An XSS exploit has been discovered in 4.0.1 and 4.0.2. We strongly recommend that anyone running these versions immediately patch their systems.
If you are running 4.0.2 already, simply download the latest Security patch: 4.0.2 Suite PL1 from the Patches section in the Members Area, extract the 5 patch files, then upload these files making sure to overwriting the existing files. This will update your version to the latest patch release. The patch files are:
includes/class_core.php
includes/functions_forumdisplay.php
includes/functions.php
includes/version_vbulletin.php
vb/legacy/thread.php
If you are running 4.0.1, you will need to do a full upgrade to 4.0.2 PL1 (available in the Members Area.) Just download the latest release and upgrade normally.
If you are running 4.0.2 already, simply download the latest Security patch: 4.0.2 Suite PL1 from the Patches section in the Members Area, extract the 5 patch files, then upload these files making sure to overwriting the existing files. This will update your version to the latest patch release. The patch files are:
includes/class_core.php
includes/functions_forumdisplay.php
includes/functions.php
includes/version_vbulletin.php
vb/legacy/thread.php
If you are running 4.0.1, you will need to do a full upgrade to 4.0.2 PL1 (available in the Members Area.) Just download the latest release and upgrade normally.