Manual Security Patch Instructions for VB 4.x.x
Collapse
X
-
-
The diff files will work on ALL vBulletin 4.x versions. The diff files were provided because actual patches were not being released for older VB 4.x versions.Comment
-
MARK.B
vBulletin Support
------------
My Unofficial vBulletin 6.0.0 Demo: https://www.talknewsuk.com
My Unofficial vBulletin Cloud Demo: https://www.adminammo.comComment
-
very easy instructions - took no more than 5 minutes. I shake my head at some guys who are confused about how to do this.Digital-Forums: www.digital-forums.com | CK3 Games: www.ck3.co.ukComment
-
It's either upload the patch files or manually edit the existing files.MARK.B
vBulletin Support
------------
My Unofficial vBulletin 6.0.0 Demo: https://www.talknewsuk.com
My Unofficial vBulletin Cloud Demo: https://www.adminammo.comComment
-
I understand this marks a change in how people are used to getting patches for 4.x because we only supplied an actual patch for VB 4.2.2. However this is not the thread for complaints. Any post that is not a valid request for support or feedback on actually applying the above changes will be deleted. Anyone posting off topic past this point will get infractions. Please use the Licensed Customer Feedback forum to provide feedback on the exploit/patches/bug fixes in general. This topic is for support of people trying to secure their sites.Comment
-
Updated from 4.1. to 4.2.2, and after that was done applied PL1.
ACP does not show that I'm running PL1, and the new files are showing up as 'file does not contain expected contents'. I have verified all files in PL1 are uploaded.
Just want to make sure I'm good.
EDIT; I see at the very bottom of the screen the "powered by" 4.2.2 pl1, so I'm guessing I'm good. Was too busy looking at the top that I missed the bottom.1 PhotoComment
-
So just to be clear, if I'm on 4.2.0 PL3, I need to follow the manual instructions in the OP to upgrade to 4.2.2 PL1 and can't just copy the pre-patched files to bring my 4.2.0 up to 4.2.2?
Thanks in advance.Comment
-
Updated from 4.1. to 4.2.2, and after that was done applied PL1.
ACP does not show that I'm running PL1, and the new files are showing up as 'file does not contain expected contents'. I have verified all files in PL1 are uploaded.
Just want to make sure I'm good.
EDIT; I see at the very bottom of the screen the "powered by" 4.2.2 pl1, so I'm guessing I'm good. Was too busy looking at the top that I missed the bottom.
Anyone choosing to upgrade to 4.2.2 at this point who download a fresh copy of 4.2.2 does not have to apply the patch, it is already included in 4.2.2 at this point.Comment
-
1) You download 4.2.2 PL1 (the full version) from the Member's Area and upgrade to 4.2.2. Then you are good.
2) You follow the instructions in Post #1 to manually patch your existing 4.2.0 install, then you are also safe from this latest exploit.
You choose 1 OR 2, not both.Comment
-
Hello, if you are on 4.2.0 you have two choices at this point-
1) You download 4.2.2 PL1 (the full version) from the Member's Area and upgrade to 4.2.2. Then you are good.
2) You follow the instructions in Post #1 to manually patch your existing 4.2.0 install, then you are also safe from this latest exploit.
You choose 1 OR 2, not both.
So I can jump from 4.2.0 to 4.2.2 PL1 without doing the updates in-between (4.2.2 PL! is an inclusive update)? Also, I noticed some people having database errors after the update. Is this common? (Our PHP is greater than 5.2)Comment
-
Yes you can go straight to 4.2.2, that is what JoeD said if you read the post again, database errors are rare and usually occur for a reason. Remember to do a full backup before an upgrade so you can restore your forum as it was if things do go wrong.Comment
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Comment