Go Back   vb.org Archive > News and Announcements > News and Announcements > Official vB.com Announcements
FAQ Community Calendar Today's Posts Search

Closed Thread
 
Thread Tools Display Modes
  #1  
Old 05-22-2013, 10:05 PM
vB.Org System vB.Org System is offline
Senior Member
 
Join Date: Aug 2007
Posts: 386
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default vBulletin 5 Security Patch: 5.0.2 PL1

This patch addresses three important issues. All were found after the launch of 5.0.2.
  1. One fix corrects the importing of closed threads.
  2. Another fix addresses a potential infinite redirection loop that could possibly occur in the conversation route.
  3. A method was repaired when it was found to be vulnerable to a potential SQL Injection.
This patch affects only vBulletin 5.0.2. vBulletin 3, vBulletin 4, vBulletin 5.0.0 and vBulletin 5.0.1 are not affected.

It's highly recommend you take advantage of this patch.

New downloads of vBulletin 5.0.2 (and beyond) include all these updates. There is no need to utilize the steps below if you downloaded vB 5.0.2 today after 3:30PM PT or beyond.

For vBulletin 5 Customers running 5.0.2, to install the vBulletin 502pl1 patch

Please install the patch immediately.
  1. Download the patch from https://members.vbulletin.com/patches.php.
  2. Extract the vBulletin patches files from the Zip file.
  3. Upload the patch files to your server, overwriting the old files.
  4. After you've downloaded the patch and applied it to your vb5 forum, you should also run http://yourforum.com/core/install/upgrade.php?version=502&only=1 to apply the fix.
Note: If you had previously deleted your entire /core/install/ directory you will need to re-upload it (except for install.php) in order to run the upgrade.php script. Once complete, delete the directory again.

As with all security related releases, we recommend all affected customers upgrade as soon as possible.

Advanced Users

Files updated in vBulletin 502pl1 patch
  • core/includes/version_vbulletin.php
  • core/install/includes/class_upgrade_502.php
  • core/install/upgrade_language_en.xml
  • core/packages/vbinstall/db/mysql/querydefs.php
  • core/vb5/route/conversation.php
  • core/vb/api/node.php
  • core/vb/api/route.php
After you've updated these files, you should also run http://yourforum.com/core/install/upgrade.php?version=502&only=1 to apply the fix.

Please note this list does not contain the files changed in any previous patches for these versions. Only the files changed in vBulletin 502pl1 patch are listed.

Licensed customers may discuss the security patch here.

Thank you.
Closed Thread


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:09 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05745 seconds
  • Memory Usage 2,154KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete