vBulletin 2.3.9
A recently discovered cross-site scripting (XSS) flaw in all three branches of vBulletin has prompted us to perform a security update, releasing new versions of vBulletin 2, 3.0.x and 3.5.x simultaneously. vBulletin 2.3.x also contains an XSS flaw related to bbcode parsing, this problem is also resolved by the release of 2.3.9.
All prior versions of vBulletin are vulnerable and we advise customers to upgrade or patch their vBulletin installations at their earliest convenience.
For the vBulletin 2.3.x branch, the problem can be resolved in one of two ways.
Upgrade Instructions:
Instructions for upgrading to vBulletin 2.3.9 are available here.
A recently discovered cross-site scripting (XSS) flaw in all three branches of vBulletin has prompted us to perform a security update, releasing new versions of vBulletin 2, 3.0.x and 3.5.x simultaneously. vBulletin 2.3.x also contains an XSS flaw related to bbcode parsing, this problem is also resolved by the release of 2.3.9.
All prior versions of vBulletin are vulnerable and we advise customers to upgrade or patch their vBulletin installations at their earliest convenience.
For the vBulletin 2.3.x branch, the problem can be resolved in one of two ways.
- Full Upgrade: The best way to fix the problem is to perform a full upgrade, downloading the complete 2.3.9 package from the vBulletin Members' Area and following the regular upgrade procedure.
- Patch: A second option is to download the patch files attached to this thread and upload them to your web server, overwriting the existing files.
Upgrade Instructions:
Instructions for upgrading to vBulletin 2.3.9 are available here.
Comment