   |  | Join Date: Jul 2006 | Posts: 9,242 | Location: Topeka, KS |
vBulletin 3.6.4 Released
vBulletin 3.6.4
The discovery of a potential cross-site scripting (XSS) issue in the administrators control panel has necessitated the preventative release of vBulletin 3.6.4 Due to several mitigating factors, this issue is hard to exploit and careful browsing by the admins can prevent it entirely. Nonetheless, we strongly recommend that all of our customers upgrade or apply the patch as soon as possible.
Additionally, vBulletin 3.6.4 includes fixes for several non-security-related bugs, see here for a full list.
Updating your vBulletin to combat the XSS issue:
Please note that this issue is present in other versions of vBulletin as well. Please see the appropriate announcement!
You have two options to fix the XSS issue:
We strongly recommend you actively take steps to address this issue. However, if this is not possible, we recommend that administrators only log into the control panel when work is necessary. While you are logged into the control panel, do not click unknown links. Log out from the control panel using the link in the upper right of the screen immediately after finishing your work. If you are unexpectedly presented with the control panel login screen after clicking a link, do not login.
PHP and MySQL Requirements
Please note that vBulletin 3.6.x requires at least PHP 4.3.3 and MySQL 4.0.16 or later
The discovery of a potential cross-site scripting (XSS) issue in the administrators control panel has necessitated the preventative release of vBulletin 3.6.4 Due to several mitigating factors, this issue is hard to exploit and careful browsing by the admins can prevent it entirely. Nonetheless, we strongly recommend that all of our customers upgrade or apply the patch as soon as possible.
Additionally, vBulletin 3.6.4 includes fixes for several non-security-related bugs, see here for a full list.
Updating your vBulletin to combat the XSS issue:
Please note that this issue is present in other versions of vBulletin as well. Please see the appropriate announcement!
You have two options to fix the XSS issue:
- Full Upgrade: The best way to fix the problem is to perform a full upgrade, downloading the complete 3.6.4 package from the vBulletin Members' Area and following the regular upgrade instructions.
- Patch: A second option is to download the patch files discussed in this thread and upload them to your web server, overwriting the existing files. The patch is available from the Members' Area patch page!
We strongly recommend you actively take steps to address this issue. However, if this is not possible, we recommend that administrators only log into the control panel when work is necessary. While you are logged into the control panel, do not click unknown links. Log out from the control panel using the link in the upper right of the screen immediately after finishing your work. If you are unexpectedly presented with the control panel login screen after clicking a link, do not login.
PHP and MySQL Requirements
Please note that vBulletin 3.6.x requires at least PHP 4.3.3 and MySQL 4.0.16 or later
--------------------
Find it on Forums
Brandon Sheley / vBulletin Setup Staff
Check out our Newsletter for the latest vB and SEO news.
Are you looking for vBulletin work to be done on your forums ?
Would you like to Help Support vBulletin Setup.
Check out our Newsletter for the latest vB and SEO news.
Are you looking for vBulletin work to be done on your forums ?
Would you like to Help Support vBulletin Setup.
Reply to the Welcome PM for Full Access to the Forums.. Thanks
Please do not PM me for support, that's what the forums are for.
Have you heard about Crowdgather?Find it on Forums
Check out this cool page - Bar Code Signatures
Linear Mode
