JELSOFT SECURITY BULLETIN
http://www.vbulletin.com/
November 24th, 2006
* New vBulletin Versions Released
* Your License Information
* Contact Us
-------------- NEW VBULLETIN VERSIONS RELEASED -----------
The discovery of a potential cross-site scripting (XSS) issue in the administrators control panel has necessitated the preventative release of new versions of vBulletin for the 3.6, 3.5 and 3.0 series.
Due to several mitigating factors, this issue is hard to exploit and careful browsing by administrators can prevent it entirely. Nonetheless, we strongly recommend that all of our customers upgrade or apply patches as soon as possible.
We have posted instructions on the vBulletin.com announcements forum detailing procedures to upgrade or patch each affected version. Please follow the relevant links below.
Note: While we have supplied patches and updates for all affected vBulletin versions, we do recommend that all customers upgrade to 3.6.4, as this is our latest stable release.
Upgrade information and patch for 3.6.* series
http://www.vbulletin.com/go/364
Upgrade information and patch for 3.5.* series
http://www.vbulletin.com/go/357
Upgrade information and patch for 3.0.* series
http://www.vbulletin.com/go/3017
If you absolutely cannot apply the patch or upgrade...
We strongly recommend you actively take steps to address this issue. However, if this is not possible, we recommend that administrators only log into the control panel when work is necessary. While you are logged into the control panel, do not click unknown links. Log out from the control panel using the link in the upper right of the screen immediately after finishing your work. If you are unexpectedly presented with the control panel login screen after clicking a link, do not login.
---------------- YOUR LICENSE INFORMATION ----------------
You can use this information to log into the members' area to download vBulletin, ImpEx and other vBulletin-related support materials:
Your Customer Number: 88588888888a
If you have misplaced your customer password, you can request that it be re-sent to your registered email address using the following form:
http://www.vbulletin.com/go/lostpw
The members' area is located here:
http://members.vbulletin.com/
-------------------- CONTACT US --------------------------
Please do not respond to this email directly. We will not receive your response. Please use the links below.
Got a vBulletin technical query? Contact support:
http://www.vbulletin.com/go/techsupport
For all other queries, please visit this page:
http://www.vbulletin.com/go/contact
----------------------------------------------------------
This periodic email newsletter is delivered to all current vBulletin customers, and contains information about new software versions and Jelsoft.com / vBulletin.com web site features and content. If you have any questions or comments about this mailing, please contact us via the links above.
This email sent to: admin@......com
Copyright ©2000-2006, Jelsoft Enterprises Limited