vBulletin 3.0.15 Released

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Kier
    Former Lead Developer, vBulletin
    • Sep 2000
    • 8179

    vBulletin 3.0.15 Released

    vBulletin 3.0.15

    Due to the discovery of an XSS flaw by imei addmimistrator and a further discovery of a potential XSS flaw internally, we are making vBulletin 3.0.15 available as a security release.

    While we recommend that customers perform a full upgrade to the latest version of vBulletin, which is now 3.6.0, we understand that some customers would prefer to stick with what they have and either upgrade to the newest 3.0.x release or patch their existing version.

    Full Upgrade

    The best way to fix the problem is to perform a full upgrade, downloading the complete 3.0.15 package from the vBulletin Members' Area and following the regular upgrade instructions.

    Patch File

    Patches are now available in the members' area. You may view available patches here. Alternatively, you may use the zip attached to this post to apply the patch. Both methods are equivalent.

    Go to the page mentioned above and download the "Security patch for 3.0.14" or download the zip at the end of this post. Extract the zip archive, then connect to your web server using FTP and overwrite the following files using the replacement versions from the zip.
    • includes/functions.php
    • admincp/global.php
    • modcp/global.php
    Notes:
    1. You do not need to download this patch if you perform a full upgrade to 3.0.15, 3.5.5 or 3.6.0.
    2. If you only apply a patch, your version number will not change. Your version number will only be updated if you perform a full upgrade.
    To repeat, go here to download the "Security patch for 3.0.14"
  • Mike Sullivan
    Former vBulletin Developer
    • Apr 2000
    • 13327
    • 3.6.x

    #2
    Files and Templates Changed Since 3.0.14

    Files Changed Sine 3.0.14
    • /
      • showthread.php
    • admincp/
      • global.php
      • index.php
    • includes/
      • adminfunctions.php
      • functions.php
      • init.php
      • vbulletin_credits.php
    • install/ - assume all files changed
    • modcp/
      • global.php


    Templates Changed Since 3.0.14
    None

    Comment

    • Kier
      Former Lead Developer, vBulletin
      • Sep 2000
      • 8179

      #3
      You can discuss this release here:

      Comment

      • Kier
        Former Lead Developer, vBulletin
        • Sep 2000
        • 8179

        #4
        Important Notice

        If you downloaded vBulletin 3.0.15 prior to the date of this post, please download the attached file (attachment.php) and upload it to your webserver, overwriting the exiting attachment.php.

        This will fix a security hole discovered in Internet Explorer that affects vBulletin.

        Please use this file only to patch vBulletin 3.0.15. Patches for the three other versions released today are attached to their respective announcement threads.

        Downloads made after the time of this post have been fixed in the Members' Area and are not vulnerable.
        Attached Files

        Comment

        widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
        Working...