vBulletin have just released a PL (Patch Level)! They recommend VB users update. JELSOFT SECURITY BULLETIN http://www.vbulletin.com/ 9th June 2008 * vBulletin 3.7.1 PL1 and 3.6.10 PL1 Released * PHP and MySQL Recommendations * Your License Information * Contact Us ------- VBULLETIN 3.7.1 PL1 and 3.6.10 PL1 RELEASED -------------------- The recent discovery of an obscure method in which to expose a cross-site scripting (XSS) error in vBulletin when using specific browser software means that it is necessary to release Patch Level (PL) versions of both 3.7.1 and 3.6.10. Although it is difficult to exploit the XSS flaw, and the potential for exposure and damage is limited, we nonetheless recommend that customers upgrade to protect themselves. Full details of the release can be found in the vBulletin 3.7.1 PL1 / 3.6.10 PL1 release announcement thread: http://www.vbulletin.com/go/370pl1 ------- PHP AND MySQL RECOMMENDATIONS ---------------- vBulletin 3.6.10 requires at least PHP 4.3.3 and MySQL 4.0.16 to function, but we strongly recommend that customers run PHP 5.2.5 with APC (or a similar opcode cache) and MySQL 5.0.51 or newer versions for the best possible performance and stability. Hope this helps some people! Regards.
One thing for sure about jelsoft / Vbulletin, they stay on top of the security problems. All software is going to have security issues, its how the company handles those issues is what is important. I bought my first Vbulletin license 14 months ago, and another one 4 months ago. Ever since I first started using Vbulletin I have been impressed with their quality and support. When I got my security notice email this morning, I posted in my forums that the site will be closed this evening to install the updates.
Yeah i agree... They are helpful and seem to keep on top of things! I have two owned licences Very helpful to have! The only problems I have had with VB is they seem a little sticky when you move your license to a different account etc! Did this help anyone in remembering to update? Regards