اخر إصدار متوفر: 3.7.2 Patch Level 2
اخر إصدار متوفر: 3.7.2 Patch Level 2.
أنت حالياً تشغل الإصدار 3.7.2 Patch Level 1.
اضغط هنا لتنزيل الاصدار 3.7.2 Patch Level 2 من منطقة الأعضاء
vBulletin 3.7.1 PL2 / vBulletin 3.6.10 PL2
An XSS flaw affecting the vBulletin URL redirection system has been identified. It could allow an attacker to trick a moderator or admin into unwittingly performing an action in either the front-end or control panel that they had not intended. To resolve this issue, it is necessary to release PL2 versions of vBulletin 3.7.1 and 3.6.10.
This XSS flaw, and that which made the release of the PL1 versions necessary, was discovered by Jessica Hope and others.
The upgrade process is the same as the PL1 releases - simply download the Patch from the Members Area, extract the files and upload to your webserver, overwriting the existing files. There is no upgrade script required.
As with all security-based releases, we recommend that all customers upgrade as soon as possible in order to prevent any potential damage resulting from the flaw being exploited.
vBulletin 3.7.2 to be Released Next Week
In line with our new scheduled maintenance release policy, we have evaluated the merits of providing a new maintenance release one month after the previous release or waiting until next month. It has been decided that we will bring forward the release of vBulletin 3.7.2 from Tuesday July 29th to this coming Tuesday, June 24th.
This release will be mentioned in the security bulletin sent out to customers today, but we will not send a further notification next week when 3.7.2 is released. Watch your Admin CP News, or the latest version check in the Admin CP to see when the new version is available. Alternatively, keep an eye on this forum for the 3.7.2 announcement.
To reiterate, vBulletin 3.7.2 will be released on Tuesday, June 24th 2008.
Upgrading from 3.7.1, 3.6.10 or their PL1 versions
If you are already running 3.7.1, 3.6.10 or their PL1 Patch versions, the process you will be required to follow to make your board immune to the XSS problem is very simple.
There is no need to run an upgrade script if you are already running 3.7.1, 3.6.10 or their PL1 versions.
Visit the Patches section of the vBulletin Members' Area and download either the Patch for 3.7.1, or the Patch for 3.6.10, according to the version you are currently running, then extract the files from the archive you downloaded, then upload the files to your board via FTP etc., overwriting the existing files. This will update your version to the PL2 release.
The 3.7.1 PL2 Patch file also includes the PL1 fixes. The same is true of the 3.6.10 PL2 Patch file.
Upgrading from Versions Earlier than 3.7.1 or 3.6.10
If you are not already running 3.7.1 or 3.6.10, you should download the most latest version from the Members' Area and perform an upgrade as normal.
Full instructions for upgrading vBulletin are available here.
Download vBulletin 3.7.1 PL2 or 3.6.10 PL2
As usual, both versions released today are available for all customers with valid, active licenses to download from the vBulletin Members' Area.
vBulletin Members Area
|مواقع النشر (المفضلة)|
|أدوات الموضوع||إبحث في الموضوع|
|انواع عرض الموضوع|
|الموضوع||كاتب الموضوع||المنتدى||مشاركات||آخر مشاركة|
|اخر إصدار متوفر: 4.1.12 Patch Level 1 ترقيع امني||Linuxawy.G||تطوير منتديات vBulletin 4.x.x||1||2012-04-25 01:35 PM|
|ترقيع النسخه 3.8.1 - 3.8.1 Patch Level 1||Eng Ahmed||الحمــــاية Security||7||2012-02-10 11:24 PM|