Joeychgo
05-16-2007, 11:31 AM
It would appear that the XSS that necessitated the release of 3.6.7 extends to another system we did not appreciate at the time of the release.
Therefore, here are a further set of patches and plugins for you to apply.
Here are your options, depending on the version of vBulletin you are currently running.
Currently running vBulletin 3.6.7
Either:
Download the patch for 3.6.7 from the members' area (http://members.vbulletin.com/patches.php) (or this thread - 367_patch.zip) and upload the contents to your forum directory
Apply the plugin vb_367_xss_fix_plugin.xml attached to this threadThose using vBulletin 3.6.7 can make use of the new Patch Level release system, which allows the correct version number to be displayed in the admin control panel - with the patch applied, your version number in the ACP will reflect the fact that you are now running 3.6.7 PL1.
Currently running vBulletin 3.6.4, 3.6.5 or 3.6.6
Either:
Upgrade to the new vBulletin 3.6.7 package available in the members' area (http://members.vbulletin.com/)
Download the patch for 3.6.6 available in the members' area (http://members.vbulletin.com/patches.php) (or this thread - 366_patch.zip) and upload the contents to your forum directory
Apply the plugin vb_366_xss_fix_plugin.xml attached to this threadCurrently running vBulletin 3.6.x older than 3.6.4
Either:
Upgrade to the vBulletin 3.6.7 package available in the members' area (http://members.vbulletin.com/)
Apply the plugin vb_366_xss_fix_plugin.xml attached to this threadOnce again, we are sorry that this latest problem has occurred. We are looking into ways to ensure that this sort of thing does not happen again.
Please see the original announcement for the patch files: http://www.vbulletin.com/forum/showp...10&postcount=6 (http://www.vbulletin.com/forum/showpost.php?p=1355810&postcount=6)
More... (http://www.vbulletin.org/forum/showthread.php?t=147395&goto=newpost)
Therefore, here are a further set of patches and plugins for you to apply.
Here are your options, depending on the version of vBulletin you are currently running.
Currently running vBulletin 3.6.7
Either:
Download the patch for 3.6.7 from the members' area (http://members.vbulletin.com/patches.php) (or this thread - 367_patch.zip) and upload the contents to your forum directory
Apply the plugin vb_367_xss_fix_plugin.xml attached to this threadThose using vBulletin 3.6.7 can make use of the new Patch Level release system, which allows the correct version number to be displayed in the admin control panel - with the patch applied, your version number in the ACP will reflect the fact that you are now running 3.6.7 PL1.
Currently running vBulletin 3.6.4, 3.6.5 or 3.6.6
Either:
Upgrade to the new vBulletin 3.6.7 package available in the members' area (http://members.vbulletin.com/)
Download the patch for 3.6.6 available in the members' area (http://members.vbulletin.com/patches.php) (or this thread - 366_patch.zip) and upload the contents to your forum directory
Apply the plugin vb_366_xss_fix_plugin.xml attached to this threadCurrently running vBulletin 3.6.x older than 3.6.4
Either:
Upgrade to the vBulletin 3.6.7 package available in the members' area (http://members.vbulletin.com/)
Apply the plugin vb_366_xss_fix_plugin.xml attached to this threadOnce again, we are sorry that this latest problem has occurred. We are looking into ways to ensure that this sort of thing does not happen again.
Please see the original announcement for the patch files: http://www.vbulletin.com/forum/showp...10&postcount=6 (http://www.vbulletin.com/forum/showpost.php?p=1355810&postcount=6)
More... (http://www.vbulletin.org/forum/showthread.php?t=147395&goto=newpost)
