they just re-wrote the whole thing at once and then tested it we would probably see less issues then this. Or maybe just talked to each other...or used some of that 2 mil that they got in income towards the security firm like they said they were going to... Yeah I think it was pl4...or maybe 3? It was showing all the source code when someone posted.
I wonder if they're auditing and releasing patches for everything that gets found? The only time I've seen so many security patches come out in succession is when MyBB did a security audit several years ago, and they released a patch for everything that got found, quite like vB is doing now.
Good assumption. I would stretch my neck out here and go with they messed up. My reasoning behind that comment is had the software been stable, reliable, content by it's customers then yes. This in my opinion is only frustrating the customer. But that is just all speculation on my part, I'm no longer an active license holder. I'm just glad I held out years ago not something I should concern myself about now. Other reasonings is, you don't fix one bug/exploit just to add another. That is why I personally think they messed up.
I'm quite frustrated right now as well. Both of my Owned licenses have expired and I cannot afford to upgrade them both, so I cannot upgrade my vB4 board to patch these holes. It's a predicament I put myself in, so I don't blame them, but frustrating nonetheless.
On the otherhand, The constant release of patches could be a way of dragging out the important fixes so that more and more licenses expire therefore more and more people who wish to continue using the software need to purchase. That's a risky move if that is the case, more and more people are switching to IPB with each day that passes. Again, it's another assumption. You just cannot say for sure, everything seems to be erratic which is not good for the consumer as they are the ones suffering. Anyway, I seldom get involved nowadays with the whole vbulletin fiasco so that's my 2pence worth done and dusted.
If I am not mistaken, you should be fine. Reason being is that you say you are expired, which means you were running vB3 and got into the vb4 forums until your license expired. If this were true, you are not running suite, and hence safe. Correct me if I am wrong.
Thing is, that's not apparently clear. The patches need to be titled in a way that includes the word Suite or Forum, or vBulletin 4 if it affects both. I've had to explain that to several people...and I was only guessing based on the content.
The pl5 screeny i showed also got fixed, even though it wasn't in the original report. So that's a good thing. At least, first test showed it couldn't be reproduced on pl4 and 4.0.3
I don't mean to start anything lol, but I thought that people who had unexpired licenses when vb 4.0 was released got updates for free for the life of vb4?
