Security Patch Release for vBulletin 5 Connect, Versions 5.0.0 through 5.1.2.

[EL PaperBoy]

A security issue has been reported to us that affects the versions of vBulletin listed here: 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2 We have released security patches to account for this vulnerability. The patch resolves a potential Cross-Site Forgery Request in the authorization system. It is recommended that all users install the patch provided for their version as soon as possible.

You can download the patch for your version here: http://members.vbulletin.com/patches.php

As part of our maintenance of Cloud Sites, we have applied the patch to those sites. If necessary, we will contact Cloud Customers with further information.

The current vBulletin 5.1.3 Alpha will include this fix on its next release. vBulletin 5.1.3 Alpha should not considered suitable for production or live servers.

Patch version numbers are:

Security patch: 5.1.2 PL2

Security patch: 5.1.1 PL2

Security patch: 5.1.0 PL3

Security patch: 5.0.5 PL4

Security patch: 5.0.4 PL5

Security patch: 5.0.3 PL4

Security patch: 5.0.2 PL5

Security patch: 5.0.1 PL4

Security patch: 5.0.0 PL4

All patches can be downloaded at http://members.vbulletin.com/patches.php

To install the patch for your version, upload the files included in the downloaded patch package and overwrite the existing files on your server.

Continue reading...