A recent vBulletin report indicated that there was a potential exploit vector in flood protection. Once the cause of the issue was isolated, code changes were made to eliminate the reported threat.
This issue affects BOTH vBulletin 3 and vBulletin 4 (Suite & Forum).
A patch has been issued for vBulletin 3.8.7 through 4.2.
To improve the security of your vBulletin 4 installation, please download the patch from the members area of vBulletin: Please Log In
The standard upgrade process for a patch level release is:
Advanced Users:
Files updated in the patch for vBulletin 3.8.7 * 4.0 - 4.1.12 (Suite & Forum).
Files updated in the patch for vBulletin 4.2 (Suite & Forum).
Licensed customers can discuss the security patch - HERE
More...
This issue affects BOTH vBulletin 3 and vBulletin 4 (Suite & Forum).
A patch has been issued for vBulletin 3.8.7 through 4.2.
To improve the security of your vBulletin 4 installation, please download the patch from the members area of vBulletin: Please Log In
The standard upgrade process for a patch level release is:
- Download the patch for the version of vBulletin you're currently running fromhttps://members.vbulletin.com/patches.php.
- Extract the vBulletin patch files from the zip file.
- Upload the patch files to your server, overwriting the old files.
Advanced Users:
Files updated in the patch for vBulletin 3.8.7 * 4.0 - 4.1.12 (Suite & Forum).
- includes/class_dm_threadpost.php
- includes/class_floodcheck.php
- includes/version_vbulletin.php
Files updated in the patch for vBulletin 4.2 (Suite & Forum).
- includes/adminfunctions.php
- includes/class_dm_threadpost.php
- includes/class_floodcheck.php
- includes/class_upgrade_420a1.php
- install/init.php
- install/mysql-schema.php
- vb/activitystream/populate/forum/thread.php
- includes/version_vbulletin.php
Licensed customers can discuss the security patch - HERE
More...