vBulletin 3.6.3 was released today

vBulletin 3.6.3

An undocumented behaviour in all Windows versions of Internet Explorer has rendered vBulletin vulnerable to a potential cross-site scripting flaw (XSS). Therefore, we have decided to put out a preventative security release in order to work-around the Internet Explorer problem before it is exploited.

3.6.3 also includes fixes for approximately 50 bugs that were discovered in 3.6.2. For this reason, we recommend all customers upgrade to 3.6.3 as soon as possible. If this is not possible and you are currently running 3.6.2, you may use the patch method discussed here.

Updating your vBulletin to combat the XSS flaw:

Please note that this issue is present in other versions of vBulletin as well. Please see the appropriate announcement!

You have two options to fix the XSS issue:
  1. Full Upgrade: The best way to fix the problem is to perform a full upgrade, downloading the complete 3.6.3 package from the vBulletin Members' Area and following the regular upgrade instructions.
  2. Patch: A second option is to download the patch files discussed in this thread and upload them to your web server, overwriting the existing files. The patch is available in the Members' Area patch page or later in this post!

Read more....