Yesterday a potential cross-site-scripting (XSS) exploit was reported that affects vBadvanced CMPS v3.0+ and v4.0 Beta. vBadvanced CMPS v3.2.2 (vB 3.6 - 3.8) and v4.0.0 RC1 (vB 4.0+) have been released to correct this potential threat and are now available in the Members' Area here. It is highly recommended that anyone running vBadvanced CMPS v3.0+ upgrade to the appropriate version as soon as possible. The steps to upgrade are the same as usual and full upgrade instructions may be found in the readme.html file that comes with the download package.
For those running v3.x who do not wish to upgrade, please see this post (http://www.vbadvanced.com/forum/showpost.php?p=185927&postcount=19) for instructions on patch without upgrading.

We are also happy to announce the release of vBa CMPS v4.0.0 RC1. This new release takes v4.0 out of it's beta stages and brings the product to a level of stability where it may be run on live web sites. There will likely be some minor bugs still, but all known bugs & issues (http://www.vbadvanced.com/forum/forumdisplay.php?f=188) have been corrected. In addition to bug fixes, new settings when adding/editing pages have been added to allow you to display a link to the page in your navbar tabs, along with a setting to allow you to display that pages child pages below in a sub-menu.
Thanks to those who helped to test the beta versions. Your feedback and bug reports have been a huge help in getting to this stage!

Where do I get the new version? When I go to the members area the latest version that shows for me is Current Version: 3.2.1 Released: 07-17-2009.

I am on vB 3.8x still with np plans on going to 4.0 anytime soon.

Thanks..worked as a charm

@scott, it's in the download area now.

Is it possible to get a patch for CMPS 3.0+? I have some pretty modified PHP files and templates.

Or can you tell us what PHP files actually need to be updated?

Thanks,

How can this happen?

Why - Why this is .... Outrageous

Never before since the dawn of man has anything like this happened :mad:

I spilt my soda and that just makes me mad


Oh Ya Brian Great Job on the quick fix. I echo, A patch would be nice if possible

thanks for the hard work on rc1 and all the fixes
I upgrade to a test board and it wiped out every mod installed..

I did it on a second test board and did the same thing..

any ideas?

has this happened to anyone ?

Thanks, but there is an issue with the install: http://www.vbadvanced.com/forum/showthread.php?t=39660

Others are also having problem

thanks for the hard work on rc1 and all the fixes
I upgrade to a test board and it wiped out every mod installed..

I did it on a second test board and did the same thing..

any ideas?

has this happened to anyone ?

Yep.. happened to me. ALL other mods are not working!! Eeeek!

I upgraded with absolutly no issues

3.8.4 pl2
vbclassifieds
rbs banner system
stop forum spam

Everything intact including all my themes

4.0 RC1 for vB 4.0.2 PL1 break all other Mods on the forums! Tried disabling them and re-enable.. no go.
Help!

reinstall them ATM not sure of anything else that would work..

all my forums hacks including blog all disappeared
only Links Directory work

what is the solutions?

Re-installing doesn't work for all mods :(

If all hacks re-installed it work but quite lot work again have to do

For you guys having problems, please post in the support forums; problems are looked at in the support forums before the announcement threads. :o

but this is not just to help and / or support, but to warn that this gives error and disabling plugins, so that the end does not happen the same to many as we

but this is not just to help and / or support, but to warn that this gives error and disabling plugins, so that the end does not happen the same to many as weActually the problem you're describing is not affecting everybody, just certain sites, and for those who have posted in the support forums Brian is taking a look at to see how/why their sites are having the issue.

For those having issues with their other plugins after upgrading, please see my reply here:
http://www.vbadvanced.com/forum/showpost.php?p=185917&postcount=13

For those running v3.x who do not wish to do a full upgrade, you can patch this manually by uploading the new forum/clientscript/vba_cmps_admin.js file to your server, and then look in your admincp/vba_cmps_admin.php file for this code:
// ##### Preview BB Code Module Ajax ##########################################
if ($_REQUEST['do'] == 'preview')
{
chdir('../');

$phrasegroups = array('posting');
$globaltemplates = array('adv_portal_module_shell');
$actiontemplates = array();
$specialtemplates = array();

require_once('./includes/vba_cmps_include_template.php');

require_once('./global.php');
$vbulletin->input->clean_array_gpc('r', array(

And replace with this:
if ($_POST['do'] == 'preview')
{
define('CSRF_PROTECTION', true);
chdir('../');

$phrasegroups = array('posting');
$globaltemplates = array('adv_portal_module_shell');
$actiontemplates = array();
$specialtemplates = array();

require_once('./includes/vba_cmps_include_template.php');

require_once('./global.php');

$permissions = cache_permissions($vbulletin->userinfo);
if (!($permissions['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']))
{
exit;
}

$vbulletin->input->clean_array_gpc('p', array(

Thanks Brian for the patch code!

Hi Brian,
thanks for the patch
:)

CMPS is installed and working great but it won't let me log in. If I attempt to log in it still shows me as a guest until I go to my forums index page.
:confused:


I'm running Vb 4.0.2

CMPS is installed and working great but it won't let me log in. If I attempt to log in it still shows me as a guest until I go to my forums index page.
:confused:


I'm running Vb 4.0.2

DO NOT post questions in the Announcement forum.

You need to post in the correct support forum after reading the FAQ's.