قامت الشركة المنتجه لبرنامج المنتدى الشهير vBulletin باصدار نسخه جديدة تحمل الرقم 2.2.5
وهذه النسخه للمعلومية ليست النهائية بل هي عبارة عن تعديلات للنسخه السابقة سوف تصدر النسخه النهائية خلال ايام وتحمل نفس الرقم 2.2.5
vBulletin 2.2.5 Released
vBulletin 2.2.5
vBulletin 2.2.5 is a moderately important security release, which fixes a number of problems we have identified with potential HTML-injection into the pages. This has, unfortunately, meant that a lot of files have been changed, but we would still encourage you to upgrade as soon as possible. Once again, we are reconsidering our internal-auditing strategies to ensure that we pick this issues up before they become an issue in the future. On a more positive note, vBulletin 3 has been designed with security in mind, already stopping this and several other potential issues dead in their tracks.
Since we have had to modify a lot of files to fix this issue, the files will be tagged as 'beta' for a few days to allow us to update them if any minor bugs are found.
Backing up forums
Please be sure to check your backups, that they are complete before continuing with an upgrade. We had reports that PHP was causing time out errors when creating the back up SQL, and this was causing for incomplete or corrupted backups. The safest way to do a backup is to use the mysqldump utility through telnet, as it will not suffer from any such problems.
Templates changed: (from 2.2.4)
threads_deletethread -- fixed a typo in one of the variables
modifyavatar_custom -- Fixed a bug causing the wrong box to be checked when setting a custom avatar.
Bug Fixes
Potential XSS/HTML-injection issues.
Potential database error when updating user info in the control panel.
Files changed: (from 2.2.4)
announcement.php, attachment.php, calendar.php, editpost.php, forumdisplay.php, global.php, index.php, member.php, member2.php, memberlist.php, misc.php, moderator.php, newreply.php, newthread.php, online.php, poll.php, postings.php, printthread.php, private.php, private2.php, register.php, search.php, showgroups.php, showthread.php, threadrate.php, usercp.php, admin/badwords.php, admin/functions.php, admin/sessions.php, admin/style.php, admin/thread.php, admin/user.php, mod/announcement.php, mod/global.php
admin/misc.php
And the usuals (all for just the version number): admin/global.php, admin/install.php, admin/upgrade1.php, admin/upgrade18.php
In conclusion...
We apologise for the frequency of updates recently. However, we are keen to maintain vBulletin's security, and to notify customers as soon as we are aware of issues, so we felt it was more important to get this information out to you as soon as possible, rather than sitting on it.
John
واليكم النسخه
النسخه غير معربه