The vBulletin team is pleased to announce the release of vBulletin 3.6.1, which is now available for download from the online members' area. In addition to many fixes for bugs and issues that have been discovered in version 3.6.0, this release also boasts some exciting new features and enhancements.

Key improvements include enhanced support for podcasts, a more flexible infractions system and an integrated admin news system - providing administrators with the latest development news from vBulletin.com directly within the admin control panel. Version 3.6.1 also implements an enhanced cookie system that will help to keep users safe from cross-site-scripting (XSS) exploits. Details of new features are listed below.

We would like to remind our customers that vBulletin 3.6.x is now our stable, fully supported version, superseding both 3.0.x and 3.5.x. While we will continue to support 3.0.x and 3.5.x with critical bug remedies and security fixes, these lines are no longer in active development.

Note for Upgraders:
If you have customized templates and upgrade to vBulletin 3.6.1, you WILL need to revert many of them or some areas of your board will not function!

Minimum PHP and MySQL Requirements:
Please note that vBulletin 3.6.1 requires at least PHP 4.3.3 and MySQL 4.0.16 or later.

Security Advisory:
The implementation of HttpOnly cookies in vBulletin 3.6.1 is a significant step towards defeating XSS attacks, we recommend that customers upgrade to 3.6.1 as a preventative measure against any future XSS flaws.

You can read more about vBulletin 3.6.1 and find upgrade instructions on the vBulletin Community Forums here:
http://www.vbulletin.com/go/361

---------------- WHAT'S NEW IN 3.6.1? ----------------

In addition to the many new features introduced with vBulletin 3.6.0 (a run-down of which can be seen here: http://www.vbulletin.com/go/36features) vBulletin 3.6.1 contains several new improvements. This is a brief summary of what's new:

* Admin Control Panel News System
The vBulletin Admin CP now checks vBulletin.com for
news articles and announcements, allowing the vBulletin
team to quickly alert customers to new releases,
security problems etc.

* Infraction System: Infraction Extension
When a user receives the same type of infraction
twice, the second offence will now be tacked-on
to the first one, resulting in a longer life
for the infraction.

* Infraction System: Automatic Bans
Users can now be automatically moved to a 'banned'
usergroup by the infraction system if their 'offence'
is sufficiently serious.

* RSS Importer Supports 'Invalid' RSS
We have found that several popular RSS formats
are in fact invalid according to the RSS spec.
These formats would cause an error in vBulletin
previous to 3.6.1, but work-arounds are now in place
to allow them to be used.

* RSS Importer Improved Character Set Handling
Some problems encountered with obscure character
sets have been rectified with vBulletin 3.6.1.

* CAPTCHA for Guest Searches
To prevent robots from flooding your server with
requests to search.php, which can be expensive in terms
of system performance, a CAPTCHA system has been
implemented to ensure that only humans can search.

* HttpOnly Cookie Support to Defeat XSS Attacks
In order to prevent XSS attacks using Javascript to
steal cookie data, we have switched several cookies to
use the HttpOnly flag, causing them to become
unavailable to Javascript. PHP has also accepted our
patch to add this feature to PHP 5.2.0 in future.

* Podcast Improvements
Several Podcast options can now be set on a per-thread
basis rather than just per-forum.

* 'Search This Thread' Improvements
Additional options are now available when selecting
'Advanced Search' from 'Search This Thread'

* Improved Event Ordering
Events are now sorted in a greatly improved manner when
grouping events by date on the front page, or when
viewing events on the calendar in daily, weekly and
monthly views.