vBulletin 3.0.7 released
Link: vBulletin 3.0.7 released
Jelsoft have released an updated version of their popular vBulletin 3 software, after a security flaw was discovered in the settings.
The security risk is only an issue on a somewhat obscure setting is used in versions prior to 3.0.7, which most users are likely to have disabled by default anyway.
This is the update e-mail Jelsoft:
The discovery of a potentially serious security hole has
necessitated the release of vBulletin 3.0.7. All customers
are strongly encouraged to take one of the actions
described in this email.All versions of vBulletin 3 up to and including 3.0.6 are
affected only if you have enabled the “Add Template Name
in HTML Comments” option (Admin Control Panel -> vBulletin
Options -> General Settings). We hope most of you will not
have had this option enabled anyway, as it is mostly for
debugging and creates unessary bandwidth usage on a
production site.To fix the issue, you should choose one of these options:
1. Disable the “Add Template Name in HTML Comments” option
on your board.
2. Download this zip file:
http://www.vbulletin.com/members/getfile.php/patch_307.zip
Follow the instructions within to patch your vBulletin.
3. Upgrade to 3.0.7. Please see the link below for more
information on this release.We recommend options 2 or 3, if possible.
For more information on this release, including upgrade
instructions and information on bugs fixed, please see
this thread:http://www.vbulletin.com/forum/showthread.php?t=130591
