vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Official vB.com Announcements (https://vborg.vbsupport.ru/forumdisplay.php?f=240)
-   -   vBulletin 4.1.3, 4.1.4 and 4.1.5 Security Patch (https://vborg.vbsupport.ru/showthread.php?t=267830)

vB.Org System 08-02-2011 04:10 PM
vBulletin 4.1.3, 4.1.4 and 4.1.5 Security Patch
 
vBulletin Publishing suite and Forum Classic
  • 4.1.5pl1
  • 4.1.4pl3
  • 4.1.3pl3
Has been released.

This patch strengthens the security of the AdminCP to prevent a reported XSS attack in vBulletin versions 4.1.3, 4.1.4 and 4.1.5. To resolve this issue, it has been necessary to release a patch level version for these three versions only. The issue is limited to certain browsers only, and does not affect versions of vBulletin prior to 4.1.3.

The patching process is the same as previous patch level releases - simply download the patch from the Members Area, extract the files and upload to your webserver, overwriting the existing files. There is no upgrade script required.

As with all security-based releases, we recommend that all customers upgrade as soon as possible in order to prevent any potential damage resulting from the flaw being exploited.


Patching Versions 4.1.3, 4.1.4 and 4.1.5

The process you will be required to follow to make your board immune to this flaw is very simple.

Visit the Patches section of the vBulletin Members' Area and download the patch for the version you are using, then extract the files from the archive you downloaded, then upload the files to your board via FTP etc., overwriting the existing files. This will update your version to the PL release.


Upgrading from Versions Earlier than 4.1.3

If you are not already running 4.1.3+, we have updated the downloadable version of our software, so you can download version 4.1.3, 4.1.4 and 4.1.5 from the Members' Area and perform an upgrade as normal.

Full instructions for upgrading vBulletin are available here.


More...


All times are GMT. The time now is 01:02 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.00960 seconds
  • Memory Usage 1,712KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (1)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete