Host Factory
New Member
it was mention in another thread (i think, a few month ago), is FWS upgrading to VB 3.7
A recently-discovered CSRF (cross-site request forgery) vulnerability in vBulletin has required the release of a new version of vBulletin. vBulletin 3.6.10 contains various bug fixes back-ported from vBulletin 3.7.0 but most importantly, includes the fix for the CSRF problem.
The vulnerability potentially allows an administrator to be lured to a third party site that could submit a form on their behalf and without their knowledge, with the potential to damage the forum of which the targeted person is an administrator. Actions performed within the Admin Control Panel are NOT vulnerable to this attack vector and are unaffected by the CSRF vulnerability.
We recommend that all customers running versions of vBulletin older than 3.6.10 upgrade as soon as possible. Those running pre-release versions of vBulletin 3.7.0 should upgrade to the newly-released 3.7.0 Release Candidate 4, which also contains the security fix.
If you guys don't want to upgrade to 3.7, why not upgrade to 3.6.8 -- BUG fixes after all.
It isn't as easy as a five minute upgrade when you have 80,000 members and almost a million posts.