Your Ad Here Your Ad Here
Results 1 to 5 of 5

Thread: vBulletin 3.5.1

  1. #1
    tesco's Avatar woowoo
    Join Date
    Aug 2003
    Location
    Canadia
    Posts
    24,069
    vBulletin 3.5.1
    vBulletin 3.0.10
    vBulletin 2.3.8

    The original purpose of this release was to provide a regular, scheduled bug-fix / service release for the new 3.5.x series, but newly discovered flaws in Internet Explorer and PHP have necessitated a security release for all three vBulletin branches.

    The first flaw is in Microsoft Internet Explorer. It affects vBulletin image uploads and potentially opens a cross-site-scripting exploit. It has affected many web-based applications that allow image uploads, including phpBB and Hotmail. Although a fix from Microsoft would be preferable, we have implemented a work-around in all three branches of vBulletin to prevent the Internet Explorer flaw from being exploited.

    The second flaw is in PHP and may allow the entry of unsanitized data into several areas in vBulletin. This may create security holes that are not directly caused by vBulletin, simply exploited through vBulletin as it uses affected PHP code. PHP 4.4.1 has been released to address this issue (no updated PHP5 is available yet). If you are running PHP 4, it is strongly recommended that you update your PHP installation to 4.4.1!

    I'd just like to reiterate that neither of these flaws are directly related to vBulletin. Rather, they are flaws in software that ties into vBulletin. We are simply creating workarounds for these issues to prevent them from being exploited.

    Patch files for vBulletin 3.5.x, 3.0.x and 2.3.x are attached to this thread, though we would recommend that you fully upgrade your board rather than simply patch it wherever possible. The zip files contain partial directory structures of the upload/ folder that would normally be found in the package you downloaded from the members' area. You should simply download the correct file for your board and extract it. Connect to your server via FTP and upload the contents of the zip file to your main board directory. This should overwrite files already on your server -- if it does not, then your board will not be patched!

    All customers should upgrade or patch their boards as soon as possible.

  2. Everything Related to the Board   -   #2
    twisterX's Avatar Poster
    Join Date
    Jul 2003
    Location
    CoNNecticut
    Posts
    5,272
    Thats good and we just upgraded.

  3. Everything Related to the Board   -   #3
    Rip The Jacker's Avatar Retired
    Join Date
    Nov 2002
    Location
    Los Angeles, CA
    Age
    31
    Posts
    6,435
    What's this... a thread preview feature? Cool!

  4. Everything Related to the Board   -   #4
    tesco's Avatar woowoo
    Join Date
    Aug 2003
    Location
    Canadia
    Posts
    24,069
    Quote Originally Posted by Rip The Jacker
    What's this... a thread preview feature? Cool!
    I did that about half an hour before the upgrade...

    It's really nice tho, actually works properly in firefox...

  5. Everything Related to the Board   -   #5
    asmithz's Avatar Hi-Definition
    Join Date
    Jun 2003
    Posts
    11,082
    Quote Originally Posted by rossco
    Quote Originally Posted by Rip The Jacker
    What's this... a thread preview feature? Cool!
    I did that about half an hour before the upgrade...

    It's really nice tho, actually works properly in firefox... v
    Yea it does, good work. Eliminating the middle man.
    Last edited by asmithz; 11-02-2005 at 06:52 AM.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •