Security Patch Release 3.8.6 PL1

Steve Machol

Former Customer Support Manager

Join Date: Jul 2000

Posts: 154488
Share

Tweet
#1

Security Patch Release 3.8.6 PL1

Wed 21 Jul '10, 10:03am

It has come to our attention that 3.8.6 contains a security exploit related to the FAQ. If you have already installed vB 3.8.6, then follow these instructions in order to fix this:

1. First, download the 3.8.6 PL1 patch here:

Customer Login

http://members.vbulletin.com/patches.php

vBulletin Community Software

2. Delete the existing vbulletin-language.xml file from your 'install' directory. Then upload the new one to that directory. Make sure you upload this in ASCII format.

3. Next upload the two files in that patch:

includes/version_vbulletin.php
install/vbulletin-language.xml

4. Go into your Admin CP and run this:

Admin CP -> Languages & Phrases -> Download/Upload Languages -> Import Language XML File

Then leave the settings as they are and click on Import.

Also please note that if you have not upgraded to 3.8.6 yet, the download has already been patched.

Last edited by IB Adrian; Wed 21 Jul '10, 10:29am. Reason: typo

Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
Change CKEditor Colors to Match Style (for 4.1.4 and above)

Steve Machol Photography

Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.
Tags: None

👍 1
Steve Machol

Former Customer Support Manager

Join Date: Jul 2000

Posts: 154488
Share

Tweet
#2

Thu 22 Jul '10, 8:14am

Verifying the Patch is Applied

The patch removes a phrase named: database_ingo

To verify this patch has been applied, search the phrases to see if that still exists:

Admin CP -> Language & Phrases -> Search in Phrases -> Search for Text: database_ingo -> Phrase Variable Name Only (checked) -> Find

If the phrase is not found, the patch was applied. If you do find this phrase, then you can delete it with this query:

DELETE FROM " . TABLE_PREFIX . "phrase WHERE varname = 'database_ingo'

Note: Either remove the " . TABLE_PREFIX . " or replace it with your database prefix as needed.

After patching your site, you should change your MySQL password through the options your hosting provider gives.

Last edited by Wayne Luke; Fri 30 Jul '10, 8:05am.

Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
Change CKEditor Colors to Match Style (for 4.1.4 and above)

Steve Machol Photography

Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.
Comment

Previous template Next

How to update Security Patch Release for vBulletin 5.1.9 Patch Level 1

by hienntp

How to update Security Patch Release for vBulletin 5.1.9 Patch Level 1.
Thanks.
- Channel: vBulletin 5 Installs & Upgrades
Thu 5 Nov '15, 5:22pm
Do I need to apply 512PL3 before applying 512PL4?

by sauloon

Hi,

I am running 5.1.2 PL2. I did not apply PL3. Now that PL4 is out, do I need to apply PL3 before applying PL4?

regards,
sl
- Channel: Support Issues & Questions
Thu 4 Sep '14, 9:13pm

Security Patch Release 3.8.6 PL1

Comment

Related Topics