Announcement

Collapse
No announcement yet.

(vBulletin 3.7.1 Patch Level 2) Secure?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • (vBulletin 3.7.1 Patch Level 2) Secure?

    Hi,

    We have a vbulletin that is running (vBulletin 3.7.1 Patch Level 2) and wanted to find out if this version includes all the security patches, or are there vulnerabilities running an older version of the software? We are fine with the version we have, but want to be sure we are not leaving ourselves open to hacking etc... its a site with sensitive information about children at a school... and parents are concerned.

    Thanks!

  • #2
    Considering that 3.7.1PL2 is about 6 releases behind the current -

    No. It does not contain all of the fixes/security fixes that the latest version does.

    Yes - you should be running the latest.
    My Live vB5 Site - NZEating.com
    vBulletin Hosting | vBulletin Services - Need hosting for your vB? Need it installed? Something else? Let me take that hassle off your hands.

    Comment


    • #3
      I'd like to hear from VB staff, if possible. As I understand it, the patches are to keep older versions secure. I would suspect that newer versions have more securioty fixes because they have more features, different code etc. But, am looking for a definitive answer here. Thanks!

      Comment


      • #4
        Best of luck getting a Staff Member to confirm/describe any security holes in a version that old.

        *edit* The fixes for later versions do not get bundled into older versions. That was your question? Something about 'wanted to find out if this version includes all the security patches'?
        My Live vB5 Site - NZEating.com
        vBulletin Hosting | vBulletin Services - Need hosting for your vB? Need it installed? Something else? Let me take that hassle off your hands.

        Comment


        • #5
          My question was: do the security patches get released in an effort to keep older versions secure? Is that the goal? Not looking for a list of vulnerabilities... just want to know what the overall practice is.

          Comment


          • #6
            Security patches are released when the "fix" is simple- ie: change line 151 from x to y.

            A full upgrade (3.8.x) is usually released when their are a number of impacted files, database changes or if the staff have other updates they want to roll out at the same time. To say it another way, the patch files are for customer convenience only when the team can accomodate it.

            While the vb team has released fixes for vulnerabilities found in older, end of life, versions like the 3.7 branch -- it really was bien done as a courtesy and because it didn't require the team to invest a lot of resources toward it given the overall similarity in the code between branches and the fact that the devs were just that familiar with the code that they knew what and where for everything. A lot of devs left. A lot of new devs are on board. The focus is deffinitely on vb4 at this point. While I can't say anythingfor sure - I would not expect security fixes for 3.7 and below. You should upgrade to 3.8.5 at the minimum and, as that is nearing eol, consider vb4
            Plan, Do, Check, Act!

            Comment


            • #7
              Originally posted by evoir View Post
              My question was: do the security patches get released in an effort to keep older versions secure? Is that the goal? Not looking for a list of vulnerabilities... just want to know what the overall practice is.
              3.7.1 PL2 IS NOT SECURE by any measure as there was even 3.7.6 in the same branch...

              But 3.7.x EOL'd:
              http://www.vbulletin.com/forum/showt...ow-End-of-Life

              Most likely same goes for 3.8.x when 4.1 appears...

              If you know PHP and know how to secure your server / patch the script and don't want receive support it's your responsibility (some boards still running 3.7 or even earlier) otherwise I wouldn't recommend...

              Comment

              Related Topics

              Collapse

              Working...
              X