vBulletin 3.5.2
vBulletin 3.5.2 is primarily a standard bug-fix/maintenance release for the vBulletin 3.5 series. However, this release includes fixes for two potential XSS (cross site scripting) security issues. If you do not upgrade, it is
very important to at least patch your board. Please see the end of this post for patch instructions.
Note: one of the two XSS issues stems from a minor PHP bug. It will be fixed in PHP versions 4.4.2 and 5.1.2. If you are currently running vBulletin 3.0.x, please see the
3.0.11 announcement.
Installing or Upgrading vBulletin
Please see the appropriate manual sections:
Installing vBulletin and
Upgrading vBulletin.
Note that the process is the same as it was in the 3.0.x series. However you must redo your
config.php if you are upgrading from 3.0.x!
Bug Reports
You may report bugs by clicking
here. Before reporting a bug, please attempt to recreate the bug on a default, uncustomized style (especially if your errors are JavaScript related). Additionally, if you have used the plugins/products system at all, please attempt to recreate the issue with the plugins system disabled!
Patching Instructions
To patch your vBulletin 3.5.0 or 3.5.1 installation, download the zip file attached to this announcement. When you extract this zip, you will find an
includes directory that contains two files. Using FTP, connect to the server hosting your vBulletin and browse to the
includes directory of your installation. Upload the two files found in the patch into this directory -- if you have done this correctly, they will overwrite existing files. Your board is now secure.