vBulletin has released a security patch to improve the security of the vBulletin 4 MAPI (4.1.2 - 4.1.11 Suite & Forum) as the result of a recent internal security review. Although no exploits have been reported, we urge our customers to upgrade as soon as possible.

The changes do not affect vBulletin 4.0.0 - 4.1.1.

This patch has been issued for vBulletin 4.1.2 through 4.1.11. A separate PL1 has been issued for vBulletin 4.1.12.

These MAPI security improvements have been added for vBulletin 3.x with the release of 3.x MAPI 1.4.3.

To improve the security of your vBulletin 4 installation, please download the patch from the members area of vBulletin: http://members.vbulletin.com/

The upgrade process is slightly more complicated for this patch level release.

  1. Download the latest PL for your vBulletin 4.1.2 - 4.1.11 install from https://members.vbulletin.com.
  2. Upload the patch do your server.
  3. Unzip the patch to your vBulletin 4 install directory. (Ex. /var/www/html/myforum)
  4. Download the "API-Log-Clean.xml" attached to this thread. (Included in the do_not_upload folder for full installs.)
  5. Import "API-Log-Clean.xml" using the "Manage Products" interface in the "Plugins & Products" section of your Admin CP. The cleanup script will run on install. AdminCP -> Plugins & Products -> Manage Products -> Add/Import Product
  6. Delete "API-Log-Clean" using the "Product Manager" option in the "Plugins & Products" section of your Admin CP. (Optional. The product is automatically disabled after the script runs.)

Advanced Users - Files updated in the patch are:

  • includes/init.php

Please note that this issue and fix affects BOTH vBulletin 4 SUITE and FORUM.

Discuss the security patch - HERE
Attached Files