Advertise Here | Advertise Here | Advertise Here | Advertise Here
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Attention buyers: Please take the time to read THIS
    Dismiss Notice
  3. I have imposed a new requirement today limiting who can start and receive private conversations. This is in an effort to thwart scammers who have a zero post count but private message others offering to sell their licenses. The restriction is not strict, a user must post at least one (1) post in the forum before being allowed to start and/or receive private conversations. Read Forum Post
    Dismiss Notice
  4. Dismiss Notice
Dismiss Notice
Introducing the new Classifieds Section

Please see HERE for more info.

Official Security Patch Released for vBulletin 5.1.4 - 5.1.6

Discussion in 'vBulletin' started by EL Paper Boy, May 21, 2015.

  1. EL Paper Boy

    EL Paper Boy Member

    Local Time:
    2:22 PM
    A security issue has been discovered by the vBulletin team. This issue affects photo descriptions and could allow Cross Site Scripting. We have released security patches for the versions vBulletin 5.1.4 through 5.1.6 to close this vulnerability. It is recommended that all users apply the patch as soon as possible. If you're using a version of vBulletin 5 older than 5.1.4, it is recommended that you upgrade to the latest version as soon as possible.

    In addition to the fixes in this patch, an upgrade step is being added to vBulletin 5.1.7 that will verify all previous images and make sure their descriptions are secure.

    You can download the patch for your version here: http://members.vbulletin.com/patches.php

    To install the patch:
    1) Download the appropriate files for your version of vBulletin 5
    2) Upload all files found within the zip file. Make sure to overwrite the existing files on your server.
    3) Run install/upgrade.php in your browser.
    4) Delete the /core/install folder.

    If you're using a version prior to 5.1.4, then you should upgrade to that version following standard upgrade procedures. After upgrading, run the fix script which will be found in your /do_not_upgrade folder. Upload this to /core/install and run from your web browser.

    This fix has already been applied to vBulletin Connect 5.1.7 and vBulletin Cloud.

    Continue reading...
     

Share This Page