Security Patch released for VB 4.2.2, 4.2.3, and 4.2.4 Beta 1 replaced by Beta 2

[BirdOPrey5]

Official Announcement- http://www.vbulletin.com/forum/foru...ts_aa/4345175-security-update-for-vbulletin-4

People running versions older than 4.2.2 should upgrade to VB 4.2.4 Beta 2 as soon as possible.

If upgrade is not possible, and you are not using ForumRunner, then delete your /forumrunner/ directory, the affected files are all in that directory, but ideally you would upgrade for this, and other security fixes.

The issue was reported by a customer and the patch released the next day.

I do not know if/when this will get pushed to the Admin CP or emailed out, from what I hear it is not confirmed much or any damage could really be done but it warranted a patch.

 

[ozzy47]

Same thing, https://theadminzone.com/threads/security-update-for-vbulletin-4.140769/ ?

 

[BirdOPrey5]

Same thing, https://theadminzone.com/threads/security-update-for-vbulletin-4.140769/ ?

Frankly, that's a useless place for it. It's vBulletin related it should be in this forum. As a VB user the only 2 forums I visit on this site are this one and chitchat on occasion, I would never see anything in industry announcements and by the lack of any responses in 20 hours, I suspect I'm not alone in my browsing habits.

 

[ozzy47]

Frankly, that's a useless place for it. It's vBulletin related it should be in this forum. As a VB user the only 2 forums I visit on this site are this one and chitchat on occasion, I would never see anything in industry announcements and by the lack of any responses in 20 hours, I suspect I'm not alone in my browsing habits.

You need to address that with The Sandman why he has the industry announcements set up that way.

 

[Danielx64]

You need to address that with The Sandman why he has the industry announcements set up that way.

The feedback forum may be a better place to ask, then everyone would know the reasons behind this.

 

[BirdOPrey5]

Suggestion made- https://theadminzone.com/threads/po...nts-in-the-subforum-for-that-software.140773/

 

[insaneadmin]

If you don't use forumrunner then the directory is safe to just delete and not be vulnerable to this? The patch includes a number of files outside that directory which is why I am asking.

 

[BirdOPrey5]

The only file outside the directory is to update the version file on 4.2.3 where it's the the first patch.

On 4.2.2 where it's the fifth patch it includes all the files from all previous patches, as is usual, so if you're on 4.2.2 Patch 4, yes you can delete the /forumrunner/ directory instead and disable the Forum Runner product in Product Manager.

 

[BirdOPrey5]

FYI - Received a Security eBulletin email last night notifying about the patch. If you don't get an email in the next day or two make sure your correct email is on your account and check your spambox if you are interested.