vB.Org System
06-07-2012, 11:20 PM
A recent vBulletin report (http://tracker.vbulletin.com/browse/VBIV-15175) indicated that there was a potential exploit vector in flood protection. Once the cause of the issue was isolated, code changes were made to eliminate the reported threat.
This issue affects BOTH vBulletin 3 and vBulletin 4 (Suite & Forum).
A patch has been issued for vBulletin 3.8.7 through 4.2.
To improve the security of your vBulletin 4 installation, please download the patch from the members area of vBulletin: http://members.vbulletin.com/
The standard upgrade process for a patch level release is:
Download the patch for the version of vBulletin you're currently running from https://members.vbulletin.com (https://members.vbulletin.com/patches.php)/patches.php (https://members.vbulletin.com/patches.php).
Extract the vBulletin patch files from the zip file.
Upload the patch files to your server, overwriting the old files.
Advanced Users:
Files updated in the patch for vBulletin 3.8.7 * 4.0 - 4.1.12 (Suite & Forum).
includes/class_dm_threadpost.php
includes/class_floodcheck.php
includes/version_vbulletin.php
Files updated in the patch for vBulletin 4.2 (Suite & Forum).
includes/adminfunctions.php
includes/class_dm_threadpost.php
includes/class_floodcheck.php
includes/class_upgrade_420a1.php
install/init.php
install/mysql-schema.php
vb/activitystream/populate/forum/thread.php
includes/version_vbulletin.php
Licensed customers can discuss the security patch - HERE (https://www.vbulletin.com/forum/showthread.php/402642-Discuss-the-security-patch-for-vBulletin-3-8-7-amp-4-0-4-2-%28Suite-amp-Forum%29?p=2302506#post2302506)
More... (https://www.vbulletin.com/forum/showthread.php/402641-vBulletin-Security-Patch-for-vBulletin-3-8-7-amp-4-0-4-2-(Suite-amp-Forum)-06-07-2012?goto=newpost)
This issue affects BOTH vBulletin 3 and vBulletin 4 (Suite & Forum).
A patch has been issued for vBulletin 3.8.7 through 4.2.
To improve the security of your vBulletin 4 installation, please download the patch from the members area of vBulletin: http://members.vbulletin.com/
The standard upgrade process for a patch level release is:
Download the patch for the version of vBulletin you're currently running from https://members.vbulletin.com (https://members.vbulletin.com/patches.php)/patches.php (https://members.vbulletin.com/patches.php).
Extract the vBulletin patch files from the zip file.
Upload the patch files to your server, overwriting the old files.
Advanced Users:
Files updated in the patch for vBulletin 3.8.7 * 4.0 - 4.1.12 (Suite & Forum).
includes/class_dm_threadpost.php
includes/class_floodcheck.php
includes/version_vbulletin.php
Files updated in the patch for vBulletin 4.2 (Suite & Forum).
includes/adminfunctions.php
includes/class_dm_threadpost.php
includes/class_floodcheck.php
includes/class_upgrade_420a1.php
install/init.php
install/mysql-schema.php
vb/activitystream/populate/forum/thread.php
includes/version_vbulletin.php
Licensed customers can discuss the security patch - HERE (https://www.vbulletin.com/forum/showthread.php/402642-Discuss-the-security-patch-for-vBulletin-3-8-7-amp-4-0-4-2-%28Suite-amp-Forum%29?p=2302506#post2302506)
More... (https://www.vbulletin.com/forum/showthread.php/402641-vBulletin-Security-Patch-for-vBulletin-3-8-7-amp-4-0-4-2-(Suite-amp-Forum)-06-07-2012?goto=newpost)