vBulletin 2.3.5 Released
--------------------------------------------------------------------------------
vBulletin 2.3.5
vBulletin 2.3.5 is a security and bug fix release. If you are running vBulletin 2.3.4 or older, we recommend you upgrade to 2.3.5 or 3.0.0 as soon as possible; if this is not possible, you can simply use the updated memberlist.php and forumdisplay.php from this version to obtain the security fix.
vBulletin 3 is not affected by the problems fixed in this release.
The bugs fixed include:
XSS issues in memberlist.php and forumdisplay.php.
Form in modifycoppa template pointing to member.php to register.php.
Changed default value for Netscape Navigator 6 text area columns to 60.
Fixed a bug where access masks were not accounted for in forum jump on forumdisplay.php.
Quoted filenames in content-disposition headers in attachment.php and avatar.php.
Backing up forums
Please be sure to check your backups, that they are complete before continuing with an upgrade. We had reports that PHP was causing time out errors when creating the back up SQL, and this was causing for incomplete or corrupted backups. The safest way to do a backup is to use the mysqldump utility through telnet, as it will not suffer from any such problems. Full instructions for backing up your database are available in the vBulletin 3 Manual.
Installation / Upgrade Instructions
These are available in the Members Area.
Template Changes
modifycoppa - reference to member.php in form action changed to register.php
Files Changes (from 2.3.4)
Main Directory: attachment.php, avatar.php, forumdisplay.php, memberlist.php
Admin Directory: style.php
Mod Directory: none
The usuals (for version numbers): admin/global.php, admin/install.php, admin/upgrade1.php
http://www.vbulletin.com/forum/showthread.php?t=99052