vBulletin 5 Connect Security Patches Released (All versions)

[vB.Org System]

A data integrity exploit has been discovered in vBulletin 5. This exploit was discovered by our Quality Assurance team. The issue affects all versions of vBulletin 5 Connect, including 5.0.0, 5.0.1, 5.0.2, 5.0.3, and 5.0.4. We have released security patches for all versions and they are available immediately. It is recommended that you upload the patches to your server immediately.

If you're not currently using vBulletin 5.0.4, we would recommend that you upgrade to this version with the included patch. This will provide the best possible vBulletin 5 Connect experience for you and your users. If there is some reason that you cannot upgrade, a patch has been provided for your version.

You can download the patch for your version here: http://members.vbulletin.com/patches.php

Please install the patch immediately.

1. Download the patch from https://members.vbulletin.com/patches.php.
2. Extract the vBulletin patches files from the Zip file.
3. Upload the patch files to your server, overwriting the old files.

For additional instructions please see the online documentation at: http://www.vbulletin.com/docs/html/upgrade_patch_level

Frequently Asked Questions:
Q) To install this patch, do I need to run the upgrade scripts?
A) No, that is only necessary if performing a full upgrade to 5.0.4.

Q) I am running beta still, can I use these patches?
A) No, you need to upgrade to vBulletin 5.0.4 as soon as possible.

Q) The version on the front-end has not been updated after applying the patch.
A) This is intentional.

Q) Suspect File Versions reports some files as not containing expected contents.
A) This is to be expected as you uploaded new files with different content.

Q) Can you tell me the exact details of this issue?
A) We do not disclose that information to protect our customers.

Q) What versions does this affect?
A) All released versions of vBulletin 5 Connect including 5.0.0, 5.0.1, 5.0.2, 5.0.3 and 5.0.4