VaultWiki Security Update: 3.0.11, VaultWiki Mobile

Early Monday our staff discovered a security vulnerability in the VaultWiki software, and we have released VaultWiki 3.0.11 to patch this and other issues. Customers have been contacted via email to alert them of the issue before a public announcement was made.

All versions of VaultWiki prior to 3.0.11 are vulnerable. This particular exploit can allow an attacker to access and modify the database. If any customer is not already running 3.0.11, we urge you to upgrade immediately to protect your site.

Aside from a security fix, 3.0.11 also resolves some other issues, and includes some notable changes: the mobile style, and the single-column version comparison. For a full list of changes, see: http://www.vaultwiki.org/projectsear...suereportid=20

Mobile Style

vBulletin 4.1.2 comes packaged with an optional mobile style with a clean, simple interface. Unfortunately, most forums will not be able to use the style because minor modifications to vBulletin cause the style to become unstable and the forum to not load at all.

While many other modifications will likely also need to be updated, VaultWiki 3.0.11 takes the necessary steps to be compatible with vBulletin's mobile style itself. VaultWiki will detect if the user's style selection is indeed the mobile style, and it will efficiently disable features and skip any processing that isn't used in the style.



Updating the mobile style with VaultWiki's mobile templates requires some additional steps after upgrading. These steps are discussed in my blog here: http://www.vaultwiki.org/blogs/49/

Version Comparison Changes

In order to work in a mobile style, the side-by-side approach for comparing old versions of an article could not be used, because of the inherent limits of mobile devices' small screen sizes.

We instead adopted a system similar to patch files, where only one column is used:



We were so pleased with the result that we updated the default style with this change also. Now you get a comparison that uses less HTML, is easier to read, and is more likely to fit on a variety of screen resolutions.

VaultWiki 4 Release Date

We have reached a point in the development of VaultWiki 4 where we feel like we can give a static release date that we can stick to. Keep in mind that the first release will still be an Alpha version, but will be available for Premium subscribers to download and start testing on April 4.

Upcoming Server Move

Over the past several months we have started to become more aware of the technical limitations of our current web server. We have taken steps to increase efficiency, specifically in our distribution code, but those limits are still in sight.

Most notably, our server had difficulty handling the volume of emails and subsequent mass downloading immediately following the release of 3.0.11, an important security update. Whether the problem was us actually reaching a limit or an unrelated technical issue doesn't really matter. The fact is that a number of paying customers were not able to reach the web site at a critical time, and this is unacceptable.

If we expect to continue growing this year, especially with the aforementioned release of VaultWiki 4, we need to be ready. So we will be changing to our new server on April 1 (no joke).

Our address will not be changing, but we expect that the site will be unavailable for a day or so. We will keep everyone informed as this day creeps nearer.