A recent vBulletin report indicated that there was a potential XSS exploit vector involving the new Activity Stream. Once the cause of the issue was isolated, code changes were made to eliminate the reported threat.
This issue affects ONLY vBulletin 4.2 (Suite & Forum).
A patch has been issued for vBulletin 4.2.
To improve the security of your vBulletin 4 installation, please download the patch from the members area of vBulletin: Please Log In
The standard upgrade process for a patch level release is:
The upgrade.php script does not need to be run.
Advanced Users:
Files updated in this patch for vBulletin 4.2 (Suite & Forum).
Licensed customers can discuss the security patch - HERE
More...
This issue affects ONLY vBulletin 4.2 (Suite & Forum).
A patch has been issued for vBulletin 4.2.
To improve the security of your vBulletin 4 installation, please download the patch from the members area of vBulletin: Please Log In
The standard upgrade process for a patch level release is:
- Download the patch for the version of vBulletin you're currently running fromhttps://members.vbulletin.com/patches.php.
- Extract the vBulletin patch files from the zip file.
- Upload the patch files to your server, overwriting the old files.
The upgrade.php script does not need to be run.
Advanced Users:
Files updated in this patch for vBulletin 4.2 (Suite & Forum).
- /vb/activitystream/view/perm/calendar/event.php
- /includes/vbulletin_version.php
Licensed customers can discuss the security patch - HERE
More...
