vBulletin Security Patch for vBulletin 4.2 (Suite & Forum) Only - 06/18/2012

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Allen Lin
    Former vB4 Project Manager
    • Apr 2009
    • 1250

    vBulletin Security Patch for vBulletin 4.2 (Suite & Forum) Only - 06/18/2012

    A recent vBulletin report indicated that there was a potential XSS exploit vector involving the new Activity Stream. Once the cause of the issue was isolated, code changes were made to eliminate the reported threat.

    This issue affects ONLY vBulletin 4.2 (Suite & Forum).

    A patch has been issued for vBulletin 4.2.

    To improve the security of your vBulletin 4 installation, please download the patch from the members area of vBulletin: http://members.vbulletin.com/

    The standard upgrade process for a patch level release is:
    1. Download the patch for the version of vBulletin you're currently running from https://members.vbulletin.com/patches.php.
    2. Extract the vBulletin patch files from the zip file.
    3. Upload the patch files to your server, overwriting the old files.


    The upgrade.php script does not need to be run.

    Advanced Users:
    Files updated in this patch for vBulletin 4.2 (Suite & Forum).
    • /vb/activitystream/view/perm/calendar/event.php
    • /includes/version_vbulletin.php

    Please note this list does not contain the files changed in vBulletin 4.2 PL1. Only the files changed in vBulletin 4.2 PL2 are listed. However, PL2 also contains all of the changes from PL1.

    Licensed customers can discuss the security patch - HERE
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...