vBulletin SECURITY BULLETIN
http://www.vbulletin.com/
22nd July 2010
* vBulletin 3.8.6 Patch Level 1 Released
* Patch Levels Explained
* Your License Information
* Contact Us
------- VBULLETIN 3.8.6 Patch Level 1 RELEASED --------------------
vBulletin 3.8.6 Patch Level 1 has been released in order to deal with a security issue related to the vBulletin FAQ.
** ONLY VBULLETIN VERSION 3.8.6 IS AFFECTED BY THIS ISSUE **
Other versions are not affected - if you are running an older version of vBulletin 3 you do not need to do anything. If you have already installed vB 3.8.6, then follow these instructions in order to fix this:
1. First, download the 3.8.6 PL1 patch here:
http://members.vbulletin.com/patches.php
2. Delete the existing vbulletin-language.xml file from your 'install' directory.
3. Next upload the two files in that patch:
includes/version_vbulletin.php
install/vbulletin-language.xml
Make sure to upload these in ASCII mode, overwriting any existing files if necessary.
4. Go into your Admin CP and run this:
Admin CP -> Languages & Phrases -> Download/Upload Languages -> Import Language XML File
Then leave the settings as they are and click on Import.
Also please note that if you have not upgraded to 3.8.6 yet, the download has already been patched.
You MUST follow all of those instruction to fix this.
We strongly recommend that all customers running vBulletin 3.8.6 apply this patch as soon as possible.
Please see this notice for any new instructions:
http://www.vbulletin.com/go/386pl1
------- PATCH LEVELS EXPLAINED --------------------------
In order for the vBulletin team to react even more quickly to the discovery of security flaws, recent versions of vBulletin include a new system that allows the release of special security patch versions, which do nothing except fix the security problem.
This system allows a version number such as 1.0.4 to be altered to 1.0.4 PL1 (PL = Patch Level) so administrators can be sure that they are running the most up-to-date code and are no longer vulnerable to known security problems.
To make use of this system, vBulletin releases that include only security flaws will contain *only* the fixed file(s) plus a new version number file, allowing administrators to simply upload the new files without having to run an upgrade script.
A patch level release contains fixes for only the most critical issues in the previous release. In this case, this means the only changes are to address a security issue.
It is designed to be installed directly over top of your 3.8.6 installation. There is no need to run any upgrade scripts.
------- YOUR LICENSE INFORMATION ------------------------
You can use this information to log into the customer area to download vBulletin, ImpEx and other vBulletin-related support materials:
Your Customer Number: (removed)
If you have misplaced your customer password, you can request that it be re-sent to your registered email address using the following form:
http://www.vbulletin.com/go/lostpw
The customer area is located here:
http://members.vbulletin.com/
-------------------- CONTACT US --------------------------
Please do not respond to this email directly. We will not receive your response. Please use the links below.
Got a vBulletin technical query? Contact support:
http://www.vbulletin.com/go/techsupport
For all other queries, please visit this page:
http://www.vbulletin.com/contact.php
----------------------------------------------------------
This periodic email newsletter is delivered to all current vBulletin customers, and contains information about new software versions and vBulletin.com web site features and content. If you have any questions or comments about this mailing, please contact us via the links above. You can unsubscribe from this newsletter in the customer area at the bottom of the page:
http://members.vbulletin.com
This email sent to: ---
Copyright ©2000-2010, vBulletin Solutions Limited
