No announcement yet.

vBulletin 5.6.9 Security Patch

  • Filter
  • Time
  • Show
Clear All
new posts

  • vBulletin 5.6.9 Security Patch

    A security issue has been reported to the vBulletin team. To fix this issue, we have created a new security patch.

    You can download the patch for your version in the Member's Area

    We have made patches available for the following versions of vBulletin Connect:

    • 5.6.9 PL1
    • 5.6.8 PL1
    • 5.6.7 PL1

    vBulletin 5.7.0 RC 2 has been made available with this patch.

    Installing the Patch

    For the best results with your vBulletin site, it is recommended to upgrade to vBulletin 5.6.9 PL1 if you are not using 5.6.9 currently.

    Using PHAR (default download)

    Due to the PHAR download, you will need to download the complete vBulletin package for your version and replace the /core/vb/vb.phar file to apply the security fix. This file will show up as a false positive in your Suspect File Diagnostics. If you replace all files from the new download, then the false positive will not occur.


    1. Download the appropriate files for your version of vBulletin 5.6.X
    2. Upload all files found within the zip file to your server. Make sure to overwrite the existing files on your server.

    Older Versions

    All older versions should be considered vulnerable. Sites running older versions of vBulletin need to be upgraded to vBulletin 5.6.9 PL1 as soon as possible. For more information on upgrading please see Quick Overview: Upgrading vBulletin Connect in the support forums.

    vBulletin Cloud

    vBulletin Cloud sites have been patched.

    Last edited by Wayne Luke; Tue 30 Aug '22, 9:26am.
    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud demonstration site.
    vBulletin 5 API

  • #2
    Due to an uncaught issue in the package build system, Patch versions were not built correctly. On download, you would have received a patch/version download that was x.x.1 version higher than requested. This issue has been corrected.

    On your site, you have several options to correct the issue.

    1. If you're not running 5.6.9 PL1, it is recommended to complete a full upgrade to this version.
    2. If you meant to download the 5.6.9 PL1 patch and received the 5.7.0 RC2 patch instead, you can replace the files with the appropriate version.
    3. If you downloaded the full package, received vBulletin 5.7.0 RC2, and ran the upgrade scripts then your best bet is to stay on 5.7.0 RC2 until the full release is made.

    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud demonstration site.
    vBulletin 5 API


    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.