|
|
|
|
||||||
| أرشيف تطوير منتديات vb3.0.0 :: يمنع منعاً باتا ً .. كتابة أي موضوع يهتم بمشاكل المنتديات (( يمنع وضع نسخ vBulletin )) |
|
|
LinkBack | أدوات الموضوع | طرق العرض |
11 - 01 - 2006, 00:53
|
|||
|
JELSOFT SECURITY BULLETIN http://www.vbulletin.com/ January 10th, 2006 This email contains important security-related information. Please read it carefully. * Security Information * vBulletin 3.5.3 * vBulletin 3.0.12 * vBulletin 2.3.9 * Your License Information * Contact Us ---------- SECURITY INFORMATION ---------- A recently-discovered cross-site scripting (XSS) flaw in all three branches of vBulletin has prompted us to perform a security update, releasing new versions of vBulletin 2.3.x, 3.0.x and 3.5.x simultaneously. All prior versions of vBulletin are vulnerable to the flaw and we advise all customers to upgrade or patch their vBulletin installations at their earliest convenience. Specific details for each vBulletin version follow. ------------- VBULLETIN 3.5.3 ------------ If you run vBulletin 3.5, the problem can be resolved in one of three ways. 1 - Full Upgrade The best way to fix the problem is to perform a full upgrade by downloading the complete 3.5.3 package from the vBulletin Members' Area and following the regular upgrade instructions. This method will also fix a number of non-critical bugs that have been resolved since the release of vBulletin 3.5.2. Any previous version of vBulletin can be brought up to date using this method. 2 - Patch If you are currently running vBulletin 3.5.2, you may download the patch files attached to the 3.5.3 release announcement thread and upload them to your web server, overwriting the existing files. This method will fix the XSS flaw, but will not resolve any additional bugs. 3 - Plugin The plugin system built into vBulletin 3.5 allows the problem to be fixed with a simple plugin. This is the quickest and easiest way to resolve the XSS flaw. You will need to download the plugin installation file from the 3.5.3 release announcement thread, then use the product manager in your Admin Control Panel to install the plugin. As with the patch, this method will not resolve any bugs except for the XSS flaw. The release announcement thread can be found here: http://www.vbulletin.com/forum/showthread.php?t=169997 ------------ VBULLETIN 3.0.12 ------------ Installations of vBulletin 3.0 can be fixed in one of the following ways: 1 - Full Upgrade The best way to fix the problem is to perform a full upgrade by downloading the complete 3.0.12 package from the vBulletin Members' Area and following the regular upgrade instructions. This method will also fix a number of non-critical bugs that have been resolved since the release of vBulletin 3.0.11. Any previous version of vBulletin can be upgraded to 3.0.12 using this method. 2 - Patch If you are currently running vBulletin 3.0.11, you may download the patch files attached to the 3.0.12 release announcement thread and upload them to your web server, overwriting the existing files. This method will fix the XSS flaw, but will not resolve any additional bugs. The release announcement thread can be found here: http://www.vbulletin.com/forum/showthread.php?t=169999 ------------- VBULLETIN 2.3.9 ------------ In addition to the XSS flaw affecting vBulletin 3.0 and vBulletin 3.5, vBulletin 2.3 has been found to contain an additional XSS problem relating to BB code parsing. This problem is also resolved by the release of vBulletin 2.3.9. You may fix your vBulletin 2.3 installation using either of the two methods listed here: 1 - Full Upgrade The best way to fix the problem is to perform a full upgrade by downloading the complete 2.3.9 package from the vBulletin Members' Area and following the regular upgrade instructions. This method will also fix a number of non-critical bugs that have been resolved since the release of vBulletin 2.3.9. Any previous version of vBulletin can be upgraded to 2.3.9 using this method. 2 - Patch If you are currently running vBulletin 2.3.8, you may download the patch files attached to the 2.3.9 release announcement thread and upload them to your web server, overwriting the existing files. This method will fix both XSS flaws, but will not resolve any additional bugs. The release announcement thread can be found here: http://www.vbulletin.com/forum/showthread.php?t=170001 ---------------- YOUR LICENSE INFORMATION ---------------- You can use this information to log into the members area and download vBulletin and ImpEx: Customer Number: J1747AC983E1 If you have misplaced your customer password, you can request that it be re-sent to your registered email address using the following form: http://members.vbulletin.com/lostpw.php You can use this information to log into the members area: http://members.vbulletin.com/ -------------------- CONTACT US -------------------------- Please do not respond to this email directly. We will not receive your response. Please use the links below. Got a vBulletin technical query? Contact support: http://www.vbulletin.com/support/ For all other queries, please visit this page: http://www.vbulletin.com/contact.php To report suspected bugs in vBulletin 3 and 3.5, please use the bug tracker for each version: vBulletin 3.0 - http://www.vbulletin.com/forum/bugs.php vBulletin 3.5 - http://www.vbulletin.com/forum/bugs35.php |
|
:: TRAIDNT ::
:: رفيق الدرب :: 
  |
|
| العلامات المرجعية |
| أدوات الموضوع | |
| طرق العرض | |
|
|
العرض العادي
