The Arcive of Official vBulletin Modifications Site.

ozzy47 · #21 10-10-2013, 03:20 AM

How to Patch Your Site

From time to time, it's necessary to issue a Security Patch (or Patch Level) release for vBulletin software. This differs from the normal upgrade routine so this short article will clarify exactly what needs to be done when we announce a Patch Level (PL) release.

A patch level release contains fixes for only the most critical issues in the previous release. In most cases, these are released to address a security issue. However they can be released for data integrity issues as well.

A patch level is designed to be installed directly over top of your existing installation, with no other action. You do not need to run any upgrade scripts.

Download The Patch

A Patch Level release doesn't come as a full set of files. As such, it doesn't appear in the normal download location. To access the Patch Release, first login to the vBulletin Members Area. In the left hand navigation within the 'Support Services' section, click on the Patches/Security Patches link and you will see a screen showing all Patch Level releases for your Licenses.

Simply click on the Patch for the version you're currently running and you will be taken to the download page, where you will be given options for how to download the Patch. The following options are available via the 'More Download Options' radio button should you need to change these before downloading the ZIP file (in the majority of cases, these will not need to be altered):

PHP File Extension - As a general rule, web servers will use .php as the extension for PHP scripts, but some servers may use a different extension, or you may simply wish to use a different extension out of your own preference. Various extensions are available here for you to choose.
Download File Format - This option allows you to choose the compression format of the package you are about to download. Most people will want to download the .zip package as Windows? has built-in support for zip files. However, if you are downloading the package directly to a Linux server you may prefer to use the tarball (.tar.gz) format.
CGI Shebang - This option will only be of use to you if your server runs PHP as a CGI rather than as a web server module. If your server runs PHP as a CGI and requires a shebang (such as #!/usr/bin/php) then you can enter the required text here and it will automatically be inserted into whichever PHP files in vBulletin require its use.

When you have set the download options you can click the Download button to start the download. When the download prompt window appears, you should choose the Save option and choose a directory on your computer in which to save the package.

Updating Files On Your Server

With Patch Level releases, the preparation work is very small - simply extract the ZIP package to your local machine! Once you've done this, you will notice that there is no upload folder. A Patch Level release only contains the files that are being fixed so will not see a complete installation package

Before you do this you should close your forums. This will help eliminate any potential db errors as people attempt to access your forums before the upgrade is complete.

It will also be a good idea at this point to take a backup of your site and database. While the database won't be updated with a Patch Level release, it's useful to have an up-to-date backup in any case. For more information on backing up your database, please see this section of the Online Manual.

Connect to your FTP server using your FTP client of choice. Select the Patch Level files in the local pane and open the existing old files in the remote pane, then drag the new folders/files to the remote window.

You will most likely be prompted by the FTP client at this point to ask if you want to overwrite the existing files. You should confirm this prompt, telling the FTP client that yes, you do want to overwrite the existing files. If the prompt gives you the option to overwrite all existing files without prompting again, use this option.

Once the files are uploaded, that's your installation patched! There are no scripts to run and you can re-open your forums to users again.

This is not a full upgrade. You do not need to run any upgrade scripts to complete the upgrade.

Just as a precaution, I would delete the install folder after uploading the patch.

pityocamptes · #22 10-10-2013, 03:23 AM

Ok, found it and uploaded it. Thanks.

--------------- Added [DATE]1381379040[/DATE] at [TIME]1381379040[/TIME] ---------------

Quote:

Originally Posted by Amaury

As has been repeatedly said, in the customer area.

I meant in my forum... wasn't sure if it was an automatic upload like a plugin or physical to the server. I did it from the server side...

ozzy47 · #23 10-10-2013, 03:24 AM

Not a problem, glad to help.

ForceHSS · #24 10-10-2013, 03:39 AM

in 4.2.2 was there only a security problem with forumrunner

ozzy47 · #25 10-10-2013, 03:53 AM

No, it was found in 4.2.2, and was patched in earlier versions.

During testing of vBulletin 4.2.2 a potential xss exploit was found by our QA team in the Forum Runner application.

As a result we have fixed this issue in vB4.2.2 & are releasing PL updates for 4.2.1, 4.2.0 & 4.1.12.

vBulletin 4.2.1 PL1
vBulletin 4.2.0 PL4
vBulletin 4.1.12 PL 4

ForceHSS · #26 10-10-2013, 03:54 AM

Thx ozzy best support

ozzy47 · #27 10-10-2013, 03:54 AM

Not a problem.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.05653 seconds Memory Usage 2,230KB Queries Executed 13 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)ad_showthread_firstpost (1)ad_showthread_firstpost_sig (1)ad_showthread_firstpost_start (1)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (1)pagenav (1)pagenav_curpage (2)pagenav_pagelink (7)post_thanks_box (7)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (7)post_thanks_postbit_info (7)postbit (7)postbit_onlinestatus (7)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_postinfo_query fetch_postinfo fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start pagenav_page pagenav_complete tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!