vBulletin 5.5.6 Changes and Updates
vBulletin 5.5.6 is now available to download customers. This version contains updates t o the content editor and security tools within the software.
Front End Changes
CKEditor Update
The version of CKEditor distributed with vBulletin is now 4.13. This brings the editor up to date with the vendor's distributed version. While the visible functionality will not have changed much, a lot has changed behind the scenes. For more information on changes p lease see the CKEditor changelog.
Emoji Support
Emoji are similar to vBulletin's smilie functionality but are implemented via standard font characters instead of using images. When using a compatible database, you can enable UTF-8 Emoji within CKEditor. This allows over 1500 different emoji to be used by your users. E moji can be selected from a panel in the Richtext Editor or by automatic lookup when the u ser is typing.
You can now drag and drop allowed files within the editor window. This will give users more control over images uploaded to their content. To use this feature, users simply need to drag their attachments over the editor and drop them on the attachment panel. If the a ttachment panel is not open during the drag, it will automatically open.
Forum Listing Depth
A depth setting has been added to the Activity Stream module (Forum Home Page) and the Sub-Channel Display module (used on individual channel pages). This setting allows a max depth of 1, 2, or 3 channels. The behavior varies depending on the use of Category channels at the top level. For example:
Notices
To continue the merging of Notice and Announcement functionality, a number of enhanceme nts have been made to editing Notices in the AdminCP. These include:
The suspect file diagnostics has been rewritten and expanded to provide better file dia gnostics. This utility allows you to quickly search for altered, missing, or extra files w ithin your vBulletin directory. With the output provided and your own personal deployment records, you can use the Suspect File Diagnostics to help secure your server and make sure vBulletin's files are up to date. Several changes have been implemented:
Name: suspect_files.png Views: 157 Size: 50.9 KB ID: 4431272"]https://forum.vbulletin.com/filedata/fetch?id=4431272&d=1578523428[/IMG]
Known Limitations
Style Variable Editor
The Style Variable Editor has been enhanced.
User Profile Fields
An option has been added to the User Profile Field editor to show the field and its lab el in the User Info block of topic starters and replies. You can set this option by editin g your existing User Profile Fields in the AdminCP.
New Password Scheme
Support for the Argon2ID password hashing algorithm has been added to the system. This will be utilized if the server supports it. The server must be using PHP 7.3 or higher. PH P must be configured to allow the Argon2ID algorithm. More information can be found here. If Argon2ID is not available, the system will continue to use the BCrypt algorithm for password storage. The cost for BCrypt has been increased to account for newer processors.
For more information on password hashing please see the PHP documentation.
These changes should be transparent to end users.
Password Reset
A tool to invalidate all user passwords has been added to the AdminCP. This will update the password of all users except the currently logged in Administrator. Users will not be able to log in until they create a new valid password. This tool is located under Mainten ance -> General Update Tools. For security purposes, this will only appear while the site is in Debug Mode.
File Permissions
We recommend making the vBulletin directories and files write-protected for security purposes. If you need assistance with this, please contact your hos ting provider.
.htaccess
The .htaccess file has been rewritten to help improve security of the file system. The changes prevent direct access of PHP files in a number of directories. This will not affec t normal operations of vBulletin. It is recommended to use this file if you're using share d hosting.
The use of .htaccess files within sub-directories has been changed. This has resulted in the removal of these files in some dire ctories as well as the addition of .htaccess files in others.
AdminCP Directory
The /admincp/ directory in the vBulletin root has been removed for new installations. This directo ry is not needed for vBulletin to function properly. If you use the new .htaccess file pro vided in 5.6.0, you will need to delete this directory when upgrading.
Additional Information
All resolved issues can be seen in the issue tracker roadmap.
Install / Upgrade
After upgrading your vBulletin system, you should delete any possible obsolete files. Y ou can obtain more information on why this is needed and instructions on how to do this in this topic in the vBulletin 5 Installs & Upgrades forum.
System Requirements
Minimum System Requirements
PHP 7.1 End of Life
Please note that PHP 7.1.X is now end of life. It is recommended that you upgrade to PH P 7.2 or higher as soon as possible.
Current Version Support Schedule
If you have any questions about these changes you may discuss them here: https://forum.vbulletin.com/node/4413190
If you find an issue with the software or wish to place a feature request please visit our tracker.
In order to receive support for your vBulletin Product please visit our community forums.
vBulletin 5.5.6 is now available to download customers. This version contains updates t o the content editor and security tools within the software.
Front End Changes
CKEditor Update
The version of CKEditor distributed with vBulletin is now 4.13. This brings the editor up to date with the vendor's distributed version. While the visible functionality will not have changed much, a lot has changed behind the scenes. For more information on changes p lease see the CKEditor changelog.
Emoji Support
Emoji are similar to vBulletin's smilie functionality but are implemented via standard font characters instead of using images. When using a compatible database, you can enable UTF-8 Emoji within CKEditor. This allows over 1500 different emoji to be used by your users. E moji can be selected from a panel in the Richtext Editor or by automatic lookup when the u ser is typing.
Drag and Drop Uploads
You can now drag and drop allowed files within the editor window. This will give users more control over images uploaded to their content. To use this feature, users simply need to drag their attachments over the editor and drop them on the attachment panel. If the a ttachment panel is not open during the drag, it will automatically open.
