vBulletin 3.0.12
A recently discovered cross-site scripting (XSS) flaw in all three branches of vBulletin has prompted us to perform a security update, releasing new versions of vBulletin 2, 3.0.x and 3.5.x simultaneously.
All prior versions of vBulletin are vulnerable and we advise customers to upgrade or patch their vBulletin installations at their earliest convenience.
For the vBulletin 3.0.x branch, the problem can be resolved in one of three ways.
Installing or Upgrading vBulletin
Please see the appropriate manual sections: Installing vBulletin and Upgrading vBulletin.
Bug Reports
You may report bugs by clicking here. Before reporting a bug, please attempt to recreate the bug on a default, uncustomized style (especially if your errors are JavaScript related).
A recently discovered cross-site scripting (XSS) flaw in all three branches of vBulletin has prompted us to perform a security update, releasing new versions of vBulletin 2, 3.0.x and 3.5.x simultaneously.
All prior versions of vBulletin are vulnerable and we advise customers to upgrade or patch their vBulletin installations at their earliest convenience.
For the vBulletin 3.0.x branch, the problem can be resolved in one of three ways.
- Full Upgrade: The best way to fix the problem is to perform a full upgrade, downloading the complete 3.0.12 package from the vBulletin Members' Area and following the regular upgrade instructions.
- Patch: A second option is to download the patch files attached to this thread and upload them to your web server, overwriting the existing files.
Installing or Upgrading vBulletin
Please see the appropriate manual sections: Installing vBulletin and Upgrading vBulletin.
Bug Reports
You may report bugs by clicking here. Before reporting a bug, please attempt to recreate the bug on a default, uncustomized style (especially if your errors are JavaScript related).
Comment