What versions are still maintained?

**Zachery** · Sun 11 Jan '15, 5:13pm

That is correct, only 3.8.7/8/9, 4.2.2/3 and 5.x are being maintained at this time. I believe you should have access to the patches, you can diff them to try to fix it on your end.

The easiest way to resolve the issue would be to upgrade the license to a vBulletin 5 license.

**Paul M** · Mon 12 Jan '15, 4:31am

There is nothing nuts about it.
If you made the choice to run vB4 on a licence you were aware only had access to 4.0.8 then you must take the consequences.

If you want a later version, then you have to pay for an upgrade, just like everything else in life.
You wont see Microsoft give you Windows 8 for free just because windows XP has a new security issue in it.

**Kat** · Tue 20 Jan '15, 11:47am

I don't mind (well, not too much) that I don't have access to 4.2.2 but what I do mind is that there does not seem to be a CSRF attacks security patch for those of us running a 4x version lower than 4.2.2. Why do they 3x users get a patch but there does not appear to be one for the earlier 4x series?

**Mark.B** · Tue 20 Jan '15, 12:24pm

Your license is a vB3 license. As a courtesy, we gave holders of what were then "active" vB3 licenses, access to then-current versions of vB4.

Technically speaking your license is only valid for vB3, under the licensing system you should really only have vB3. vB4 was a courtesy. If you now require later versions of vB4, you need to buy a new license.

We support only the latest versions of each branch. 4.0.8 has many bugs and security issues, these were fixed in later versions.

**Kat** · Tue 20 Jan '15, 12:35pm

Oh ok, but I just want to have access to a patch. Why don't those of us stuck in the middle have access to a patch for this CSRF attacks?

**Mark.B** · Tue 20 Jan '15, 1:21pm

Originally posted by Kat

Oh ok, but I just want to have access to a patch. Why don't those of us stuck in the middle have access to a patch for this CSRF attacks?

The reason is that we don't maintain ancient versions such as 4.0.8. That's the bottom line. It would cost considerable resources, in terms of development costs, for someone to keep 4.0.8 maintained to the same security level as 4.2.2 - no company is going to do that. Zero return on investments.

However - if it's just the ModCP issue you're worried about - just upload the global.php file from the modcp folder in the 4.2.2 patch. No guarantees but I'm 99% certain you'll be fine. Keep a copy of the old one just in case. (Don't upload the rest of the patch though...it won't work).

**Kat** · Tue 20 Jan '15, 1:38pm

How do I access the 4.2.2 patch?

**Mark.B** · Tue 20 Jan '15, 2:30pm

Originally posted by Kat

How do I access the 4.2.2 patch?

Send me a support ticket for my attention, referencing this thread. I'll then email the file to you.

**ozzy47** · Tue 20 Jan '15, 5:27pm

But having that file, does not in no way save you from all the other vulnerabilities that are in that old of a version. You are setting yourself up for trouble.

**Kat** · Wed 21 Jan '15, 5:30am

Originally posted by Mark.B

Send me a support ticket for my attention, referencing this thread. I'll then email the file to you.

Thank you. I just did that, I hope I did it the right way.

ozzy47, yes, I realize that, but for the moment I need to get this current problem taken care of.

vBulletin 4 End of Life

What versions are still maintained?

What versions are still maintained?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment