Announcement

Collapse
No announcement yet.

New security patch required?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Upload the files from the 4.2.2 Patch into your modcp directory and you should be patched. Providing patches for all versions of vBulletin 4.X in the past is actually the aberrant behavior. Our official policy is to release patches for the latest version in branches that are not actively being developed. Since your license allows access to this version, you should consider upgrading as that will provide you with the most stable and secure copy of vBulletin available.
    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud demonstration site.
    vBulletin 5 API - Full / Mobile
    Vote for your favorite feature requests and the bugs you want to see fixed.

    Comment


    • #17
      Originally posted by Wayne Luke View Post
      Upload the files from the 4.2.2 Patch into your modcp directory and you should be patched.
      Ok I was reluctant to do that since there may have been changes after 4.1.10pl3 but prior to (this) 4.2.2pl4, nonetheless though I'll have a look at the diffs for those modcp files modified in the latest patch - can you confirm that it was only files in the modcp directory that were modified to address this current security issue?

      Providing patches for all versions of vBulletin 4.X in the past is actually the aberrant behavior. Our official policy is to release patches for the latest version in branches that are not actively being developed. Since your license allows access to this version, you should consider upgrading as that will provide you with the most stable and secure copy of vBulletin available.
      Well yes I can appreciate that it's hard to maintain patch support for every minor version, my point was that in the past you appeared to have done that as a matter of course / general policy though, so I was just wondering when that changed.

      Our issue, like a lot of others, is that we have heavily modified installations and it's nigh on impossible to upgrade without there being considerable problems along the way (templates are the main issue and modifying them entails manually editing hundreds of files, using the diff facilities built into the template editor unfortunately doesn't work well for our install). This is why we were always happy to just use the patch level updates to update only the affected files whenever security releases were announced in the past - it saved us having to do a full upgrade and deal with the update of hundreds of templates files. The lack of a patch level update for this release was sadly missed.

      Many thanks for your help though, I will attempt to patch it manually or just copy the modcp files over if it turns out nothing else has changed in there other than for the security update.

      Comment


      • #18
        Originally posted by munkfish View Post
        can you confirm that it was only files in the modcp directory that were modified to address this current security issue?
        Yes, yesterdays csrf patch modified only the global.php file in modcp.

        Baby, I was born this way

        Comment

        widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
        Working...
        X