I had been running vB for 4 or so years with 3.6.8 and it was hacked last week. I spent about 20 hours over the past two days redoing my site and I happen to have 3.7.2 still available for download from vbulletin.com.
I installed that and my admin username and pass was hacked today.
It looks like I will have to renew my license if I don't want to get hacked. However, I am really starting to question the security of vB. It's obvious that at some point people will find a way to hack any version they produce. So we are all taking the chance running this software correct?
I mean someone has to get hacked for vB to figure out the security issues and then work on a patch?