Announcement

Announcement Module
Collapse
No announcement yet.

vBulletin Security Patch for vBulletin 3.8.7 & 4.0 - 4.2 (Suite & Forum) - 06/07/2012

Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • vBulletin Security Patch for vBulletin 3.8.7 & 4.0 - 4.2 (Suite & Forum) - 06/07/2012

    A recent vBulletin report indicated that there was a potential exploit vector in flood protection. Once the cause of the issue was isolated, code changes were made to eliminate the reported threat.

    This issue affects BOTH vBulletin 3 and vBulletin 4 (Suite & Forum).

    A patch has been issued for vBulletin 3.8.7 through 4.2.

    To improve the security of your vBulletin 4 installation, please download the patch from the members area of vBulletin: http://members.vbulletin.com/

    The standard upgrade process for a patch level release is:
    1. Download the patch for the version of vBulletin you're currently running from https://members.vbulletin.com/patches.php.
    2. Extract the vBulletin patch files from the zip file.
    3. Upload the patch files to your server, overwriting the old files.

    Advanced Users:

    Files updated in the patch for vBulletin 3.8.7 * 4.0 - 4.1.12 (Suite & Forum).
    • includes/class_dm_threadpost.php
    • includes/class_floodcheck.php
    • includes/version_vbulletin.php

    Files updated in the patch for vBulletin 4.2 (Suite & Forum).
    • includes/adminfunctions.php
    • includes/class_dm_threadpost.php
    • includes/class_floodcheck.php
    • install/includes/class_upgrade_420a1.php
    • install/init.php
    • install/mysql-schema.php
    • vb/activitystream/populate/forum/thread.php
    • includes/version_vbulletin.php

    Licensed customers can discuss the security patch - HERE

    Special thanks to cellarius, Andreas, s.molinari, and the vBulletin Germany team.
    Last edited by Zachery; Fri 8th Jun '12, 10:40am.
    Do or do not do. There is no try.

    Give us feedback on your vB4 Pain Points HERE
    Give us feedback on your vB4 Plugin, Mod, Skin, & Custom Style Pain Points HERE

  • #2
    Please note, the patch for vBulletin 4.2 contains the following additional changes:
    Do or do not do. There is no try.

    Give us feedback on your vB4 Pain Points HERE
    Give us feedback on your vB4 Plugin, Mod, Skin, & Custom Style Pain Points HERE

    Comment


    • #3
      For clarity, you only download and apply the patch for the version you're currently running (i.e patch for 4.1.12 if you're running 4.1.12, 4.2.0 PL1 for 4.2.0).

      If you're changing version number, for example 4.1.12 to 4.2.0, you need to download the FULL package, not the Security Patch and follow the standard upgrade instructions.

      Please also see this article on patching:

      How To Patch Your Site
      Last edited by Trevor Hannant; Fri 8th Jun '12, 1:49am.


      Vote to have Javascript refactored in vB5

      Comment

      Working...
      X