vBulletin Security Patch for vBulletin 3.8.7 & 4.0 - 4.2 (Suite & Forum) - 06/07/2012

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Allen Lin
    Former vB4 Project Manager
    • Apr 2009
    • 1250
    #1

    vBulletin Security Patch for vBulletin 3.8.7 & 4.0 - 4.2 (Suite & Forum) - 06/07/2012

    A recent vBulletin report indicated that there was a potential exploit vector in flood protection. Once the cause of the issue was isolated, code changes were made to eliminate the reported threat.

    This issue affects BOTH vBulletin 3 and vBulletin 4 (Suite & Forum).

    A patch has been issued for vBulletin 3.8.7 through 4.2.

    To improve the security of your vBulletin 4 installation, please download the patch from the members area of vBulletin: http://members.vbulletin.com/

    The standard upgrade process for a patch level release is:
    1. Download the patch for the version of vBulletin you're currently running from https://members.vbulletin.com/patches.php.
    2. Extract the vBulletin patch files from the zip file.
    3. Upload the patch files to your server, overwriting the old files.


    Advanced Users:

    Files updated in the patch for vBulletin 3.8.7 * 4.0 - 4.1.12 (Suite & Forum).
    • includes/class_dm_threadpost.php
    • includes/class_floodcheck.php
    • includes/version_vbulletin.php


    Files updated in the patch for vBulletin 4.2 (Suite & Forum).
    • includes/adminfunctions.php
    • includes/class_dm_threadpost.php
    • includes/class_floodcheck.php
    • install/includes/class_upgrade_420a1.php
    • install/init.php
    • install/mysql-schema.php
    • vb/activitystream/populate/forum/thread.php
    • includes/version_vbulletin.php


    Licensed customers can discuss the security patch - HERE

    Special thanks to cellarius, Andreas, s.molinari, and the vBulletin Germany team.
    Last edited by Zachery; Fri 8 Jun '12, 10:40am.
    Tags: None
      👍 1
    • Allen Lin
      Former vB4 Project Manager
      • Apr 2009
      • 1250
      #2
      Please note, the patch for vBulletin 4.2 contains the following additional changes:

        Comment

        • Trevor Hannant
          vBulletin Support
          • Aug 2002
          • 24358
          • 5.7.X
          #3
          For clarity, you only download and apply the patch for the version you're currently running (i.e patch for 4.1.12 if you're running 4.1.12, 4.2.0 PL1 for 4.2.0).

          If you're changing version number, for example 4.1.12 to 4.2.0, you need to download the FULL package, not the Security Patch and follow the standard upgrade instructions.

          Please also see this article on patching:

          How To Patch Your Site
          Last edited by Trevor Hannant; Fri 8 Jun '12, 1:49am.
          Vote for:

          - Admin Settable Paid Subscription Reminder Timeframe (vB6)
          - Add Admin ability to auto-subscribe users to specific channel(s) (vB6)

            Comment

            Previous template Next
            widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
            Working...