The recent discovery of an obscure method in which to expose a cross-site scripting (XSS) error in vBulletin when using specific browser software means that it is necessary to release Patch Level (PL) versions of both 3.7.1 and 3.6.10.
We recommend that all customers upgrade to protect themselves.
Upgrading from 3.7.1 or 3.6.10
If you are already running 3.7.1 or 3.6.10, the process you will be required to follow to make your board immune to the XSS problem is very simple. Visit the Patches section of the vBulletin Members' Area and download either the patch for 3.7.1, or the patch for 3.6.10, according to the version you are currently running, then extract the files from the archive you downloaded, then upload the files to your board via FTP etc., overwriting the existing files. This will update your version to the PL1 release.
There is no need to run an upgrade script if you are already running 3.7.1 or 3.6.10.
Upgrading from Versions Earlier than 3.7.1 or 3.6.10
If you are not already running 3.7.1 or 3.6.10, you should download the most latest version from the Members' Area and perform an upgrade as normal.
Full instructions for upgrading vBulletin are available here.
PHP and MySQL Requirements
Please note that vBulletin 3.7.x requires at least PHP 4.3.3 and MySQL 4.0.16 or later.
However, we recommend that vBulletin 3.7.x is run on PHP 5.2.6 with APC (or a similar opcode cache) and MySQL 5.0.51 for best performance and stability.
End of Life for PHP 4
The PHP group has announced the end of life for PHP 4. We strongly recommend that customers update their servers to PHP 5.2.6 if they are still running PHP 4. vBulletin 3.7.1 supports PHP 5 and MySQL 5 fully, though you may need to disable strict mode for MySQL, see here on how to enable 'force_sql_mode'.
Note: We will continue to support PHP 4 in the vBulletin 3 series.
Download vBulletin 3.7.1 PL1 or 3.6.10 PL1
As usual, both versions released today are available for all customers with valid, active licenses to download from the vBulletin Members' Area.
vBulletin Members Area