New vBulletin Versions Released

The latest security update from Jelsoft for their Vbulletin product:

November 24th, 2006

* New vBulletin Versions Released
* Your License Information
* Contact Us


The discovery of a potential cross-site scripting (XSS) issue in the administrators control panel has necessitated the preventative release of new versions of vBulletin for the 3.6, 3.5 and 3.0 series.

Due to several mitigating factors, this issue is hard to exploit and careful browsing by administrators can prevent it entirely. Nonetheless, we strongly recommend that all of our customers upgrade or apply patches as soon as possible.

We have posted instructions on the announcements forum detailing procedures to upgrade or patch each affected version. Please follow the relevant links below.

Note: While we have supplied patches and updates for all affected vBulletin versions, we do recommend that all customers upgrade to 3.6.4, as this is our latest stable release.

Upgrade information and patch for 3.6.* series

Upgrade information and patch for 3.5.* series

Upgrade information and patch for 3.0.* series

If you absolutely cannot apply the patch or upgrade…

We strongly recommend you actively take steps to address this issue. However, if this is not possible, we recommend that administrators only log into the control panel when work is necessary. While you are logged into the control panel, do not click unknown links. Log out from the control panel using the link in the upper right of the screen immediately after finishing your work. If you are unexpectedly presented with the control panel login screen after clicking a link, do not login.

Comments are closed.