Brad
04-26-2006, 01:40 AM
From vBulletin.com's Forum
vBulletin 3.0.14
This release of vBulletin fixes an unpleasant cross-site scripting flaw in the 3.0.x branch. We recommend all customers running previous versions of vBulletin 3.0.x to upgrade or patch to 3.0.14 as soon as possible.
Please note that vBulletin 3.5.x and vBulletin 2.3.x are not affected by this problem.
We always recommend that customers perform a full upgrade to the current version using install/upgrade.php, but if time does not permit, or for whatever other reason an upgrade would be problematic, a patch is available. Details follow:
Full Upgrade
The best way to fix the problem is to perform a full upgrade, downloading the complete 3.0.14 package from the vBulletin Members' Area (http://members.vbulletin.com/) and following the regular upgrade instructions (http://www.vbulletin.com/docs/html/upgrade?manualversion=30502500).
Patch File
Patches are now available in the members' area. You may view available patches here (http://members.vbulletin.com/patches.php). Alternatively, you may use the zip attached to this post (http://www.vbulletin.com/forum/showpost.php?p=1117785&postcount=1) to apply the patch. Both methods are equivalent.
Go to the page mentioned above and download the "Security patch for 3.0.13" or download the zip at the end of this post. Extract the zip archive, then connect to your web server using FTP and overwrite the following files using the replacement versions from the zip.
* includes/functions_bbcodeparse.php
Notes:
1. If you cannot download the attachment in this post, you are not currently registered as a license customer. Please see this thread (http://www.vbulletin.com/forum/showthread.php?t=79557) for instructions on how to proceed.
2. You do not need to download this patch if you perform a full upgrade to 3.0.14.
3. If you only apply a patch, your version number will not change. Your version number will only be updated to 3.0.14 if you perform a full upgrade.
To repeat, go here to download the "Security patch for 3.0.13" (http://members.vbulletin.com/patches.php), or download the zip file attached to this post (http://www.vbulletin.com/forum/showpost.php?p=1117785&postcount=1).
vBulletin 3.0.14
This release of vBulletin fixes an unpleasant cross-site scripting flaw in the 3.0.x branch. We recommend all customers running previous versions of vBulletin 3.0.x to upgrade or patch to 3.0.14 as soon as possible.
Please note that vBulletin 3.5.x and vBulletin 2.3.x are not affected by this problem.
We always recommend that customers perform a full upgrade to the current version using install/upgrade.php, but if time does not permit, or for whatever other reason an upgrade would be problematic, a patch is available. Details follow:
Full Upgrade
The best way to fix the problem is to perform a full upgrade, downloading the complete 3.0.14 package from the vBulletin Members' Area (http://members.vbulletin.com/) and following the regular upgrade instructions (http://www.vbulletin.com/docs/html/upgrade?manualversion=30502500).
Patch File
Patches are now available in the members' area. You may view available patches here (http://members.vbulletin.com/patches.php). Alternatively, you may use the zip attached to this post (http://www.vbulletin.com/forum/showpost.php?p=1117785&postcount=1) to apply the patch. Both methods are equivalent.
Go to the page mentioned above and download the "Security patch for 3.0.13" or download the zip at the end of this post. Extract the zip archive, then connect to your web server using FTP and overwrite the following files using the replacement versions from the zip.
* includes/functions_bbcodeparse.php
Notes:
1. If you cannot download the attachment in this post, you are not currently registered as a license customer. Please see this thread (http://www.vbulletin.com/forum/showthread.php?t=79557) for instructions on how to proceed.
2. You do not need to download this patch if you perform a full upgrade to 3.0.14.
3. If you only apply a patch, your version number will not change. Your version number will only be updated to 3.0.14 if you perform a full upgrade.
To repeat, go here to download the "Security patch for 3.0.13" (http://members.vbulletin.com/patches.php), or download the zip file attached to this post (http://www.vbulletin.com/forum/showpost.php?p=1117785&postcount=1).