Un patch de sécurité vient de sortir pour vbulletin 4.1.12 (4.1.12 pl1), disponible dans votre espace membre.
Pour ceux qui auraient déjà mis à jour leurs forum en vb 4.1.12, il vous suffit pour appliqué le patch de sécurité, d'importer les fichiers du patch de sécurité, disponible dans votre espace membre à la section "Patches/Security Patches", et le correctif sera appliqué.
Les versions de vbulletin 4.0.x > 4.1.11 ne sont pas affectées
Un ensemble de correctifs est disponible pour vb 4.1.2 et 4.1.11.
A savoir:vBulletin has released a security patch to improve the security of the vBulletin 4 MAPI for 4.1.12 Suite & Forum as the result of a recent internal security review. Although no exploits have been reported, we urge our customers to upgrade as soon as possible.
The changes do not affect vBulletin 4.0.0 - 4.1.1.
This patch has been issued for vBulletin 4.1.12. A separate set of patches have been issued for vBulletin 4.1.2 - 4.1.11.
The MAPI security improvements have been added for vBulletin 3.x with the release of 3.x MAPI 1.4.3.
To improve the security of your vBulletin 4 installation, please download the patch from the members area of vBulletin: http://members.vbulletin.com/
In addition to the security improvements, we've resolved the following 4.1.12 issues.
- VBIV-14742 - Push notifications broken in FR 4.1.12 add-on.
- VBIV-14685 - Tag in static page cause Fatal error on page with General Search widget set to return Static Pages
- VBIV-14663 - Quoting doesn't work in the mobile style
- VBIV-14660 - Static HTML in CMS always displays all content
- VBIV-14754 - unset($VB_API_PARAMS_TO_VERIFY['vbseourl']) to match vB3 MAPI change.
- VBIV-14681 - HTML is stripped from article previews
- VBIV-14667 - Category pages do not load if using basic/advanced friendly URLs
The upgrade process is slightly more complicated for this patch level release.
- Download PL1 for vBulletin 4.1.12 from https://members.vbulletin.com.
- Upload the patch do your server.
- Unzip the patch to your vBulletin 4 install directory. (Ex. /var/www/html/myforum)
- Run ./install/upgrade.php. (Required for 4.1.12.)
- Download the "API-Log-Clean.xml" attached to this thread. (Included in the do_not_upload folder for full installs.)
- Import "API-Log-Clean.xml" using the "Manage Products" interface in the "Plugins & Products" section of your Admin CP. The cleanup script will run on install. AdminCP -> Plugins & Products -> Manage Products -> Add/Import Product
- Delete "API-Log-Clean" using the "Product Manager" option in the "Plugins & Products" section of your Admin CP. (Optional. The product is automatically disabled after the script runs.)
Advanced Users - Files updated in the patch are:
Please note that this issue and fix affects BOTH vBulletin 4 SUITE and FORUM.
Discuss the security patch - HERE
Discuss vBulletin 4.1.12 - HERE
S'il vous plaît noter que si vous choisissez de patcher v4.1.12 plutôt que télécharger le package complet, vous obtiendrez un avertissement du contenu du fichier lié aux 11 fichiers patchés lorsque vous exécutez l'upgrade.
Please note that if you choose to just patch v4.1.12 rather than upload the full package then you will get a file contents warning related to the 11 patched files when you run the upgrader.Due to the following errors, the install/upgrade can not continue:
Following is a list of files that are either missing or contain unexpected contents. The most likely cause is that all of the files from this release have not been properly uploaded. You should resolve this error before continuing.
/api.php - File does not contain expected contents
/forumrunner/push.php - File does not contain expected contents
/includes/class_friendly_url.php - File does not contain expected contents
/includes/init.php - File does not contain expected contents
/install/vbulletin-mobile-style-blog.xml - File does not contain expected contents
/install/vbulletin-mobile-style.xml - File does not contain expected contents
/packages/vbcms/content/phpeval.php - File does not contain expected contents
/packages/vbcms/content/staticpage.php - File does not contain expected contents
/packages/vbcms/item/content/article.php - File does not contain expected contents
/packages/vbcms/item/content/phpeval.php - File does not contain expected contents
/packages/vbcms/search/result/staticpage.php - File does not contain expected contentsThis is expected as the new patch files will no longer match the MD5 check file that is [only] generated by a full download. You can just click on Continue.