Announcement

Collapse
No announcement yet.

[vB4 Security] How To: Patch Your Site

Collapse
X
Collapse

  • Trevor Hannant
    started a blog post [vB4 Security] How To: Patch Your Site

    [vB4 Security] How To: Patch Your Site

    From time to time, it's necessary to issue a Security Patch (or Patch Level) release for vBulletin software. This differs from the normal upgrade routine so this short article will clarify exactly what needs to be done when we announce a Patch Level (PL) release.


    Download The Patch

    A Patch Level release doesn't come as a full set of files. As such, it doesn't appear in the normal download location. To access the Patch Release, first login to the [URL="http://members.vbulletin.com"]vBulletin Members Area[/URL="http://members.vbulletin.com"]. In the left hand navigation, you will see the following:




    [ATTACH=CONFIG]n43735[/ATTACH]







    In the 'Support Services' section, click on the [URL="http://members.vbulletin.com/patches.php"]Patches/Security Patches[/URL="http://members.vbulletin.com/patches.php"] link and you will see a screen showing all Patch Level releases for your Licenses:




    [ATTACH=CONFIG]n43734[/ATTACH]







    Simply click on the Patch for the version you're currently running and you will be taken to the download page, where you will be given options for how to download the Patch. The following options are available via the 'More Download Options' radio button should you need to change these before downloading the ZIP file (in the majority of cases, these will not need to be altered):
    • PHP File Extension - As a general rule, web servers will use .php as the extension for PHP scripts, but some servers may use a different extension, or you may simply wish to use a different extension out of your own preference. Various extensions are available here for you to choose.
    • Download File Format - This option allows you to choose the compression format of the package you are about to download. Most people will want to download the .zip package as Windows® has in-built support for zip files. However, if you are downloading the package directly to a Linux server you may prefer to use the tarball (.tar.gz) format.
    • CGI Shebang - This option will only be of use to you if your server runs PHP as a CGI rather than as a web server module. If your server runs PHP as a CGI and requires a shebang (such as #!/usr/bin/php) then you can enter the required text here and it will automatically be inserted into whichever PHP files in vBulletin require its use.





    When you have set the download options you can click the Download button to start the download. When the download prompt window appears, you should choose the Save option and choose a directory on your computer in which to save the package.







    [ATTACH=CONFIG]n59723[/ATTACH]


    Updating Files On Your Server

    With Patch Level releases, the preparation work is very small - simply extract the ZIP package to your local machine! Once you've done this, you will notice that there is no 'upload' folder. A Patch Level release only contains the files that are being fixed so you may see something like this when you open the ZIP file to extract it (screenshot shows vB4.0.4 PL1 contents):




    [ATTACH=CONFIG]n59724[/ATTACH]







    Before uploading these to your server, close your forums temporarily via:

    vB3.x: AdminCP > vBulletin Options > vBulletin Options > Turn Your vBulletin On and Off > Forum Active > 'No'
    vB4.x: AdminCP > Settings > Options > Turn Your vBulletin On and Off > Forum Active > 'No'

    It will also be a good idea at this point to take a backup of your site and database. While the database won't be updated with a Patch Level release, it's useful to have an up-to-date backup in any case. For more information on backing up your database, please see [URL="http://www.vbulletin.com/docs/html/main/manual_database_backup"]this section of the Online Manual[/URL="http://www.vbulletin.com/docs/html/main/manual_database_backup"].

    Connect to your FTP server and with the Patch Level files highlighted in the local pane and the existing old files in the remote pane, drag the new folders/files to the remote window.



    [ATTACH=CONFIG]n59725[/ATTACH]





    You will most likely be prompted by the FTP client at this point to ask if you want to overwrite the existing files. You should confirm this prompt, telling the FTP client that yes, you do want to overwrite the existing files. If the prompt gives you the option to overwrite all existing files without prompting again, use this option.

    Once the files are uploaded, that's your installation patched! There are no scripts to run and you can re-open your forums to users again.
      Posting comments is disabled.

    Related Topics

    Collapse

    Working...
    X