An undocumented behaviour in all Windows versions of Internet Explorer has rendered vBulletin vulnerable to a potential cross-site scripting flaw (XSS).

Therefore, Jelsoft have decided to put out a preventative security releases in order to work-around the Internet Explorer problem before it is exploited.

The official announcement threads for these releases can be found here.

vB 3.6.3 (http://www.vbulletin.com/forum/showthread.php?t=207860)
vB 3.5.6 (http://www.vbulletin.com/forum/showthread.php?t=207859)
vB 3.0.16 (http://www.vbulletin.com/forum/showthread.php?t=207858)
vB 2.3.11 (http://www.vbulletin.com/forum/showthread.php?t=207857)

In addition, vB 3.6.3 also includes fixes for approximately 50 bugs that were discovered in 3.6.2. For this reason, Jelsoft recommend all customers upgrade to 3.6.3 as soon as possible.

Cool, thanks for the update Paul.

Will patch! :D

I've allready upgraded my forum :D..

* projectego upgrades to 3.6.3 ;)

*Patched...
I don't want to get another headache on another upgrade....
They come out soo SOON

did they change vars too will the 3.6.2 hacks work?

did they change vars too will the 3.6.2 hacks work?

3.6.2 hacks still work.

Add the 3.6.3 to the list of modification versions!!! =P

Just upgraded my forums. I forgot how nice the upgrades were when you didn't skip fifty of em. Haha.

3.6.2 hacks still work.
thank you then i guess ill upgrade this week.

Add the 3.6.3 to the list of modification versions!!! =P

Just upgraded my forums. I forgot how nice the upgrades were when you didn't skip fifty of em. Haha.
All 3.6.2 Mods work..

Can someone tell me why there isen't a patch for version 3.6.0 ?

Tnx!

download the 3.6.3 full file to your domain and run the upgrade_360.php file

I'm so glad this came out now - My download and support period expires again tomorrow :p Was an easy upgrade too, as there were minimal template changes coming from 3.6.2.

All 3.6.2 Mods work..
I know...

upgraded, works perfectly :D

Worked well for me. Very few template changes, easy to rework... Let's hope this one lasts for a bit. This gets tiring!

Worked well for me. Very few template changes, easy to rework... Let's hope this one lasts for a bit. This gets tiring!
$50 they will come up with something (3.6.4) before Jan.
Its a big vB team, and they could re-work something like a vB 10.0

$50 they will come up with something (3.6.4) before Jan.
Its a big vB team, and they could re-work something like a vB 10.0

No bet... What do you take me for? :tired:

What Do I take you for?

$50 they will come up with something (3.6.4) before Jan.
Its a big vB team, and they could re-work something like a vB 10.0
And what's wrong with that? There's absolutely no way to cover every single flaw and security hole indefinitely. That's what a majority of the updates vBulletin sends out are. When someone reports a security issue, vBulletin has no other choice but to send out a repair for it. Would you rather they not do anything about it and let people's forum be hacked to pieces? I think not.

They do a damn good job keeping the best forum software available up to date and nearly flawless in comparison. It's not fair to criticize them. They do as much as they can with what information they have.

And what's wrong with that? There's absolutely no way to cover every single flaw and security hole indefinitely. That's what a majority of the updates vBulletin sends out are. When someone reports a security issue, vBulletin has no other choice but to send out a repair for it. Would you rather they not do anything about it and let people's forum be hacked to pieces? I think not.

They do a damn good job keeping the best forum software available up to date and nearly flawless in comparison. It's not fair to criticize them. They do as much as they can with what information they have.
I wasen't critizing, i was responding to a comment that they will have one out soon again as well
Yes they do a good job... Forgot this forum is Really Serious talk

I have a scanner which found two other security holes in vb but that darn thing doesn't display them until I buy it :D

I have a scanner which found two other security holes in vb but that darn thing doesn't display them until I buy it :D
Link to what scanner your talking about?