Forum Listing Depth
A depth setting has been added to the Activity Stream module (Forum Home Page) and the Sub-Channel Display module (used on individual channel pages). This setting allows a max depth of 1, 2, or 3 channels. The behavior varies depending on the use of Category channels at the top level. For example:
- The home page allows showing Category (1) => Forum (2) => Subforum (3). If you don't use category channels and have it set to 3, it will still only show Forum => Subf orum when depth is set to 3. This is due to current limitations in the template code. This can affect the display if you have a mix of Categories and Forums that are not in categor ies. Setting this value to 1 or 2 will hide subforum listings.
- Forum channels typically show two levels as in Forum (1) => Subforum (2). At this t ime, the template system will limit this to a depth of 2 even if the value is set to 3.
- Resolved an issue where the bread crumb links can be displayed off center in some them es.
- Modules now scroll a page at a time in the Site Builder Page Editor.
- Resolved an issue that resulted in large file sizes when resizing images.
- Resolved an issue that resulted in images being rejected before resizing.
Notices
To continue the merging of Notice and Announcement functionality, a number of enhanceme nts have been made to editing Notices in the AdminCP. These include:
- Notices now support BBCode in addition to HTML.
- Notices now support Smilie codes.
- URLs within Notices will be automatically parsed as links when the Notice is saved.
- Notices can be assigned to the "Home Page" channel in order to appear only o n the default home page.
The suspect file diagnostics has been rewritten and expanded to provide better file dia gnostics. This utility allows you to quickly search for altered, missing, or extra files w ithin your vBulletin directory. With the output provided and your own personal deployment records, you can use the Suspect File Diagnostics to help secure your server and make sure vBulletin's files are up to date. Several changes have been implemented:
- A list of the checksum files used for comparison will be displayed at the top of the o utput.
- A warning will be displayed if any of the checksum files are writable.
- It will scan all vBulletin directories. If a directory is unknown, you will be informe d of this fact.
- Static files (i.e images, javascript, and css files) will now be scanned.
- Problematic files will be listed at the top of the output.
- Safe directories will be collapsed to simplify the output.
- Additional file types will be checked. This includes .htaccess and image file extensio ns.
Name: suspect_files.png Views: 157 Size: 50.9 KB ID: 4431272"]https://forum.vbulletin.com/filedata/fetch?id=4431272&d=1578523428[/IMG]
Known Limitations
- Templates stored in the file system can trigger false positives. By default, these are stored in the /core/cache/template directory. You can move these out of the vBulletin directory if you wish.
- Some optional directories will be ignored. Notably, the directories used when storing CSS as files. These directories should be inspected manually if you suspect issues.
- Several files will not be checked. These include /.htaccess, /config.php, and /core/includes/config.php. You will need to manually inspect these files if you suspect changes.
Style Variable Editor
The Style Variable Editor has been enhanced.
- The default view will only show variable groups. This simplifies the display and allow s administrators to select a group of variables easier.
- The system will expand and contract the groups as you use them.
- When you search for one or more style variables, only the matches will be shown in a s implified list. Groups without a match will be hidden.
User Profile Fields
An option has been added to the User Profile Field editor to show the field and its lab el in the User Info block of topic starters and replies. You can set this option by editin g your existing User Profile Fields in the AdminCP.
Security
New Password Scheme
Support for the Argon2ID password hashing algorithm has been added to the system. This will be utilized if the server supports it. The server must be using PHP 7.3 or higher. PH P must be configured to allow the Argon2ID algorithm. More information can be found here. If Argon2ID is not available, the system will continue to use the BCrypt algorithm for password storage. The cost for BCrypt has been increased to account for newer processors.
For more information on password hashing please see the PHP documentation.
These changes should be transparent to end users.
Password Reset
A tool to invalidate all user passwords has been added to the AdminCP. This will update the password of all users except the currently logged in Administrator. Users will not be able to log in until they create a new valid password. This tool is located under Mainten ance -> General Update Tools. For security purposes, this will only appear while the site is in Debug Mode.
File Permissions
We recommend making the vBulletin directories and files write-protected for security purposes. If you need assistance with this, please contact your hos ting provider.
.htaccess
The .htaccess file has been rewritten to help improve security of the file system. The changes prevent direct access of PHP files in a number of directories. This will not affec t normal operations of vBulletin. It is recommended to use this file if you're using share d hosting.
The use of .htaccess files within sub-directories has been changed. This has resulted in the removal of these files in some dire ctories as well as the addition of .htaccess files in others.
AdminCP Directory
The /admincp/ directory in the vBulletin root has been removed for new installations. This directo ry is not needed for vBulletin to function properly. If you use the new .htaccess file pro vided in 5.6.0, you will need to delete this directory when upgrading.
Additional Information
All resolved issues can be seen in the issue tracker roadmap.
Install / Upgrade
File Cleanup
After upgrading your vBulletin system, you should delete any possible obsolete files. Y ou can obtain more information on why this is needed and instructions on how to do this in this topic in the vBulletin 5 Installs & Upgrades forum.
System Requirements
Minimum System Requirements
- PHP Version: 7.1.0, See End of Life note below.
- MySQL Version: 5.6.10
- MariaDB Version: 10.0.0
- PHP Version: 7.4 or higher
- MySQL Version: 8.0 or higher
- MariaDB Version: 10.3+
PHP 7.1 End of Life
Please note that PHP 7.1.X is now end of life. It is recommended that you upgrade to PH P 7.2 or higher as soon as possible.
Current Version Support Schedule
- Active Version - 5.5.6
- Security Patch - 5.5.5
- Security Patch - 5.5.4
- No Patch Release - 5.5.3 or earlier.
If you have any questions about these changes you may discuss them here: https://forum.vbulletin.com/node/4413190
If you find an issue with the software or wish to place a feature request please visit our tracker.
In order to receive support for your vBulletin Product please visit our community forums.