vBulletin Security Patch for 4.X and 3.X Yahoo YUI Security Exploit
We have been notified of a potential, but unconfirmed exploit in vBulletin 3 and 4 (all versions) via the Yahoo YUI component library.
To rectify this issue we have released a Patch for the latest version of vBulletin 3 and vBulletin 4, vBulletin 3.8.7 and vBulletin 4.1.3. Forthcoming vBulletin 4.1.4 will not be affected.
As such, we have released:- vBulletin Publishing Suite 4.1.3 PL1
- vBulletin Forum Classic 4.1.3 PL1
- vBulletin Forum Classic 3.8.7 PL1
Upgrade Process
The upgrade process is the same as previous Patch level releases - simply download the Patch from the Members Area, extract the files and upload to your webserver, overwriting the existing files. There is no upgrade script required.
As with all security-based releases, we recommend that all customers upgrade as soon as possible in order to prevent any potential damage resulting from the flaw being exploited.
New installations/upgrades
If you are upgrading your site, or installing a new copy of our software, the latest software packages include the patch. These can be downloaded from your Members Area
To manually fix versions prior to vBulletin 4.1.3 and 3.8.7- Edit one line in class_core.php file located in /includes/class_core.php ; find the following line “define('YUI_VERSION', '2.7.0'); // define the YUI version we bundle” ; replace this line with “define('YUI_VERSION', '2.9.0'); // define the YUI version we bundle”
- In AdminCP; Go to “Options” => “Server Settings and Optimization Options” ; find “Use Remote YUI” option and in the dropdown switch to a server of your choice, Google or Yahoo
F ofv D eyvm - vBulletin Security Patch for 3>X
06-01-2011, 11:22 AM
[ خبر ] ثغرة - vBulletin Security Patch for 3.X 
العرض العادي
