Announcement

Collapse
No announcement yet.

Manual Security Patch Instructions for VB 4.x.x

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Originally posted by kandhro View Post
    Hello Mark B
    can u plz let me know where are the manual instructions for vb 4.2.0

    regards
    This thread is the manual instructions for VB 4.2.0. They are the same instructions for ALL of VB 4.x.x, the code has not changed in years.

    Comment


    • #17
      Originally posted by MK_1 View Post
      So you tell me that the diff file is not the latest version? Diff file and Joe's post are 90% similar, just this one step.
      The diff files will work on ALL vBulletin 4.x versions. The diff files were provided because actual patches were not being released for older VB 4.x versions.

      Comment


      • MK_1
        MK_1 commented
        Editing a comment
        I fully agree with you, but your manual security path instructions are for ALL vB 4.x versions, too?

        So I can't understand why the diff file has an additional step and is not similar to your steps.

    • #18
      Originally posted by Mark.B View Post

      If you are running 4.2.0 you will need to go through the manual instructions.
      Ok, i passed all instructions above and re-write files. What changes in forum working process now should I notice?

      Comment


      • #19
        Originally posted by _Avalon_ View Post

        Ok, i passed all instructions above and re-write files. What changes in forum working process now should I notice?
        Nothing, as it is just a patch.
        MARK.B | vBULLETIN SUPPORT

        TalkNewsUK - My vBulletin 5.6.3 Demo
        AdminAmmo - My Cloud Demo

        Comment


        • #20
          for manual patching
          do i have to upload patch files downloaded from mebers area + manually edit files or just manual editing is all what i have to do in this patch ?

          and thanks for the good support Mark B

          Comment


          • #21
            very easy instructions - took no more than 5 minutes. I shake my head at some guys who are confused about how to do this.
            Digital-Forums: www.digital-forums.com | CK3 Games: www.ck3.co.uk

            Comment


            • #22
              Originally posted by kandhro View Post
              for manual patching
              do i have to upload patch files downloaded from mebers area + manually edit files or just manual editing is all what i have to do in this patch ?

              and thanks for the good support Mark B
              If you patch with the manual instructions that's all you need to do.
              It's either upload the patch files or manually edit the existing files.
              MARK.B | vBULLETIN SUPPORT

              TalkNewsUK - My vBulletin 5.6.3 Demo
              AdminAmmo - My Cloud Demo

              Comment


              • #23
                I understand this marks a change in how people are used to getting patches for 4.x because we only supplied an actual patch for VB 4.2.2. However this is not the thread for complaints. Any post that is not a valid request for support or feedback on actually applying the above changes will be deleted. Anyone posting off topic past this point will get infractions. Please use the Licensed Customer Feedback forum to provide feedback on the exploit/patches/bug fixes in general. This topic is for support of people trying to secure their sites.

                Comment


                • #24
                  Updated from 4.1. to 4.2.2, and after that was done applied PL1.

                  ACP does not show that I'm running PL1, and the new files are showing up as 'file does not contain expected contents'. I have verified all files in PL1 are uploaded.

                  Just want to make sure I'm good.

                  EDIT; I see at the very bottom of the screen the "powered by" 4.2.2 pl1, so I'm guessing I'm good. Was too busy looking at the top that I missed the bottom.
                  Last edited by Pony; Fri 14 Mar '14, 9:25pm. Reason: further investigation

                  Comment


                  • #25
                    So just to be clear, if I'm on 4.2.0 PL3, I need to follow the manual instructions in the OP to upgrade to 4.2.2 PL1 and can't just copy the pre-patched files to bring my 4.2.0 up to 4.2.2?

                    Thanks in advance.

                    Comment


                    • #26
                      Originally posted by Pony View Post
                      Updated from 4.1. to 4.2.2, and after that was done applied PL1.

                      ACP does not show that I'm running PL1, and the new files are showing up as 'file does not contain expected contents'. I have verified all files in PL1 are uploaded.

                      Just want to make sure I'm good.

                      EDIT; I see at the very bottom of the screen the "powered by" 4.2.2 pl1, so I'm guessing I'm good. Was too busy looking at the top that I missed the bottom.
                      If you decided to upgrade to 4.2.2 and you download 4.2.2 from the Member's Area after the patch was released on Thursday, then the patch is automatically applied to the 4.2.2 files you downloaded.

                      Anyone choosing to upgrade to 4.2.2 at this point who download a fresh copy of 4.2.2 does not have to apply the patch, it is already included in 4.2.2 at this point.

                      Comment


                      • #27
                        Originally posted by supergaijin View Post
                        So just to be clear, if I'm on 4.2.0 PL3, I need to follow the manual instructions in the OP to upgrade to 4.2.2 PL1 and can't just copy the pre-patched files to bring my 4.2.0 up to 4.2.2?

                        Thanks in advance.
                        Hello, if you are on 4.2.0 you have two choices at this point-

                        1) You download 4.2.2 PL1 (the full version) from the Member's Area and upgrade to 4.2.2. Then you are good.

                        2) You follow the instructions in Post #1 to manually patch your existing 4.2.0 install, then you are also safe from this latest exploit.

                        You choose 1 OR 2, not both.

                        Comment


                        • #28
                          Originally posted by Joe D. View Post

                          Hello, if you are on 4.2.0 you have two choices at this point-

                          1) You download 4.2.2 PL1 (the full version) from the Member's Area and upgrade to 4.2.2. Then you are good.

                          2) You follow the instructions in Post #1 to manually patch your existing 4.2.0 install, then you are also safe from this latest exploit.

                          You choose 1 OR 2, not both.

                          So I can jump from 4.2.0 to 4.2.2 PL1 without doing the updates in-between (4.2.2 PL! is an inclusive update)? Also, I noticed some people having database errors after the update. Is this common? (Our PHP is greater than 5.2)

                          Comment


                          • #29
                            Yes you can go straight to 4.2.2, that is what JoeD said if you read the post again, database errors are rare and usually occur for a reason. Remember to do a full backup before an upgrade so you can restore your forum as it was if things do go wrong.

                            Comment


                            • #30
                              Might these two be the same?...

                              /public_html/phpbb/includes/functions.php
                              /public_html/forums/includes/functions.php

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X