پچ امنیتی برای Security patch: 3.8.7 PL1
آخرین زمان حضور: Mar 2017
فایل هارو جایگذین کنیدکد:http://www.vbulletin.org/forum/showthread.php?p=2202208#post2202208 http://www.vbulletin.org/forum/portal.php
Yahoo YUI Security Exploit
We have been notified of a potential, but unconfirmed exploit in vBulletin 3 and 4 (all versions) via the Yahoo YUI component library.
To rectify this issue we have released a patch for the latest version of vBulletin 3 and vBulletin 4, vBulletin 3.8.7 and vBulletin 4.1.3. Forthcoming vBulletin 4.1.4 will not be affected.
As such, we have released:
vBulletin Publishing Suite 4.1.3 PL1
vBulletin Forum Classic 4.1.3 PL1
vBulletin Forum Classic 3.8.7 PL1
The upgrade process is the same as previous patch level releases - simply download the patch from the Members Area, extract the files and upload to your webserver, overwriting the existing files. There is no upgrade script required.
As with all security-based releases, we recommend that all customers upgrade as soon as possible in order to prevent any potential damage resulting from the flaw being exploited.
If you are upgrading your site, or installing a new copy of our software, the latest software packages include the patch. These can be downloaded from your Members Area
To manually fix versions prior to vBulletin 4.1.3 and 3.8.7
Edit one line in class_core.php file located in /includes/class_core.php ; find the following line “define('YUI_VERSION', '2.7.0'); // define the YUI version we bundle” ; replace this line with “define('YUI_VERSION', '2.9.0'); // define the YUI version we bundle”
In AdminCP; Go to “Options” => “Server Settings and Optimization Options” ; find “Use Remote YUI” option and in the dropdown switch to a server of your choice, Google or Yahoo.