ข่าว vBulletin 5.6.0-5.6.1-5.6.2 Security Patch

A security issue has been reported to the vBulletin team. To fix this issue, we have created a new security patch.

You can download the patch for your version in the Member's Area

We have made patches available for the following versions of vBulletin Connect:

  • 5.6.2
  • 5.6.1
  • 5.6.0

Installing the Patch​

  1. Download the appropriate files for your version of vBulletin 5.6.X
  2. Upload all files found within the zip file. Make sure to overwrite the existing files on your server.

Older Versions​

All older versions should be considered vulnerable. Sites running older versions of vBulletin need to be upgraded to vBulletin 5.6.2 as soon as possible. For more information on upgrading please see Quick Overview: Upgrading vBulletin Connect in the support forums.

vBulletin Cloud​

vBulletin Cloud sites are not affected by this issue.


Q: I am using the 5.6.3 Beta is there a patch?

A: No. This is pre-release software and should not be used on a production site. In order to secure your site follow the steps below:
  1. Put the site into debug mode.
  2. Log into the AdminCP.
  3. Go to Styles -> Style Manager.
  4. Open the template list for the MASTER style.
  5. Scroll to the bottom where it says Module Templates.
  6. Highlight the widget_php module.
  7. Click the Revert Button.
  8. This will completely delete the template from your site and make the PHP Module inoperative.
The next build of 5.6.3 will contain the patch.

Q: My PHP Modules no longer work. Is this to be expected?

A: Yes. This security patch disables the PHP Module. This module will be removed from the software completely in 5.6.4.

Q: How do I include custom PHP on my pages?

A: Please read this article: https://forum.vbulletin.com/articles...php-in-modules

 


ด้านบน