vBulletin 4.1.3, 4.1.4 and 4.1.5 Security Patch

Discussion in 'vBulletin Discussions' started by News Bot, Aug 2, 2011.

  1. News Bot

    News Bot Regular Member

    Joined:
    Apr 28, 2011
    Messages:
    429
    Likes Received:
    63
    Location:
    Cyber Space
    vBulletin Publishing suite and Forum Classic
    • 4.1.5pl1
    • 4.1.4pl3
    • 4.1.3pl3
    Has been released.

    This patch strengthens the security of the AdminCP to prevent a reported XSS attack in vBulletin versions 4.1.3, 4.1.4 and 4.1.5. To resolve this issue, it has been necessary to release a patch level version for these three versions only. The issue is limited to certain browsers only, and does not affect versions of vBulletin prior to 4.1.3.

    The patching process is the same as previous patch level releases - simply download the patch from the Members Area, extract the files and upload to your webserver, overwriting the existing files. There is no upgrade script required.

    As with all security-based releases, we recommend that all customers upgrade as soon as possible in order to prevent any potential damage resulting from the flaw being exploited.


    Patching Versions 4.1.3, 4.1.4 and 4.1.5

    The process you will be required to follow to make your board immune to this flaw is very simple.

    Visit the Patches section of the vBulletin Members' Area and download the patch for the version you are using, then extract the files from the archive you downloaded, then upload the files to your board via FTP etc., overwriting the existing files. This will update your version to the PL release.


    Upgrading from Versions Earlier than 4.1.3

    If you are not already running 4.1.3+, we have updated the downloadable version of our software, so you can download version 4.1.3, 4.1.4 and 4.1.5 from the Members' Area and perform an upgrade as normal.

    Full instructions for upgrading vBulletin are available here.


    Continue reading...
     
  2. SpacewardAsh

    SpacewardAsh Lurking From Space

    Joined:
    Jan 2, 2011
    Messages:
    211
    Likes Received:
    683
    Location:
    Falmouth, Cornwall, UK
    First Name:
    Ashley
    more XSS issues, when will they learn?
     
  3. Brandon

    Brandon Regular Member

    Joined:
    Jun 1, 2009
    Messages:
    6,602
    Likes Received:
    1,706
    Location:
    Topeka, Kansas
    First Name:
    Brandon
    Maybe when their own sites get hacked :(
    I am glad they're fixing security exploits but it sure does keep people like me busy upgrading forums.. which is good because I need the money..lol
     
    Ashley.S. likes this.
  4. SpacewardAsh

    SpacewardAsh Lurking From Space

    Joined:
    Jan 2, 2011
    Messages:
    211
    Likes Received:
    683
    Location:
    Falmouth, Cornwall, UK
    First Name:
    Ashley
    I never looked at it that way because in my opinion, if you don't know what you are doing with the software, then you shouldn't be using it as paying someone to do all the leg work is not the way to learn, it's just the quickest option to work with...
     
  5. Brandon

    Brandon Regular Member

    Joined:
    Jun 1, 2009
    Messages:
    6,602
    Likes Received:
    1,706
    Location:
    Topeka, Kansas
    First Name:
    Brandon
    Although I do understand what you're saying, I have several highly professional clients that want to run a forum for one reason or anything and no nothing at all about the backend and setting everything up.

    It like I like to drive my car but I wouldn't know the first thing (well actually I do, but you get my point) on rebuilding the car or modifying it. That's not going to stop me from driving a car. :)
     
    Ashley.S. likes this.
  6. SpacewardAsh

    SpacewardAsh Lurking From Space

    Joined:
    Jan 2, 2011
    Messages:
    211
    Likes Received:
    683
    Location:
    Falmouth, Cornwall, UK
    First Name:
    Ashley
    Why am I saying that anyway :confused: Clients pay me to work on their phpBB3 sites as they know jack all about it, so I'm just as bad as you :ROFL:
     
    Brandon Sheley likes this.
  7. Brandon

    Brandon Regular Member

    Joined:
    Jun 1, 2009
    Messages:
    6,602
    Likes Received:
    1,706
    Location:
    Topeka, Kansas
    First Name:
    Brandon
    :thumbsup:
     

Share This Page