vBulletin 5.3.0 Connect is now available.

Feeder

Feeder

Fan
Joined
Jun 15, 2014
Messages
690
vBulletin 5.3.0 is now available. Customers with valid licenses are encouraged to use this version of the software.

Two-Factor Authentication
We are proud to introduce Two-Factor Authentication for control panel sessions. Two-factor Authentication provides additional security using your smartphone. You would enable this feature in your configuration files. Then each user can generate their own secret token from their user settings panel. Once enabled, the user will retrieve their login token from the app they choose to use. We recommend using Google Authenticator on most platforms. Once the user has created a security key it will be required on appropriate logins. Currently, this functionality covers the AdminCP, ModCP, Inline Moderation, and Site Builder. These are locations controlled by the cpsession system of the software.
awww_vbulletin_com_forum_filedata_fetch_1b5dbfe6d1694953899d1a193a4e3e4d._.png




Read more about Two-Factor Authentication in this article (https://www.vbulletin.com/forum/arti...authentication).

Calendar
Following the implementation of events, we have added a Calendar Page, and corresponding modules, to the system. This allows you to present your upcoming events in a traditional calendar format. This should allow your users to discover events easily. The calendar can be accessed from any Upcoming Events module. It will inherit any search parameters of that module. It can also be accessed by adding /calendar to your site address.

New modules
Calendar - This is the calendar module used for the new page. You can also place this module on any page where you might want to display this information.
awww_vbulletin_com_forum_filedata_fetch_014ab5329dadd328ff6b394dbf247870._.png



Tab Container - This new module can contain other modules. This will allow you to create a custom tabbed page on your site. We use it on the Calendar page as an example. There the tab container module holds two modules: the calendar module, and the upcoming events module.
awww_vbulletin_com_forum_filedata_fetch_4679403b845861f66c4c7f2c200b9a3e._.png




System Requirements
Minimum PHP Version: 5.6.0
Minimum MySQL Version: 5.1.5

Recommended PHP Version: 7.1 or higher
Recommended MySQL Version: 5.7.0 or higher
Recommended MariaDB Version: 10+

Current Version Support Schedule:
  • Active Version - 5.3.0
  • Security Patch - 5.2.6
  • Security Patch - 5.2.5
  • No Patch Release - 5.2.4 or earlier.

Discussion
If you have any questions about these changes you may discuss them here: https://www.vbulletin.com/forum/node/4365959
Click to expand...

Read More...
 
LeadCrow

LeadCrow

Apocalypse Admin
Joined
Jun 29, 2008
Messages
6,818
Anyone got a live install running? Preferably close to the default parameters.

I wonder how far its gotten closer to viable compared to the original release. Compares and benchmarks might illustrate that better than these compact announcements and lists of JIRA reports.
 
zappaDPJ

zappaDPJ

Moderator
Joined
Aug 26, 2010
Messages
8,450
Currently, this functionality covers the AdminCP, ModCP, Inline Moderation, and Site Builder.
Click to expand...

You would enable this feature in your configuration files.
Click to expand...

An admin only function that can't be enabled in the admin control panel? Why such a limited implementation or have I misread something?
 
LeadCrow

LeadCrow

Apocalypse Admin
Joined
Jun 29, 2008
Messages
6,818
The last thing you'd want is 2FA an account thief or rogue admin could disable or worse.

Acquire privileged account when 2FA is off, then enable it once you owned the place so all other staff are locked out and unable to do anything without a server handler intervening on the machine. It'd be worse because a hacker could then require staff's 2FA handshakes to go trough him, enabling a situation where a hacker firmly stays in control.
 
zappaDPJ

zappaDPJ

Moderator
Joined
Aug 26, 2010
Messages
8,450
LeadCrow said:
The last thing you'd want is 2FA an account thief or rogue admin could disable or worse.

Acquire privileged account when 2FA is off, then enable it once you owned the place so all other staff are locked out and unable to do anything without a server handler intervening on the machine. It'd be worse because a hacker could then require staff's 2FA handshakes to go trough him, enabling a situation where a hacker firmly stays in control.
Click to expand...

