Tweet
Does the 4.2.3 BETA 3 package still come with the YUI Security Issue found in uploader.swf?
-
-
The file was removed in an earlier version so 4.2.3 does not have that security problem.MARK.B
vBulletin Support
------------
My Unofficial vBulletin 6.0.0 Demo: https://www.talknewsuk.com
My Unofficial vBulletin Cloud Demo: https://www.adminammo.com -
Well the file wasn't completely removed- instead it was replaced with a blank file, so once you upgrade to 4.2.3 (or reinstall any version of VB4) it will replace the compromised file with a blank one so your forum is safe.
You will need to go to Admin CP -> Settings -> Options -> Message Attachment Options, and change the Asset Manager option to Ajax by default. On a fresh install (Not upgrade) it will be set to Ajax uploader by default in VB 4.2.3.
Your other option of course is to use the free modification to bring back the Flash uploader- but this is not supported- http://www.vbulletin.org/forum/showt...hreadid=307008
If you use the above mod you must re-install it anytime you upgrade vBulletin.Comment
-
I uploaded all the vb 4.2.3 Beta 3 files. The uploaded.swf file size is 7.24kb and not an emtpy 0kb file.Comment
-
Bump. Can I get some clarification on this. The file is not a blank file in the latest 4.2.3 BETA 3 download package.Comment
-
You're right, the file isn't blank- I'm sorry I didn't know it was being added back in. Best I can tell it is a safe version to use because it is NOT the old file, it is different. Will try to get a full explanation.Comment
-
The file in the 4.2.3 Beta has been patched against the known exploit.Comment
-
If I upload beta26 say to a folder called beta26 in the same file directory as my forums (beta 25) could I rename the files to each other and run the upgrade to beta26 with out destroying my data base... -
Hello,
I am new to this community eventhough I have experience with vBulletin forums for 4 years.
I am setting up a new forum, so I had a thought to Install 5.1.0 Beta 3, instead of...
Comment