Marco van Herwaarden
08-03-2006, 04:52 PM
As posted at vBulletin.com: vBulletin 3.0.15 Released (http://www.vbulletin.com/forum/showthread.php?t=194062)
vBulletin 3.0.15
Due to the discovery of an XSS flaw by imei addmimistrator (http://myimei.com/security/) and a further discovery of a potential XSS flaw internally, we are making vBulletin 3.0.15 available as a security release.
While we recommend that customers perform a full upgrade to the latest version of vBulletin, which is now 3.6.0, we understand that some customers would prefer to stick with what they have and either upgrade to the newest 3.0.x release or patch their existing version.
Full Upgrade
The best way to fix the problem is to perform a full upgrade, downloading the complete 3.0.15 package from the vBulletin Members' Area (http://members.vbulletin.com/) and following the regular upgrade instructions (http://www.vbulletin.com/docs/html/upgrade?manualversion=30502500).
Patch File
Patches are now available in the members' area. You may view available patches here (http://members.vbulletin.com/patches.php). Alternatively, you may use the zip attached to this post to apply the patch. Both methods are equivalent.
Go to the page mentioned above and download the "Security patch for 3.0.14" or download the zip at the end of this post. Extract the zip archive, then connect to your web server using FTP and overwrite the following files using the replacement versions from the zip.
includes/functions.php
admincp/global.php
modcp/global.phpNotes:
If you cannot download the attachment in this post, you are not currently registered as a license customer. Please see this thread (http://www.vbulletin.com/forum/showthread.php?t=79557) for instructions on how to proceed.
You do not need to download this patch if you perform a full upgrade to 3.0.15, 3.5.5 or 3.6.0.
If you only apply a patch, your version number will not change. Your version number will only be updated if you perform a full upgrade.To repeat, go here to download the "Security patch for 3.0.14" (http://members.vbulletin.com/patches.php)
Read more at vBulletin.com
vBulletin 3.0.15
Due to the discovery of an XSS flaw by imei addmimistrator (http://myimei.com/security/) and a further discovery of a potential XSS flaw internally, we are making vBulletin 3.0.15 available as a security release.
While we recommend that customers perform a full upgrade to the latest version of vBulletin, which is now 3.6.0, we understand that some customers would prefer to stick with what they have and either upgrade to the newest 3.0.x release or patch their existing version.
Full Upgrade
The best way to fix the problem is to perform a full upgrade, downloading the complete 3.0.15 package from the vBulletin Members' Area (http://members.vbulletin.com/) and following the regular upgrade instructions (http://www.vbulletin.com/docs/html/upgrade?manualversion=30502500).
Patch File
Patches are now available in the members' area. You may view available patches here (http://members.vbulletin.com/patches.php). Alternatively, you may use the zip attached to this post to apply the patch. Both methods are equivalent.
Go to the page mentioned above and download the "Security patch for 3.0.14" or download the zip at the end of this post. Extract the zip archive, then connect to your web server using FTP and overwrite the following files using the replacement versions from the zip.
includes/functions.php
admincp/global.php
modcp/global.phpNotes:
If you cannot download the attachment in this post, you are not currently registered as a license customer. Please see this thread (http://www.vbulletin.com/forum/showthread.php?t=79557) for instructions on how to proceed.
You do not need to download this patch if you perform a full upgrade to 3.0.15, 3.5.5 or 3.6.0.
If you only apply a patch, your version number will not change. Your version number will only be updated if you perform a full upgrade.To repeat, go here to download the "Security patch for 3.0.14" (http://members.vbulletin.com/patches.php)
Read more at vBulletin.com