vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   News and Announcements (https://vborg.vbsupport.ru/forumdisplay.php?f=2)
-   -   vBulletin 3.6.10 Released (https://vborg.vbsupport.ru/showthread.php?t=176942)

vB.Org System 04-23-2008 03:30 PM
vBulletin 3.6.10 Released
 
vBulletin 3.6.10

Although 3.6.9 was intended to be the final maintenance release for the 3.6.x series, the discovery of a CSRF (cross-site request forgery) vulnerability in vBulletin over the weekend has forced the release of an update to plug the hole.

The CSRF problem potentially enabled an administrator who had been lured to a third-party site to unknowingly submit forms located on the forum he or she administers, resulting in potential damage to the forum. Actions performed via the Admin Control Panel are not vulnerable.

The fix for the CSRF issue involves many files and many templates, so unfortunately it is not feasible to produce a patch or a plugin to address the problem. Only a full-scale update will work.

We recommend that customers running versions of vBulletin older than 3.6.10 upgrade as soon as possible.

Template Changes Automatically Applied

With one exception (userinfraction_view), all the template changes in this release require a revert, but they are simple to apply so the upgrade script will attempt to do this for you. The list below shows which templates will be affected by the change, and how they will be altered. Customized templates will be automatically updated, but your customized changes will be retained.


Upgrading from Previous Versions

3.6.10 is a security release and we recommend that all customers upgrade to benefit from many bug fixes and stability improvements.

Full instructions for upgrading vBulletin are available here.

PHP and MySQL Requirements

Please note that vBulletin 3.6.x requires at least PHP 4.3.3 and MySQL 4.0.16 or later.

However, we recommend that vBulletin 3.6.x is run on PHP 5.2.5 with APC (or a similar opcode cache) and MySQL 5.0.51 for best performance and stability.

End of Life for PHP 4

The PHP group has announced the end of life for PHP 4. We strongly recommend that customers update their servers to PHP 5.2.5 if they are still running PHP 4. vBulletin 3.6.10 supports PHP 5 without any problems, though you may need to disable strict mode for MySQL, see here on how to enable 'force_sql_mode'.

Note: We will continue to support PHP 4 in the vBulletin 3 series.

Download vBulletin 3.6.10

As usual, vBulletin 3.6.10 is available for all customers with valid, active licenses to download from the vBulletin Members' Area.

vBulletin Members Area


More...

For support questions, please use the appropriate forums on vBulletin.com

rapidphim 04-23-2008 03:56 PM
Thank you for the update but I'm already on RC3.

Jasem 04-23-2008 03:56 PM
Thank you for the update

PerSOnaL 04-23-2008 04:01 PM
Thank you

Ryuk 04-23-2008 08:15 PM
thank you for the update vb staff ^^

i.s.s.w 04-23-2008 08:40 PM
Thank you for the update 3.6.10

user_not_found 04-24-2008 12:42 AM
Very quick and fine job as always

meolangthang 04-24-2008 01:54 AM
Thank you for the update!

steve1966 04-24-2008 05:46 PM
Thank you

redlabour 04-25-2008 07:16 AM
Any news how to update Hacks that have Form in them?

Quote:
Your submission could not be processed because a security token was missing or mismatched.

If this occurred unexpectedly, please inform the administrator and describe the action you performed before you received this error.

Marco van Herwaarden 04-25-2008 07:25 AM
Contact the author for a solution.

FatalBreeze 04-25-2008 10:30 AM
Quote:
Originally Posted by Marco van Herwaarden (Post 1498821)
Contact the author for a solution.
I build an hack which now produces the same error, so there is no author i can contact :)

Will there be posted an article about fixing this like Kier said?

Marco van Herwaarden 04-25-2008 10:31 AM
Articles have already been posted.

Implementing CSRF Protection in modifications

almansoori 04-26-2008 12:52 PM
How can a friend to come every day the news of a strange and puzzling!!


All times are GMT. The time now is 04:53 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01154 seconds
  • Memory Usage 1,742KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (14)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete