The reported security flaw described in this announcement, which could potentially allow a SELECT query to be hijacked, has been addressed.

A problem where users of the Apple browser Safari would be logged off the system prematurely when vBulletin runs on specific servers has been resolved.
More info...

Much has been said about Microsoft's decision to make the Javascript prompt() function throw a security warning whenever it is called. This change resulted in vBulletin's text editor system throwing security warnings whenever a user tried to insert an image or an email link. The use of prompt() for Internet Explorer 7 users has now been discontinued in favour of an alternative method of collecting user input.
More info...

Additionally, improvements in Internet Explorer 7 mean that certain aspects of the vBulletin pop-up menu system, which were previously required to circumvent rendering issues, can now be bypassed. Most notable amongst these is the code that hides all <select> elements that would intersect with the menu when opened.

A problem where infraction expiration was not cleaned-up properly has been addressed.
More info...

Some users running recent versions of PHP running on FreeBSD have encountered a bug in the regular expression engine that caused an error to be shown when logging in. We have worked around this problem. However, it may still appear in other areas, so we are trying to find a proper fix for the issue.