sturdevk
03-09-2009, 12:38 PM
Hi, All,
we've got an email regarding security patch. see here: http://www.vbulletin.com/forum/showthread.php?t=301882.
we are running 3.6.11 with some customized code in it, which makes us to upgrade version 3.6.12 very difficult.
my question is:
1. Does version 3.6.11 also have the same security issue?
2. if it does, will update these two files:
misc.php
includes/version_vbulletin.php
as Steve mentioned in the thread, will fix the security issue in 3.6.11 too?
Thanks in advance,
Alex
--------------- Added 1236606430 at 1236606430 ---------------
eem, never mind,
I compared the code, there is only one line get added in misc.php file to prevent XSS attack, I believe it should be fine to add this line in version 3.6.11 to patch this version.
--Alex
we've got an email regarding security patch. see here: http://www.vbulletin.com/forum/showthread.php?t=301882.
we are running 3.6.11 with some customized code in it, which makes us to upgrade version 3.6.12 very difficult.
my question is:
1. Does version 3.6.11 also have the same security issue?
2. if it does, will update these two files:
misc.php
includes/version_vbulletin.php
as Steve mentioned in the thread, will fix the security issue in 3.6.11 too?
Thanks in advance,
Alex
--------------- Added 1236606430 at 1236606430 ---------------
eem, never mind,
I compared the code, there is only one line get added in misc.php file to prevent XSS attack, I believe it should be fine to add this line in version 3.6.11 to patch this version.
--Alex