Annon vBulletin Security Patch for vBulletin 4.2 (Suite & Forum) Only - 06/18/2012

A recent vBulletin report indicated that there was a potential XSS exploit vector involving the new Activity Stream. Once the cause of the issue was isolated, code changes were made to eliminate the reported threat.

This issue affects ONLY vBulletin 4.2 (Suite & Forum).

A patch has been issued for vBulletin 4.2.

To improve the security of your vBulletin 4 installation, please download the patch from the members area of vBulletin: Please Log In

The standard upgrade process for a patch level release is:

1. Download the patch for the version of vBulletin you're currently running fromhttps://members.vbulletin.com/patches.php.
2. Extract the vBulletin patch files from the zip file.
3. Upload the patch files to your server, overwriting the old files.

The upgrade.php script does not need to be run.

Advanced Users:
Files updated in this patch for vBulletin 4.2 (Suite & Forum).

• /vb/activitystream/view/perm/calendar/event.php
• /includes/vbulletin_version.php

Please note this list does not contain the files changed in vBulletin 4.2 PL1. Only the files changed in vBulletin 4.2 PL2 are listed. However, PL2 also contains all of the changes from PL1.

Licensed customers can discuss the security patch - HERE


More...

 

Annon  vBulletin Security Patch for vBulletin 3.8.7 & 4.0 - 4.2 (Suite & Forum) - 06/07/2012

Annon  Legacy vBulletin Versions and Support