Announcement

Collapse
No announcement yet.

Security Exploit Patched in versions 3.5, 3.6, 3.7, 3.8, 4.X, 5.X of vBulletin

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security Exploit Patched in versions 3.5, 3.6, 3.7, 3.8, 4.X, 5.X of vBulletin

    A security issue has been found that affects all versions of vBulletin including 3.x, 4.x and 5.x. We have released security patches to account for this vulnerability. This includes patches for vBulletin 3.8.7, vBulletin 4.2.2 and all versions of vBulletin 5 (including Cloud accounts). The patch is also applied to vBulletin 5.1.0 RC1. It is imperative that you apply these patches as soon as possible.

    Due to functionality changes, the minimum PHP version for the patch is 5.2.0. This represents an increase for vBulletin 3. Alternatively customers can install the JSON functions separately via http://pecl.php.net/package/json in which case it will work with any compatible PHP version that their particular version of vBulletin supports. You will need to collaborate with your hosting provider or systems administrator to apply the changes to PHP.

    Patch for vBulletin 5.0.5 PL1
    Patch for vBulletin 4.2.2 PL1
    Patch for vBulletin 3.8.7 PL3
    Patch for vBulletin 3.8.7 MAPI

    Linked below are patch files so that you can manually update versions of vBulletin 3 and vBulletin 4 without a direct patch.
    Attached Files
    Last edited by Wayne Luke; Thu 13th Mar '14, 5:26pm.
    Wayne Luke
    The Rabid Badger - a vBulletin Cloud site.
    Please do not PM me for support unless I specifically ask for information to be delivered that way.

  • #2
    Please note, we have already applied this patch to all vBulletin Cloud sites.

    Installing the Patch

    Please install the patch for your version of vBulletin immediately.
    1. Upgrade PHP to the minimum version or install the JSON PECL, if necessary.
    2. Download the patch from https://members.vbulletin.com/patches.php.
    3. Extract the vBulletin patches files from the Zip file.
    4. Upload the patch files to your server, overwriting the old files.
    As with all security related releases, we recommend all affected customers patch/upgrade as soon as possible.

    If you're using an unpatched version of 3.X or 4.X, and you need to manually apply the DIFF patches please see these threads:
    vBulletin 3.X
    vBulletin 4.X

    Frequently Asked Questions

    Do I need to run the upgrade scripts?
    No, you do not with this patch.

    If I apply the patch to 3.8.7 or 4.2.2 do I need to mess with the DIFF files?
    No, you do not.

    How do I use the DIFF patch for my version?
    Please see the thread linked above.

    Will you release the details of this issue?
    To allow our customers time to upgrade and apply the patch, we will not release any further details.


    If you have never patched your site, there are instructions in the manual:
    How to Patch Your Site
    Last edited by Lynne; Sat 15th Mar '14, 11:25am. Reason: add link to manual
    Wayne Luke
    The Rabid Badger - a vBulletin Cloud site.
    Please do not PM me for support unless I specifically ask for information to be delivered that way.

    Comment


    • #3
      To the top.
      Wayne Luke
      The Rabid Badger - a vBulletin Cloud site.
      Please do not PM me for support unless I specifically ask for information to be delivered that way.

      Comment

      Working...
      X