A XSS (cross-site scripting) flaw has been discovered in all three branches of vBulletin, it's recommended that you upgrade your installation to the latest version.

vBulletin.com Announcement threads

vB 2.3.9: http://www.vbulletin.com/forum/showthread.php?t=170001

vB 3.0.12: http://www.vbulletin.com/forum/showthread.php?t=169999

vB 3.5.3: http://www.vbulletin.com/forum/showthread.php?t=169997

Upgrading vBulletin

Follow the instructions found here (http://www.vbulletin.com/docs/html/upgrade)

Patch vBulletin

If you do not want to run the full upgrade at this time you should at least patch your installation. You can do this by using the files found below.

vB 2.3.9: Patch files (http://www.vbulletin.com/forum/showpost.php?p=1046307&postcount=2)

vB 3.0.12: Patch files (http://www.vbulletin.com/forum/showpost.php?p=1046299&postcount=2)

vB 3.5.3: Patch files (http://www.vbulletin.com/forum/showpost.php?p=1046292&postcount=2)

vB 3.5.x can also be patched with the plug-in system, click here (http://www.vbulletin.com/forum/showpost.php?p=1046293&postcount=3) for details.

Changed files/templates

A list of changed files/templates in the new version(s), this is helpful if you have made modifications to the source code or templates.

vB 2.3.9: list of changed files (http://www.vbulletin.com/forum/showpost.php?p=1046341&postcount=4), No template changes.

vB 3.0.12: list of changed files (http://www.vbulletin.com/forum/showpost.php?p=1046343&postcount=4), No template changes.

vB 3.5.3: list of changed files (http://www.vbulletin.com/forum/showpost.php?p=1046351&postcount=5), list of changed templates (http://www.vbulletin.com/forum/showpost.php?p=1046297&postcount=4).

Other bug fixes

vB 2.3.9: None

vB 3.0.12: None

vB 3.5.3: List of fixed bugs (http://www.vbulletin.com/forum/bugs35.php?do=list&s=&textsearch=&bugtypeid=0&status=20&severity=0&vbversion=3.5.2&assignid=0&sortby=lastreply&sortdir=desc).

Nice! I'm on my way to upgrade to v3.5.2. Thanks for the heads up! :)

Oh my god 3.5.3 and i just installed the 3.5.2 with some hacks. :ermm:

Is possible upgrade from 3.5.2 to 3.5.3 without lost any hack? :surprised:

Oh my god 3.5.3 and i just installed the 3.5.2 with some hacks. :ermm:

Is possible upgrade from 3.5.2 to 3.5.3 without lost any hack? :surprised:

Have you installed any hacks that edit the source code?

If not then it should be as easy as doing a regular upgrade. You may get a plug-in that doesn't work correctly with the new version, but you can disable that from the admincp until a fix is provided from the author of the modification.

*downloads files*
*opens beyond compare*

time for the joy of patching vb...

about 15 files to "really" edit, not complicated.. the others are mistypes or line additions.

really easy, took me about 3 minutes and a half to upgrade by comparing files content - my boards are too much hacked for a global upgrade.

Just bumping this back to the top.

Just bumping this back to the top.Isn't there a rule against bumping ...... ;)

Isn't there a rule against bumping ...... ;)

Keeping customers up to date > bumping rule. ;)

Keeping customers up to date > bumping rule. ;)

Brad, I am going to report the post to you so you can give yourself a warning. :laugh:

Be careful of the calendar.php file in the patch file for 3.5x. It has the shebang code at the top. You will need to remove that if you don't need it or you will get errors.

Edit: You will get errors if you have short tags off.

Be careful of the calendar.php file in the patch file for 3.5x. It has the shebang code at the top. You will need to remove that if you don't need it or you will get errors.

It worked well for me :) Thanks!

Have you installed any hacks that edit the source code?

If not then it should be as easy as doing a regular upgrade. You may get a plug-in that doesn't work correctly with the new version, but you can disable that from the admincp until a fix is provided from the author of the modification.


Source code means files.php? Some hacks i installed require edit a .php file like showthread.php o any .php file from the includes directory.

For upgrading from 3.5.2 to 3.5.3 i have to overwrite all files if i understand well the instructions. So, after, i would have to do a list of hacks that i edited .php files from 3.5.2 and edit again en 3.5.3 version i think.

A bit question more, how much time used to be vbulletin versions upgrade?

Thank u. :ninja:

yes any php files that you have edited you will need to redo.

guess I'm just glad I didn't upgrade one of mine to 3.5.2 on Weds this week.

now to go and upgrade again once I'm done playing catchup!