vBulletin has released a security patch to improve the security of the vBulletin 4 MAPI (4.1.2 - 4.1.11 Suite & Forum) as the result of a recent internal security review. Although no exploits have been reported, we urge our customers to upgrade as soon as possible.
The changes do not affect vBulletin 4.0.0 - 4.1.1.
This patch has been issued for vBulletin 4.1.2 through 4.1.11. A separate PL1 has been issued for vBulletin 4.1.12.
These MAPI security improvements have been added for vBulletin 3.x with the release of 3.x MAPI 1.4.3.
To improve the security of your vBulletin 4 installation, please download the patch from the members area of vBulletin: http://members.vbulletin.com/
The upgrade process requires a few additional steps for this patch level release.
Advanced Users - Files updated in the patch are:
Please note that this issue and fix affects BOTH vBulletin 4 SUITE and FORUM.
Discuss the security patch - HERE
The changes do not affect vBulletin 4.0.0 - 4.1.1.
This patch has been issued for vBulletin 4.1.2 through 4.1.11. A separate PL1 has been issued for vBulletin 4.1.12.
These MAPI security improvements have been added for vBulletin 3.x with the release of 3.x MAPI 1.4.3.
To improve the security of your vBulletin 4 installation, please download the patch from the members area of vBulletin: http://members.vbulletin.com/
The upgrade process requires a few additional steps for this patch level release.
- Download PL1 for the version of vBulletin you're currently running from https://members.vbulletin.com/patches.php.
- Extract the vBulletin patch files from the zip file.
- Upload the patch files to your server, overwriting the old files.
- Download the "API-Log-Clean.xml" attached to this thread. (Included in the do_not_upload folder for full installs.)
- Import "API-Log-Clean.xml" using the "Manage Products" interface in the "Plugins & Products" section of your Admin CP. The cleanup script will run on install. (This is only required if you have logging turned on for MAPI.)
AdminCP -> Plugins & Products -> Manage Products -> Add/Import Product - Delete "API-Log-Clean" using the "Product Manager" option in the "Plugins & Products" section of your Admin CP. (Optional. The product is automatically disabled after the script runs.)
Advanced Users - Files updated in the patch are:
- includes/init.php
Please note that this issue and fix affects BOTH vBulletin 4 SUITE and FORUM.
Discuss the security patch - HERE