vBulletin 3.6.10 Released

[Hoxxy]

The race is on...Which will be Nulled first...3.6.10 or 3.7 RC4?...lol

From vBulletin.com

vBulletin 3.6.10

Although 3.6.9 was intended to be the final maintenance release for the 3.6.x series, the discovery of a CSRF (cross-site request forgery) vulnerability in vBulletin over the weekend has forced the release of an update to plug the hole.

The CSRF problem potentially enabled an administrator who had been lured to a third-party site to unknowingly submit forms located on the forum he or she administers, resulting in potential damage to the forum. Actions performed via the Admin Control Panel are not vulnerable.

The fix for the CSRF issue involves many files and many templates, so unfortunately it is not feasible to produce a patch or a plugin to address the problem. Only a full-scale update will work.

We recommend that customers running versions of vBulletin older than 3.6.10 upgrade as soon as possible.

Template Changes Automatically Applied

With one exception (userinfraction_view), all the template changes in this release require a revert, but they are simple to apply so the upgrade script will attempt to do this for you. The list below shows which templates will be affected by the change, and how they will be altered. Customized templates will be automatically updated, but your customized changes will be retained.


Upgrading from Previous Versions

3.6.10 is a security release and we recommend that all customers upgrade to benefit from many bug fixes and stability improvements.

Full instructions for upgrading vBulletin are available here.

PHP and MySQL Requirements

Please note that vBulletin 3.6.x requires at least PHP 4.3.3 and MySQL 4.0.16 or later.

However, we recommend that vBulletin 3.6.x is run on PHP 5.2.5 with APC (or a similar opcode cache) and MySQL 5.0.51 for best performance and stability.

End of Life for PHP 4

The PHP group has announced the end of life for PHP 4. We strongly recommend that customers update their servers to PHP 5.2.5 if they are still running PHP 4. vBulletin 3.6.10 supports PHP 5 without any problems, though you may need to disable strict mode for MySQL, see here on how to enable 'force_sql_mode'.

Note: We will continue to support PHP 4 in the vBulletin 3 series.

This is no good for me as I use 3.7.x, though I wish I never upgraded...lol, but may help for some...

 

[ungovernable]

shit, i use 3.6.8

do i have to upgrade from 3.6.8 to 3.6.9 before upgrading to 3.6.10 ???

Also i have a SH*TLOAD of templates modifications. i've been adding features and php codes inside templates since 2 years, so there is no way in hell i can afford to re-do this all. I also have like 50 plugins.... i don't re-do everything

So if i upgrade will i loose all this?

The CSRF problem potentially enabled an administrator who had been lured to a third-party site to unknowingly submit forms located on the forum he or she administers, resulting in potential damage to the forum. Actions performed via the Admin Control Panel are not vulnerable.

I'm usually not a newbie with computers, but can anyone explain me what the hell does this means? I understand absolutly nothing but it sounds serious...

does this means someone who have vbulletin on a totally different host can modify the forms on his site so when the data is sent it will modify something on my server instead of his ???

They say it doesn't affect adminCP, does that means there is no risk someone can gain admin/mod control on my website? If so, i don't give a shit about this hole, they can spam all the messages they want lol... I just want to be sure the admin CP is safe