• پایان فعالیت بخشهای انجمن: امکان ایجاد موضوع یا نوشته جدید برای عموم کاربران غیرفعال شده است

vBulletin 3.6.3 , 3.5.6 Released

Persian Forum

کاربر تازه وارد
تاریخ عضویت
12 آگوست 2006
vBulletin 3.6.3 Released

An undocumented behaviour in all Windows versions of Internet Explorer has rendered vBulletin vulnerable to a potential cross-site scripting flaw (XSS). Therefore, we have decided to put out a preventative security release in order to work-around the Internet Explorer problem before it is exploited.

3.6.3 also includes fixes for approximately 50 bugs that were discovered in 3.6.2. For this reason, we recommend all customers upgrade to 3.6.3 as soon as possible. If this is not possible and you are currently running 3.6.2, you may use the patch method discussed here.

Updating your vBulletin to combat the XSS flaw:

Please note that this issue is present in other versions of vBulletin as well. Please see the appropriate announcement!

You have two options to fix the XSS issue:

1. Full Upgrade: The best way to fix the problem is to perform a full upgrade, downloading the complete 3.6.3 package from the vBulletin Members' Area and following the regular upgrade instructions.
2. Patch: A second option is to download the patch files discussed in this thread and upload them to your web server, overwriting the existing files. The patch is available in the Members' Area patch page or later in this post!

More info


vBulletin 3.5.6

An undocumented behaviour in all Windows versions of Internet Explorer has rendered vBulletin vulnerable to a potential cross-site scripting flaw (XSS). Therefore, we have decided to put out a preventative security release in order to work-around the Internet Explorer problem before it is exploited.

We recommend that all customers still running a 3.5 board upgrade to 3.5.6 or apply the patch discussed in this post as soon as possible. Note that our current recommended release is 3.6.3 and we recommend customers upgrade to that!

Performing a full upgrade to 3.5.6 also contains several bug fixes, including a fix for a compatibility issue in PHP 5.2.0. Additionally, this version adds HttpOnly cookies, which helps reduce the amount of damage that could be caused by a potential XSS flaw.

Updating your vBulletin to combat the XSS flaw:

Please note that this issue is present in other versions of vBulletin as well. Please see the appropriate announcement!

Our primary recommendation for customers is to upgrade to vBulletin 3.6.3, but if you are not ready to do this, you can do one of the following:

1. Full Upgrade: The best way to fix the problem is to perform a full upgrade, downloading the complete 3.5.6 package from the vBulletin Members' Area and following the regular upgrade instructions.
2. Patch: A second option is to download the patch files discussed in this thread and upload them to your web server, overwriting the existing files. The patch is available in the Members' Area patch page or later in this post!

More Info

3.6.2 بیش از 50 باگ داشته حتما آپگرید کنید یا Patch را استفاده کنید
