vBulletin Security Patch for vBulletin 4.1.12 for Suite & Forum - 04/23/2012

Discussion in 'vBulletin Discussions' started by News Bot, Apr 23, 2012.

  1. News Bot

    News Bot Regular Member

    Joined:
    Apr 28, 2011
    Messages:
    429
    Likes Received:
    63
    Location:
    Cyber Space
    To support the upcoming release of vBulletin Mobile Suite 1.3, which contains vBulletin's iOS Mobile App 1.3 and Android Mobile App 1.3, we have released vBulletin 3.x MAPI Plugin 1.4.3. This release contains nine changes required to fix existing mobile app issues on forums running vBulletin 3. A security patch has been included to improve the security of the vBulletin 3.x MAPI plugin as the result of a recent internal security review. Although no exploits have been reported, we urge our customers to upgrade as soon as possible.

    vBulletin 3 customers should not upgrade unless they have the vBulletin Mobile Suite.

    vBulletin 3.x MAPI Plugin 1.4.3 is compatible with vBulletin 3.7.5+. vBulletin Blogs customers must have Blogs 2.0.4 installed before upgrading to 3.x MAPI Plugin 1.4.3. Please visit your vBulletin Members Area to download it.

    The following additional steps need to be taken after upgrade to vBulletin 3.x MAPI Plugin 1.4.3.

    1. Download the "API-Log-Clean.xml" attached to this thread. (Included in the do_not_upload folder for full installs.)
    2. Import "API-Log-Clean.xml" using the "Manage Products" interface in the "Plugins & Products" section of your Admin CP. The cleanup script will run on install. AdminCP -> Plugins & Products -> Manage Products -> Add/Import Product
    3. Delete "API-Log-Clean" using the "Product Manager" option in the "Plugins & Products" section of your Admin CP. (Optional. The product is automatically disabled after the script runs.)


    Discuss the vBulletin 3.x MAPI Plugin 1.4.3 release - HERE
    Attached Files

    Continue reading...
     
    Last edited by a moderator: Jan 6, 2014
  2. News Bot

    News Bot Regular Member

    Joined:
    Apr 28, 2011
    Messages:
    429
    Likes Received:
    63
    Location:
    Cyber Space
    vBulletin has released a security patch to improve the security of the vBulletin 4 MAPI (4.1.2 - 4.1.11 Suite & Forum) as the result of a recent internal security review. Although no exploits have been reported, we urge our customers to upgrade as soon as possible.

    The changes do not affect vBulletin 4.0.0 - 4.1.1.

    This patch has been issued for vBulletin 4.1.2 through 4.1.11. A separate PL1 has been issued for vBulletin 4.1.12.

    These MAPI security improvements have been added for vBulletin 3.x with the release of 3.x MAPI 1.4.3.

    To improve the security of your vBulletin 4 installation, please download the patch from the members area of vBulletin: http://members.vbulletin.com/

    The upgrade process is slightly more complicated for this patch level release.

    1. Download the latest PL for your vBulletin 4.1.2 - 4.1.11 install from https://members.vbulletin.com.
    2. Upload the patch do your server.
    3. Unzip the patch to your vBulletin 4 install directory. (Ex. /var/www/html/myforum)
    4. Download the "API-Log-Clean.xml" attached to this thread. (Included in the do_not_upload folder for full installs.)
    5. Import "API-Log-Clean.xml" using the "Manage Products" interface in the "Plugins & Products" section of your Admin CP. The cleanup script will run on install. AdminCP -> Plugins & Products -> Manage Products -> Add/Import Product
    6. Delete "API-Log-Clean" using the "Product Manager" option in the "Plugins & Products" section of your Admin CP. (Optional. The product is automatically disabled after the script runs.)

    Advanced Users - Files updated in the patch are:

    • includes/init.php


    Please note that this issue and fix affects BOTH vBulletin 4 SUITE and FORUM.

    Discuss the security patch - HERE
    Attached Files

    Continue reading...
     
