vBulletin 3.6.8 PL1 Released

[Floren]

A new patched version of vBulletin software was released, again, due to lack of proper testing before releasing the original version. To quickly fix the security flaw present into original 3.8.6 release, simply search and delete the database_ingo phrase.

I would recommend all our customers to wait at least one month before they upgrade to future vBulletin versions. In this way, security reports can surface and they can protect their forum privacy. Our customer, Stuart Wright from AVForums, reported to BBC the recent and flagrant security flaw present in version 3.8.6 that allowed any novice hacker to access to sensitive data. ZDNet published also a story, about the same subject.

Personally, I only checked the search code and it is compatible with Searchlight. Although I don't recommend it, you can follow the standard vBulletin upgrade procedure. Searchlight will operate as expected, with no modifications required to files or templates.

As usual, if you have any questions or concerns, post them into discussion forum or ticketing system.