[Michael]

vBulletin 3.0.11

vBulletin 3.0.11 has been brought about due to a recently discovered XSS (cross site scripting) security issue. This issue is very hard to exploit, but we'd rather have the issue fixed. If you cannot upgrade, it is strongly recommended that you patch your installation.

Please see the end of this post for patching instructions. The issue stems from a minor PHP bug, so upgrading PHP to version 4.4.2 or 5.1.2 (once either is released) will also fix the issue.

If you are currently running vBulletin 3.5.x, please see the 3.5.2 announcement.

Installing or Upgrading vBulletin

Please see the appropriate manual sections: Installing vBulletin and Upgrading vBulletin.

Bug Reports

You may report bugs by clicking here. Before reporting a bug, please attempt to recreate the bug on a default, uncustomized style (especially if your errors are JavaScript related). Please note that as 3.5.x is our primary release, minor bugs will generally only be fixed for that version.

Patching Instructions

To patch your vBulletin 3.0.3 - 3.0.9 installation, download the zip file attached to this announcement. When you extract this zip, you will find an includes directory containing one file. Using FTP, connect to the server hosting your vBulletin and browse to the includes directory of your installation. Upload the file found in the patch into this directory -- if you have done this correctly, this will overwrite an existing file. Your board is now secure.