JELSOFT SECURITY BULLETIN
vBulletin - Instant Community
18th August 2008
* vBulletin 3.7.2 PL2 and 3.6.10 PL4 Released
* vBulletin 3.7.3 and 3.6.11 on August 26th
* Your License Information
* Contact Us
------- VBULLETIN 3.7.2 PL2 and 3.6.10 PL4 RELEASED --------------------
An XSS flaw related to JavaScript escaping has been identified. This could allow an attacker to carry out an action as a user or obtain access to a user's account. To resolve this issue, it is necessary to release patch level versions of vBulletin 3.7.2 and 3.6.10.
This flaw was discovered by Federico Muttis.
The upgrade process is the same as previous patch level releases - simply download the patch from the Members' Area, extract the files and upload to your webserver, overwriting the existing files. There is no upgrade script required.
Full details of the release can be found in the vBulletin 3.7.2 PL2 / 3.6.10 PL4 release announcement thread:
vBulletin 3.7.2 PL2 and 3.6.10 PL4 Released - vBulletin Community Forum
------- VBULLETIN 3.7.3 AND 3.6.11 ON AUGUST 26TH --------------------
In line with our new scheduled maintenance release policy, a new release for 3.6 and 3.7 will be made on Tuesday, August 26th.
These releases will contain bug fixes, but will also address a situation related to users that use their username as their password. In 3.6.11 and 3.7.3, this will be completely disallowed. Users affected by this will be forced to change their password on their first login. Additionally, a tool will be provided to email affected users with a new password. Please be aware of these potential compatibility changes when upgrading.
Watch your Admin CP news or latest version information for an update on August 26th to say that 3.7.3 and 3.6.11 are available to download, as no eBulletin will be sent for these releases after this one.
------- YOUR LICENSE INFORMATION ------------------------
You can use this information to log into the members' area to download vBulletin, ImpEx and other vBulletin-related support materials:
If you have misplaced your customer password, you can request that it be re-sent to your registered email address using the following form:
vBulletin - Member Area Recover Lost Password
The members' area is located here:
http://members.vbulletin.com/
-------------------- CONTACT US --------------------------
Please do not respond to this email directly. We will not receive your response. Please use the links below.
Got a vBulletin technical query? Contact support:
http://www.vbulletin.com/go/techsupport
For all other queries, please visit this page:
vBulletin - Contact Us
----------------------------------------------------------
This periodic email newsletter is delivered to all current vBulletin customers, and contains information about new software versions and Jelsoft.com / vBulletin.com web site features and content. If you have any questions or comments about this mailing, please contact us via the links above.
Copyright ©2000-2008, Jelsoft Enterprises Limited
Admincp klasörünü şifrelerseniz birşey olmazPhpkolik adlı üyeden alıntı: mesajı görüntülebekledigim açık sanırım 3.7.3 de kapatılacak sanırım
İngilizcem pek iyi değilde.
