Is there going to be a discussion area on which mods will have to be redone if I chose the "upgrade" option over the single file patch? My license with Vbulletin is only a month old, so I can do the full upgrade if I want.

But I have installed - "for members who posted today" hack,
Installed pm.php AND users.php hack - for PMs
Also installed V3Arcade
vbookie installed
ucash and ustore installed

Crud - will I have to redo all of these?? Would it be worth it to upgrade from 3.0.6 to 3.0.7 or is just the patch good enough?

With only 4-5 hacks, best to upgrade to 3.0.7 which fixes some bugs (albeit minor ones) and reapply the hacks. You will have to do all of them.

Remember it's only the file edits you need to re-do, not complete hack re-installs.

I got 27 mods/addons/hacks installed.. :(
I think I may pass this upgrade u..

Why dont you use araxis merge or something like that. You can check this thread and upgrade your forum within 30 minutes.

i have upgraded to 3.07 everything seems fine

*Sigh* yeah. I had to... Even though I only had about 4 hacks. The AWS hack is extremely loooooong though, so that counts as 2! ;)

hi,

this is pretty obvious goto your admincp => vbulletin settings => general settings

"add template name in html comments" => no that's all there is to it

for a list of bugs fixed in 3.07 you can go here

offcource if you want the fixes you need the full upgrade ....

Upgraded to 3.0.7 quite easily :).

I now know why the "Add Template Name In HTML Comments" are a serious (!) security vulnerability.
With an unpatched board with this feature enabled, a cracker can inject malicious PHP code (yes, ANY PHP code) by the use of a malformed URL.
Of course, I'm not about to state HOW this is done, but let me just say that if *I* could find it (and I wasn't even LOOKING for this info!), then a cracker with a grudge will surely find it.

I hope this helps to make users patch themselves, if some are still in doubt of the severity of this exploit :)