منتدى استراحات زايد

منتدى استراحات زايد (http://vb.ma7room.com/)
-   منتدى أخبار المواقع والمنتديات العربية والأجنبية (http://vb.ma7room.com/f183.html)
-   -   Security Patch Release 4.0.2 PL4 (http://vb.ma7room.com/t365970.html)

محروم.كوم 03-26-2010 09:30 AM
Security Patch Release 4.0.2 PL4
 
A potential XSS vulnerability has been identified in vBulletin 4.0.2 PL3 in relation to the CMS article editor. In addition, a bug was introduced in PL3 in regards to bbcode parsing in CMS articles. We are issuing a patch release to address these issues.

The upgrade process is the same as previous patch level releases - simply download the patch from the Members Area, extract the files and upload to your webserver, overwriting the existing files. There is no upgrade script required if you are currently running 4.0.2 PL2 or PL3. If running 4.0.2 or 4.0.2 PL1 see the details below as the process is slightly different.

As with all security-based releases, we recommend that all customers upgrade as soon as possible in order to prevent any potential damage resulting from the flaw being exploited.

There is no need to run an upgrade script if you are already running the latest version (4.0.2 PL3).

If you are running 4.0.2, or 4.0.2 PL1 you should follow these steps.
1) Download the 4.0.2 PL4 patch files.
2) Set your site to be offline.
3) Make sure your install directory still exists. If not, upload the install directory from your vBulletin package to your vBulletin directory, leaving out install/install.php.
4) Upload the patch files to your vBulletin directory.
5) Run the url http://your.site.com/vBdirectory/ins...e_402_salt.php
 6) Set your site to be online.
This will address all PL fixes, including the fixes contained in 4.0.2 PL3. It is not necessary to run any other scripts.

Visit the Patches section of the vBulletin Members' Area and download the patch for the version you are using, then extract the files from the archive you downloaded, then upload the files to your board via FTP etc., overwriting the existing files. This will update your version to the latest patch release.

Upgrading from an earlier version

If you are not already running 4.0.2, 4.0.2 PL1, 4.0.2 PL2, or 4.0.2 PL3 you should download the latest version (4.0.2 PL4) from the Members' Area and perform an upgrade as normal.

Full instructions for upgrading vBulletin are available here.


Download vBulletin 4.0.2 PL4

As usual, the version released today is available for all customers with valid, active licenses to download from the vBulletin Members' Area.

vBulletin Members Area


الساعة الآن 02:00 AM

Powered by vBulletin® Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.5.2 TranZ By Almuhajir


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227