vBulletin 2.3.10 Released

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Kier
    Former Lead Developer, vBulletin
    • Sep 2000
    • 8179
    #1

    vBulletin 2.3.10 Released

    vBulletin 2.3.10

    Following the internal discovery of a potential cross-site scripting flaw, we have decided to put out a preventative security release in order to close the hole before it is exploited.
    For the vBulletin 2.3.x branch, the problem can be resolved in one of two ways:
    1. Full Upgrade: The best way to fix the problem is to perform a full upgrade, downloading the complete 2.3.10 package from the vBulletin Members' Area and following the regular upgrade procedure.
    2. Patch: A second option is to download the patch file in the Members' Area and upload them to your web server, overwriting the admin/functions.php file.
    Please do note that vBulletin 2.3.x and 3.0.x are reaching the end of their lives and no longer actively developed, except for security fixes and critical bug resolution. If you have not yet upgraded to a more recent version of vBulletin, you should consider doing so.

    Upgrade Instructions:

    Instructions for upgrading to vBulletin 2.3.9 are available here.
    Tags: None
    • Mike Sullivan
      Former vBulletin Developer
      • Apr 2000
      • 13327
      • 3.6.x
      #2
      Files and Templates Changed Since 2.3.9

      Files Changed Since 2.3.9
      • admin/adminfunctions.php
      • admin/functions.php
      • admin/global.php
      • admin/index.php
      • admin/install.php
      • admin/sessions.php
      • admin/upgrade1.php
      • admin/upgrade33.php
      • admin/vbulletin.style


      Templates Changed Since 2.3.9
      None

        Comment

        • Kier
          Former Lead Developer, vBulletin
          • Sep 2000
          • 8179
          #3
          You can discuss this release here:

          vBulletin Community Forum
          http://www.vbulletin.com/forum/showthread.php?t=194086

            Comment

            • Kier
              Former Lead Developer, vBulletin
              • Sep 2000
              • 8179
              #4
              Important Notice

              If you downloaded vBulletin 2.3.10 prior to the date of this post, please download the attached file (attachment.php) and upload it to your webserver, overwriting the exiting attachment.php.

              This will fix a security hole discovered in Internet Explorer that affects vBulletin.

              Please use this file only to patch vBulletin 2.3.10. Patches for the three other versions released today are attached to their respective announcement threads.

              Downloads made after the time of this post have been fixed in the Members' Area and are not vulnerable.
              Attached Files

                Comment

                Previous template Next
                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                Working...