Forum² Admin AWS Posted April 23, 2012 Forum² Admin Posted April 23, 2012 vBulletin has released a security patch to improve the security of the vBulletin 4 MAPI for 4.1.12 Suite & Forum as the result of a recent internal security review. Although no exploits have been reported, we urge our customers to upgrade as soon as possible. The changes do not affect vBulletin 4.0.0 - 4.1.1. This patch has been issued for vBulletin 4.1.12. A separate set of patches have been issued for vBulletin 4.1.2 - 4.1.11. The MAPI security improvements have been added for vBulletin 3.x with the release of 3.x MAPI 1.4.3. To improve the security of your vBulletin 4 installation, please download the patch from the members area of vBulletin: http://members.vbulletin.com/" target="_blank]http://members.vbulletin.com/ In addition to the security improvements, we've resolved the following 4.1.12 issues. [li]http://tracker.vbulletin.com/browse/VBIV-14742" target="_blank]VBIV-14742 - Push notifications broken in FR 4.1.12 add-on.[li]http://tracker.vbulletin.com/browse/VBIV-14685" target="_blank]VBIV-14685 - Tag in static page cause Fatal error on page with General Search widget set to return Static Pages[li]http://tracker.vbulletin.com/browse/VBIV-14663" target="_blank]VBIV-14663 - Quoting doesn't work in the mobile style[li]http://tracker.vbulletin.com/browse/VBIV-14660" target="_blank]VBIV-14660 - Static HTML in CMS always displays all content[li]http://tracker.vbulletin.com/browse/VBIV-14754" target="_blank]VBIV-14754 - unset($VB_API_PARAMS_TO_VERIFY['vbseourl']) to match vB3 MAPI change.[li]http://tracker.vbulletin.com/browse/VBIV-14681" target="_blank]VBIV-14681 - HTML is stripped from article previews[li]http://tracker.vbulletin.com/browse/VBIV-14667" target="_blank]VBIV-14667 - Category pages do not load if using basic/advanced friendly URLs The upgrade process requires a few additional steps for this patch level release. https://members.vbulletin.com.[li]Extract the vBulletin patch files from the zip file.[li]Upload the patch files to your server, overwriting the old files.[li] Run yourdomain.com/forumfolder/install/upgrade.php. (Required for 4.1.12.)[li] Download the "API-Log-Clean.xml" attached to this thread. (Included in the do_not_upload folder for full installs.)[li] Import "API-Log-Clean.xml" using the "Manage Products" interface in the "Plugins & Products" section of your Admin CP. The cleanup script will run on install. (This is only required if you have logging turned on for MAPI.) AdminCP -> Plugins & Products -> Manage Products -> Add/Import Product[li] Delete "API-Log-Clean" using the "Product Manager" option in the "Plugins & Products" section of your Admin CP. (Optional. The product is automatically disabled after the script runs.) Advanced Users - Files updated in the patch are: [li] /api.php[li] /forumrunner/push.php[li] /includes/class_friendly_url.php[li] /includes/init.php[li] /install/vbulletin-mobile-style-blog.xml[li] /install/vbulletin-mobile-style.xml[li] /packages/vbcms/content/phpeval.php[li] /packages/vbcms/content/staticpage.php[li] /packages/vbcms/item/content/article.php[li] /packages/vbcms/item/content/phpeval.php[li] /packages/vbcms/search/result/staticpage.php Please note that this issue and fix affects BOTH vBulletin 4 SUITE and FORUM. Discuss the security patch - https://www.vbulletin.com/forum/showthread.php/400166-Discuss-the-MAPI-security-patch-for-vBulletin-4-1-2-4-1-12-Forum-amp-Suite?p=2286633#post2286633" target="_blank]HERE Discuss vBulletin 4.1.12 - https://www.vbulletin.com/forum/showthread.php/398902-4-1-12-Feedback-amp-Discussion" target="_blank]HERE Attached Files https://www.vbulletin.com/forum/attachment.php?attachmentid=59044&d=1335223929" target="_blank]API-Log-Clean.xml (1.9 KB) View the full article Quote IPB Webmaster - For Invision Community Enthusiasts - SEO Help Forum
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.