No announcement yet.

Security Patch Release 3.8.6 PL1

  • Filter
  • Time
  • Show
Clear All
new posts

  • Steve Machol
    Verifying the Patch is Applied

    The patch removes a phrase named: database_ingo

    To verify this patch has been applied, search the phrases to see if that still exists:

    Admin CP -> Language & Phrases -> Search in Phrases -> Search for Text: database_ingo -> Phrase Variable Name Only (checked) -> Find

    If the phrase is not found, the patch was applied. If you do find this phrase, then you can delete it with this query:

    DELETE FROM " . TABLE_PREFIX . "phrase WHERE varname = 'database_ingo'

    Note: Either remove the " . TABLE_PREFIX . " or replace it with your database prefix as needed.

    After patching your site, you should change your MySQL password through the options your hosting provider gives.
    Last edited by Wayne Luke; Fri 30 Jul '10, 8:05am.

    Leave a comment:

  • Steve Machol
    started a topic Security Patch Release 3.8.6 PL1

    Security Patch Release 3.8.6 PL1

    It has come to our attention that 3.8.6 contains a security exploit related to the FAQ. If you have already installed vB 3.8.6, then follow these instructions in order to fix this:

    1. First, download the 3.8.6 PL1 patch here:

    2. Delete the existing vbulletin-language.xml file from your 'install' directory. Then upload the new one to that directory. Make sure you upload this in ASCII format.

    3. Next upload the two files in that patch:


    4. Go into your Admin CP and run this:

    Admin CP -> Languages & Phrases -> Download/Upload Languages -> Import Language XML File

    Then leave the settings as they are and click on Import.

    Also please note that if you have not upgraded to 3.8.6 yet, the download has already been patched.
    Last edited by IB Adrian; Wed 21 Jul '10, 10:29am. Reason: typo

Related Topics