vB.Org System
08-25-2022, 07:03 PM
A security issue has been reported to the vBulletin team. To fix this issue, we have created a new security patch.
You can download the patch for your version in the Member's Area (http://members.vbulletin.com/patches.php)
We have made patches available for the following versions of vBulletin Connect:
5.6.9 PL1
5.6.8 PL1
5.6.7 PL1
vBulletin 5.7.0 RC 2 has been made available with this patch.
Installing the Patch
For the best results with your vBulletin site, it is recommended to upgrade to vBulletin 5.6.9 PL1 if you are not using 5.6.9 currently.
Using PHAR (default download)
Due to the PHAR download, you will need to download the complete vBulletin package for your version and replace the /core/vb/vb.phar file to apply the security fix. This file will show up as a false positive in your Suspect File Diagnostics. If you replace all files from the new download, then the false positive will not occur.
Patching
Download the appropriate files for your version of vBulletin 5.6.X
Upload all files found within the zip file to your server. Make sure to overwrite the existing files on your server.
When the upgrade process ends, delete the /core/install directory from your server.
Older Versions
All older versions should be considered vulnerable. Sites running older versions of vBulletin need to be upgraded to vBulletin 5.6.9 PL1 as soon as possible. For more information on upgrading please see Quick Overview: Upgrading vBulletin Connect (https://forum.vbulletin.com/node/4391346) in the support forums.
vBulletin Cloud
vBulletin Cloud sites have been patched.
More... (https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4473890-vbulletin-5-6-9-security-patch)
You can download the patch for your version in the Member's Area (http://members.vbulletin.com/patches.php)
We have made patches available for the following versions of vBulletin Connect:
5.6.9 PL1
5.6.8 PL1
5.6.7 PL1
vBulletin 5.7.0 RC 2 has been made available with this patch.
Installing the Patch
For the best results with your vBulletin site, it is recommended to upgrade to vBulletin 5.6.9 PL1 if you are not using 5.6.9 currently.
Using PHAR (default download)
Due to the PHAR download, you will need to download the complete vBulletin package for your version and replace the /core/vb/vb.phar file to apply the security fix. This file will show up as a false positive in your Suspect File Diagnostics. If you replace all files from the new download, then the false positive will not occur.
Patching
Download the appropriate files for your version of vBulletin 5.6.X
Upload all files found within the zip file to your server. Make sure to overwrite the existing files on your server.
When the upgrade process ends, delete the /core/install directory from your server.
Older Versions
All older versions should be considered vulnerable. Sites running older versions of vBulletin need to be upgraded to vBulletin 5.6.9 PL1 as soon as possible. For more information on upgrading please see Quick Overview: Upgrading vBulletin Connect (https://forum.vbulletin.com/node/4391346) in the support forums.
vBulletin Cloud
vBulletin Cloud sites have been patched.
More... (https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4473890-vbulletin-5-6-9-security-patch)