Join Date: 09 2002
Location: Ilha dos Amores
Reputation: 157 | 4
Attention Acid! vBulletin 3.0.7 Released - Security Patch
The discovery of a potentially serious security hole has necessitated the release of vBulletin 3.0.7. All customers are strongly encouraged to take one of the actions described in this post. |
All versions of vBulletin 3 up to and including 3.0.6 are affected only if you have enabled the Add Template Name in HTML Comments option (Admin Control Panel -> vBulletin Options -> General Settings). We hope most of you will not have had this option enabled anyway, as it is mostly for debugging and wastes a fair amount of bandwidth on a production site.
Thus, to fix the issue, you should choose one of these options:
Disable the Add Template Name in HTML Comments option on your board.
Download the zip file attached to this post (or from here) and overwrite the misc.php in the main vBulletin directory on your server with the version in the zip. (More extensive instructions are provided in the zip file.)
Upgrade to 3.0.7. A link to upgrade instructions is provided below.
We would strongly recommend options 2 or 3 if possible.
The Importance of Keeping Current with Security Updates
We would like to take this time to reiterate the importance of keeping current with security updates. If you are not currently running a version with the recent patches built in or have not manually patched your board, please see the 3.0.5 and 3.0.6 announcements for important patches.
Recently, more issues have been discovered than we would have liked, but we try to make patching as painless as possible to ease the burden these issues create. We are looking into ways to make patch delivery even easier for future versions.
Backing Up Your Forums
Please be sure to check that your backups are complete before continuing with an upgrade. We had reports that PHP was causing time out errors when creating the back up SQL, and this was causing for incomplete or corrupted backups. The safest way to do a backup is to use the mysqldump utility through SSH/Telnet, as it will not suffer from any such problems. Full instructions for backing up your database are available in the vBulletin 3 Manual.
3675 - Mozilla WYSIWYG editor eats spaces
3678 - % in custom BB codes causes problems
3683 - Importing XML in PHP5 defaults to UTF-8 encoding
3685 - "Multiple Choice" vs "Multiple-Choice"
3687 - Redundant code in poll.php
3691 - "CSS Selector" can't be translated
3695 - URLs with parentheses not auto-parsed
3696 - BB codes with options not stripped by strip_bbcode()
3697 - Can't close thread while creating
3699 - User titles not wordwrapped
3703 - "0" not accepted as phrase text
3708 - Extra column displayed in PM list if icons off
3710 - Missing semicolon in HTML entity in memberlist.php
3714 - Smilies don't upload properly
3724 - Typo in "Message Attachment Options"
3725 - Redirected to wrong page after removing moderator
3730 - Attachment.php doesn't check "can view others"
3731 - Calendar moderator queue broken
3733 - Rebuild post cache results in empty cached post
3737 - URLs not auto-parsed in signatures
3738 - Editpost.php does not auto-parse links in preview
3739 - Call to non-existing template in register.php
3746 - Event ending at midnight spans two days in calendar
3748 - Unreachable code in functions_bbcodeparse.php
3749 - Inconsistent phrase in BB code manager
3751 - Smilies parse as IMG tags with Mozilla WYSIWYG
3754 - Uncached template in joinrequests.php
3763 - Bad chdir in modcp/deletedposts.php
3765 - Poll icon visible even when poll not posted
3772 - URLs not parsed immediately after closing BB code tags
3780 - Spacing issue with reply button and legacy postbit
3785 - Uncached templates in profile.php
3787 - Variable globalized twice in register.php
3788 - Unreachable code in register.php
3793 - Redirects in moderator.php don't respect admin perms
3796 - Can't delete profile picture from ModCP
Potential security issue in misc.php
Significant improvements to attachment.php (Etag support, ability to send signficantly larger attachments, ability to cancel sending attachment if user cancels)
Read more at
| || |