I guess so. I'd don't think I'd be too happy having staff members with 2FA admin privileges but your scenario is certainly valid.
 
ManagerJosh

ManagerJosh

Adherent
Joined
Oct 24, 2004
Messages
344
LeadCrow said:
The last thing you'd want is 2FA an account thief or rogue admin could disable or worse.

Acquire privileged account when 2FA is off, then enable it once you owned the place so all other staff are locked out and unable to do anything without a server handler intervening on the machine. It'd be worse because a hacker could then require staff's 2FA handshakes to go trough him, enabling a situation where a hacker firmly stays in control.
Click to expand...

In all honesty though, how much level of access difference is usually between administrators on the same site? :p
 
Paul M

Paul M

Super Moderator
Joined
Jun 26, 2006
Messages
4,077
ManagerJosh said:
One week from RC 1 to Final? Yikes.
Click to expand...
The only reason you even get an RC each release is because I insisted that I would not put beta's live on the main forum (there is a Beta forum for that).
Each new version is basically put up on the main forum for between 3 days and a week, before its finally released.

zappaDPJ said:
An admin only function that can't be enabled in the admin control panel?
Click to expand...
I asked about this when I could not find how to turn it on. The main reason was apparently so that if an admin locked themselves out after turning it on, they could turn it off in the config file and thus get back in. I was going to ask why not just provide a disable setting in the config file (like what was done for hooks) but I couldnt be bothered. I'll never use it, so it didnt seem worth the arguments.
 
doubt

doubt

Tazmanian
Joined
Feb 25, 2013
Messages
4,898
Paul M said:
I'll never use it, so it didnt seem worth the arguments.
Click to expand...
Why not, Paul?
It cannot be that bad and you are not that dumb that you cannot modify it to be usable?

Edited: Spelling
 
Last edited:
zappaDPJ

zappaDPJ

Moderator
Joined
Aug 26, 2010
Messages
8,450
Paul M said:
I asked about this when I could not find how to turn it on. The main reason was apparently so that if an admin locked themselves out after turning it on, they could turn it off in the config file and thus get back in. I was going to ask why not just provide a disable setting in the config file (like what was done for hooks) but I couldnt be bothered. I'll never use it, so it didnt seem worth the arguments.
Click to expand...

That sounds like a better option plus it makes things a little easier for cloud users who would no longer have to raise a ticket to have 2FA enabled.
 
HallofFamer

HallofFamer

Habitué
Joined
Sep 6, 2010
Messages
1,355
This feels more like VB 5.0.0 honestly, and you see how much IB rushed an unfinished product and drove customers away.
 
Shimei

Shimei

Fan
Joined
Oct 11, 2015
Messages
511
Awesome. Running 5.3.0 and haven't an issue with PHP 7.1.

I went to a dedicated server which solved my issue with running PHP 7.1. My old host presented issues that prevented me from running it.
 
ozzy47

ozzy47

Tazmanian Master
Joined
Oct 18, 2013
Messages
8,960
Shimei said:
Awesome. Running 5.3.0 and haven't an issue with PHP 7.1.

I went to a dedicated server which solved my issue with running PHP 7.1. My old host presented issues that prevented me from running it.
Click to expand...

That's great. What host you with now?
 
Shimei

Shimei

Fan
Joined
Oct 11, 2015
Messages
511
ozzy47 said:
That's great. What host you with now?
Click to expand...
A2 Hosting
  • From 2X500 GB Storage (I have SSD)
  • From 10 TB Transfer
  • 2 Cores
  • Intel 3.7+ GHz
  • Free SSL
  • Free cPanel Control Panel
  • Anytime Money Back Guarantee
  • Ram 8 Gigs
https://www.a2hosting.com/dedicated-server-hosting/managed

Everything I need with root access. It is a managed server too, which is especially helpful because I'm Linux ignorant. Next step is to get Sphinx search running. :) My second bill and what will be reoccurring since set up is 220.00 a month. They are offering a discounted first month price when the cost is 140.

Enjoy, Ozzy,
William
 
You must log in or register to reply here.
Top