Manual Security Patch Instructions for VB 4.x.x

**BirdOPrey5** · Fri 14 Mar '14, 5:50am

Originally posted by kandhro

Hello Mark B
can u plz let me know where are the manual instructions for vb 4.2.0

regards

This thread is the manual instructions for VB 4.2.0. They are the same instructions for ALL of VB 4.x.x, the code has not changed in years.

**BirdOPrey5** · Fri 14 Mar '14, 5:52am

Originally posted by MK_1

So you tell me that the diff file is not the latest version? Diff file and Joe's post are 90% similar, just this one step.

The diff files will work on ALL vBulletin 4.x versions. The diff files were provided because actual patches were not being released for older VB 4.x versions.

**_Avalon_** · Fri 14 Mar '14, 5:53am

Originally posted by Mark.B

If you are running 4.2.0 you will need to go through the manual instructions.

Ok, i passed all instructions above and re-write files. What changes in forum working process now should I notice?

**Mark.B** · Fri 14 Mar '14, 5:59am

Originally posted by _Avalon_

Ok, i passed all instructions above and re-write files. What changes in forum working process now should I notice?

Nothing, as it is just a patch.

**kandhro** · Fri 14 Mar '14, 6:37am

for manual patching
do i have to upload patch files downloaded from mebers area + manually edit files or just manual editing is all what i have to do in this patch ?

and thanks for the good support Mark B

**Raptor** · Fri 14 Mar '14, 8:02am

very easy instructions - took no more than 5 minutes. I shake my head at some guys who are confused about how to do this.

**Mark.B** · Fri 14 Mar '14, 8:04am

Originally posted by kandhro

for manual patching
do i have to upload patch files downloaded from mebers area + manually edit files or just manual editing is all what i have to do in this patch ?

and thanks for the good support Mark B

If you patch with the manual instructions that's all you need to do.
It's either upload the patch files or manually edit the existing files.

**BirdOPrey5** · Fri 14 Mar '14, 9:18am

I understand this marks a change in how people are used to getting patches for 4.x because we only supplied an actual patch for VB 4.2.2. However this is not the thread for complaints. Any post that is not a valid request for support or feedback on actually applying the above changes will be deleted. Anyone posting off topic past this point will get infractions. Please use the Licensed Customer Feedback forum to provide feedback on the exploit/patches/bug fixes in general. This topic is for support of people trying to secure their sites.

**Pony** · Fri 14 Mar '14, 9:00pm

Updated from 4.1. to 4.2.2, and after that was done applied PL1.

ACP does not show that I'm running PL1, and the new files are showing up as 'file does not contain expected contents'. I have verified all files in PL1 are uploaded.

Just want to make sure I'm good.

EDIT; I see at the very bottom of the screen the "powered by" 4.2.2 pl1, so I'm guessing I'm good. Was too busy looking at the top that I missed the bottom.

**supergaijin** · Fri 14 Mar '14, 9:09pm

So just to be clear, if I'm on 4.2.0 PL3, I need to follow the manual instructions in the OP to upgrade to 4.2.2 PL1 and can't just copy the pre-patched files to bring my 4.2.0 up to 4.2.2?

Thanks in advance.

**BirdOPrey5** · Sat 15 Mar '14, 9:06am

Originally posted by Pony

Updated from 4.1. to 4.2.2, and after that was done applied PL1.

ACP does not show that I'm running PL1, and the new files are showing up as 'file does not contain expected contents'. I have verified all files in PL1 are uploaded.

Just want to make sure I'm good.

EDIT; I see at the very bottom of the screen the "powered by" 4.2.2 pl1, so I'm guessing I'm good. Was too busy looking at the top that I missed the bottom.

If you decided to upgrade to 4.2.2 and you download 4.2.2 from the Member's Area after the patch was released on Thursday, then the patch is automatically applied to the 4.2.2 files you downloaded.

Anyone choosing to upgrade to 4.2.2 at this point who download a fresh copy of 4.2.2 does not have to apply the patch, it is already included in 4.2.2 at this point.

**BirdOPrey5** · Sat 15 Mar '14, 9:08am

Originally posted by supergaijin

So just to be clear, if I'm on 4.2.0 PL3, I need to follow the manual instructions in the OP to upgrade to 4.2.2 PL1 and can't just copy the pre-patched files to bring my 4.2.0 up to 4.2.2?

Thanks in advance.

Hello, if you are on 4.2.0 you have two choices at this point-

1) You download 4.2.2 PL1 (the full version) from the Member's Area and upgrade to 4.2.2. Then you are good.

2) You follow the instructions in Post #1 to manually patch your existing 4.2.0 install, then you are also safe from this latest exploit.

You choose 1 OR 2, not both.

**supergaijin** · Sat 15 Mar '14, 10:31am

Originally posted by Joe D.

Hello, if you are on 4.2.0 you have two choices at this point-

1) You download 4.2.2 PL1 (the full version) from the Member's Area and upgrade to 4.2.2. Then you are good.

2) You follow the instructions in Post #1 to manually patch your existing 4.2.0 install, then you are also safe from this latest exploit.

You choose 1 OR 2, not both.

So I can jump from 4.2.0 to 4.2.2 PL1 without doing the updates in-between (4.2.2 PL! is an inclusive update)? Also, I noticed some people having database errors after the update. Is this common? (Our PHP is greater than 5.2)

**donald1234** · Sat 15 Mar '14, 1:31pm

Yes you can go straight to 4.2.2, that is what JoeD said if you read the post again, database errors are rare and usually occur for a reason. Remember to do a full backup before an upgrade so you can restore your forum as it was if things do go wrong.

**vbsm** · Sat 15 Mar '14, 2:01pm

Might these two be the same?...

/public_html/phpbb/includes/functions.php
/public_html/forums/includes/functions.php

vBulletin 4 End of Life

Manual Security Patch Instructions for VB 4.x.x

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment