بسم الله الرحمن الرحيم
الاخوة الكرام
السلام عليكم ورحمة الله وبركاته
صدر ترقيع للنسخ 4.x و 3.x متعلقة بمكتبة Yahoo YUI وهذا نص الخبر من الشركة
Yahoo YUI Security Exploit
We have been notified of a potential, but unconfirmed exploit in vBulletin 3 and 4 (all versions) via the Yahoo YUI component library.
To rectify this issue we have released a ***** for the latest version of vBulletin 3 and vBulletin 4, vBulletin 3.8.7 and vBulletin 4.1.3. Forthcoming vBulletin 4.1.4 will not be affected.
As such, we have released:
vBulletin Publishing Suite 4.1.3 PL1
vBulletin Forum Classic 4.1.3 PL1
vBulletin Forum Classic 3.8.7 PL1
Upgrade Process
The upgrade process is the same as previous ***** level releases - simply download the ***** from the Members Area, extract the files and upload to your webserver, overwriting the existing files. There is no upgrade script required.
As with all security-based releases, we recommend that all customers upgrade as soon as possible in order to prevent any potential damage resulting from the flaw being exploited.
New installations/upgrades
If you are upgrading your site, or installing a new copy of our software, the latest software packages include the *****. These can be downloaded from your Members Area
To manually fix versions prior to vBulletin 4.1.3 and 3.8.7
Edit one line in class_core.php file located in /includes/class_core.php ; find the following line “define('YUI_VERSION', '2.7.0'); // define the YUI version we bundle” ; replace this line with “define('YUI_VERSION', '2.9.0'); // define the YUI version we bundle”
In AdminCP; Go to “Options” => “Server Settings and Optimization Options” ; find “Use Remote YUI” option and in the dropdown switch to a server of your choice, Google or Yahoo.
موضوع: ثغرة - vBulletin Security ***** for 4.X and 3.X 
