Influx and Lustrous Upgraded to vBulletin 4.1.4

Support Forum

vBulletin Skins, IPB Skins, phpBB Skins and SMF Skins Support Forum


Go Back   ForumThemes Forums > ForumThemes News & Announcements > Industry News
vBulletin 4.X Security Patch vBulletin 4.X Security Patch
Register Projects FAQ Calendar Search Today's Posts Mark Forums Read

Follow ForumThemes on Twitter!
Acquiring Tweets
Follow us on Twitter!

Reply
 
LinkBack Thread Tools Display Modes
Old 04-05-2011, 06:30 PM   #1 (permalink)
Customer
  • Join Date: Jan 2009
  • Location: Canada
  • Posts: 1,949
  • User Status: Offline
  • Contact this user:

    Send a message via AIM to william Send a message via MSN to william


Exclamation vBulletin 4.X Security Patch
vBulletin Publishing suite
  • 4.1.2 PL1
  • 4.1.1 PL1
  • 4.1.0 PL3
  • 4.0.8 PL3
  • 4.0.7 PL1
  • 4.0.6 PL1
  • 4.0.5 PL1
  • 4.0.4 PL2
  • 4.0.3 PL2
  • 4.0.2 PL5
  • 4.0.1 PL1
  • 4.0.0 PL2
vBulletin Forum classic
  • 4.1.2 PL1
  • 4.1.1 PL1
  • 4.1.0 PL3
  • 4.0.8 PL3
  • 4.0.7 PL1
  • 4.0.6 PL2
  • 4.0.5 PL1
  • 4.0.4 PL2
  • 4.0.3 PL2
  • 4.0.2 PL5
  • 4.0.1 PL1
  • 4.0.0 PL2
Has been released.

A flaw within a side query that is used in the search UI has recently been discovered. This flaw may enable malicious individuals to inject sql that would allow you to run arbitrary queries on the db via this exploit. To resolve this issue, it has been necessary to release a patch level version on all versions of vBulletin 4.X. The issue does not affect vBulletin 3.X to the best of our knowledge. We are not aware of a website that has been compromised by this flaw.

The upgrade process is the same as previous patch level releases - simply download the patch from the Members Area, extract the files and upload to your webserver, overwriting the existing files. There is no upgrade script required.

As with all security-based releases, we recommend that all customers upgrade as soon as possible in order to prevent any potential damage resulting from the flaw being exploited.


Upgrading from 4.X

If you are already running 4.X, the process you will be required to follow to make your board immune to this flaw is very simple.

Visit the Patches section of the vBulletin Members' Area and download the patch for the version you are using, then extract the files from the archive you downloaded, then upload the files to your board via FTP etc., overwriting the existing files. This will update your version to the PL1 release.

Why have we patched every version of 4.X?
Yes eagle eyed viewers it is different to what vBulletin has done previously. In order to improve our customer experience, instead of requiring that you upgrade to the latest version of vBulletin (and potentially purchase the latest version of vBulletin to do that) we have released a patch for all versions that are affected.
Likewise, all download versions of 4.X have been updated.
  Reply With Quote
Reply

Bookmarks

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
Security Patch Release 3.8.6 PL1 william Industry News 0 07-21-2010 06:09 PM
Security Patch Release 4.0.2 PL4 william Industry News 0 03-26-2010 05:30 AM
Security Patch Release 4.0.2 PL3 william Industry News 0 03-25-2010 04:51 PM
vBulletin Patch Release william Industry News 0 12-23-2009 05:29 AM
IP.Board 2.2.x and 2.3.x Security Patch william Industry News 0 01-09-2009 03:52 AM

Powered by: vBulletin Versio3.8.7
Copyright ©2000 - 2012, Jelsoft Enterprises Limited.

SEO by vBSEO 3.3.0

1 2 3 4 5 6 7 8 9 10 11 12