PDA

View Full Version : Security Patch Released for vBulletin 5.1.4 - 5.1.6


vB.Org System
05-21-2015, 07:58 PM
A security issue has been discovered by the vBulletin team. This issue affects photo descriptions and could allow Cross Site Scripting. We have released security patches for the versions vBulletin 5.1.4 through 5.1.6 to close this vulnerability. It is recommended that all users apply the patch as soon as possible. If you're using a version of vBulletin 5 older than 5.1.4, it is recommended that you upgrade to the latest version as soon as possible.

In addition to the fixes in this patch, an upgrade step is being added to vBulletin 5.1.7 that will verify all previous images and make sure their descriptions are secure.

You can download the patch for your version here: http://members.vbulletin.com/patches.php

To install the patch:
1) Download the appropriate files for your version of vBulletin 5
2) Upload all files found within the zip file. Make sure to overwrite the existing files on your server.
3) Run install/upgrade.php in your browser.
4) Delete the /core/install folder.

If you're using a version prior to 5.1.4, then you should upgrade to that version following standard upgrade procedures. After upgrading, run the fix script which will be found in your /do_not_upgrade folder. Upload this to /core/install and run from your web browser.

This fix has already been applied to vBulletin Connect 5.1.7 and vBulletin Cloud.