    Last edited by a moderator: Jan 6, 2014
  3. News Bot

    News Bot Regular Member

    Joined:
    Apr 28, 2011
    Messages:
    429
    Likes Received:
    63
    Location:
    Cyber Space
    vBulletin has released a security patch to improve the security of the vBulletin 4 MAPI for 4.1.12 Suite & Forum as the result of a recent internal security review. Although no exploits have been reported, we urge our customers to upgrade as soon as possible.

    The changes do not affect vBulletin 4.0.0 - 4.1.1.

    This patch has been issued for vBulletin 4.1.12. A separate set of patches have been issued for vBulletin 4.1.2 - 4.1.11.

    The MAPI security improvements have been added for vBulletin 3.x with the release of 3.x MAPI 1.4.3.

    To improve the security of your vBulletin 4 installation, please download the patch from the members area of vBulletin: http://members.vbulletin.com/

    In addition to the security improvements, we've resolved the following 4.1.12 issues.

    • VBIV-14742 - Push notifications broken in FR 4.1.12 add-on.
    • VBIV-14685 - Tag in static page cause Fatal error on page with General Search widget set to return Static Pages
    • VBIV-14663 - Quoting doesn't work in the mobile style
    • VBIV-14660 - Static HTML in CMS always displays all content
    • VBIV-14754 - unset($VB_API_PARAMS_TO_VERIFY['vbseourl']) to match vB3 MAPI change.
    • VBIV-14681 - HTML is stripped from article previews
    • VBIV-14667 - Category pages do not load if using basic/advanced friendly URLs


    The upgrade process is slightly more complicated for this patch level release.


    1. Download PL1 for vBulletin 4.1.12 from https://members.vbulletin.com.
    2. Upload the patch do your server.
    3. Unzip the patch to your vBulletin 4 install directory. (Ex. /var/www/html/myforum)
    4. Run ./install/upgrade.php. (Required for 4.1.12.)
    5. Download the "API-Log-Clean.xml" attached to this thread. (Included in the do_not_upload folder for full installs.)
    6. Import "API-Log-Clean.xml" using the "Manage Products" interface in the "Plugins & Products" section of your Admin CP. The cleanup script will run on install. AdminCP -> Plugins & Products -> Manage Products -> Add/Import Product
    7. Delete "API-Log-Clean" using the "Product Manager" option in the "Plugins & Products" section of your Admin CP. (Optional. The product is automatically disabled after the script runs.)


    Advanced Users - Files updated in the patch are:

    • /api.php
    • /forumrunner/push.php
    • /includes/class_friendly_url.php
    • /includes/init.php
    • /install/vbulletin-mobile-style-blog.xml
    • /install/vbulletin-mobile-style.xml
    • /packages/vbcms/content/phpeval.php
    • /packages/vbcms/content/staticpage.php
    • /packages/vbcms/item/content/article.php
    • /packages/vbcms/item/content/phpeval.php
    • /packages/vbcms/search/result/staticpage.php

    Please note that this issue and fix affects BOTH vBulletin 4 SUITE and FORUM.

    Discuss the security patch - HERE
    Discuss vBulletin 4.1.12 - HERE
    Attached Files

    Continue reading...
     
    Last edited by a moderator: Jan 6, 2014
  4. Brandon

    Brandon Regular Member

    Joined:
    Jun 1, 2009
    Messages:
    6,602
    Likes Received:
    1,706
    Location:
    Topeka, Kansas
    First Name:
    Brandon
    3 release threads for one update..
    come on vbulletin.. don't go the IPB route just because you want more content out there..

    also looking over the thread talking about all the "patches" I found this particularly amusing.

    A user noticed that after the upgrade that their "managed google adsense" ads weren't showing anymore..
    Now I've never been a fan of this system to begin with but this just puts it over the top.

    The suggest from staff was to hard code their pub-ID.. :ROFL:O.o

    but I guess the patch has been patched again
    also users never needed to run an upgrade script for a patch.. apparently that's the norm now
     
    Dan Hutter likes this.

Share This Page