vBulletin 5 Security Patch: 502pl1 – 5/22/13
#1
Today, 6:05am
This patch addresses three important issues. All were found after the launch of 5.0.2.- One fix corrects the importing of closed threads.
- Another fix addresses a potential infinite redirection loop that could possibly occur in the conversation route.
- A method was repaired when it was found to be vulnerable to a potential SQL Injection.
It’s highly recommend you take advantage of this patch.
New downloads of vBulletin 5.0.2 (and beyond) include all these updates. There is no need to utilize the steps below if you downloaded vB 5.0.2 today after 3:30PM PT or beyond.
For vBulletin 5 Customers running 5.0.2, to install the vBulletin 502pl1 patch
Please install the patch immediately.
- Download the patch from https://members.vbulletin.com/patches.php.
- Extract the vBulletin patches files from the Zip file.
- Upload the patch files to your server, overwriting the old files.
- After you’ve downloaded the patch and applied it to your vb5 forum, you should also run http://yourforum.com/core/install/up...ion=502&only=1 to apply the fix.
Advanced Users
Files updated in vBulletin 502pl1 patch
- core/includes/version_vbulletin.php
- core/install/includes/class_upgrade_502.php
- core/install/upgrade_language_en.xml
- core/packages/vbinstall/db/mysql/querydefs.php
- core/vb5/route/conversation.php
- core/vb/api/node.php
- core/vb/api/route.php
Please note this list does not contain the files changed in any previous patches for these versions. Only the files changed in vBulletin 502pl1 patch are listed.
Licensed customers may discuss the security patch here.
Thank you.