• Register
    • Help

    striker  0 Items
    Currently Supporting
    • Home
    • News
      • VaultWiki News
      • Visit the Wiki
    • Forum
    • Wiki
    • Support
    • What's New?
    • Buy Now
    • Manual
    • 
    • Home
    • VaultWiki Security Update: February 2021

    1. Welcome to VaultWiki.org, home of the wiki add-on for vBulletin and XenForo!

      VaultWiki allows your existing forum users to collaborate on creating and managing a site's content pages. VaultWiki is a fully-featured and fully-supported wiki solution for vBulletin and XenForo.

      The VaultWiki Team encourages you to join our community of forum administrators and check out VaultWiki for yourself.

    • VaultWiki Security Update: February 2021

      by
      pegasus
      • View Profile
      • View Forum Posts
      • View Blog Entries
      • Visit Homepage
      • View Articles
      Published on February 5, 2021 8:50 PM
      0 Comments Comments
      As of February 5, security patches for February 2021 are now available.

      Issue List

      VWE-2021-6029 is a Permissions Escalation issue, by which users can bypass a required custom field by saving a meaningless value, then subsequently editing it to be blank; the subsequent edit does not complain that the required field was left blank. The issue affects VaultWiki 4.1.0 RC 2 and higher.

      VWE-2021-6038 is a Permissions Escalation issue, where an improperly incrementing database key can cause some users to see wiki navigation links based on the permissions of another user. The issue affects VaultWiki 4.0.24 and higher.

      Patches

      The following patches address the aforementioned issues:
      • 4.1.1 Patch Level 2
      • 4.1.0 Patch Level 4
      • 4.1.0 RC 3 Patch Level 6
      • 4.1.0 RC 2 Patch Level 7


      4.0.x Retires

      This week marked the 1-year anniversary of VaultWiki 4.0.28, which was the last release in the 4.0.x series. Being more than 1 year old, it is no longer eligible for security updates. Because today's security update includes issues affecting 4.0.28, it is no longer considered safe to use and has been removed from the download menu. Consequently, there is now no public access to any 4.0.x version. If you were still waiting to upgrade to 4.1.x, that time is now.

      Notes

      We recommend that all users running VaultWiki in a production environment update to a patched release.
    • Contact Us
    • License Agreement
    • Privacy
    • Terms
    • Top
    All times are GMT -4. The time now is 2:08 PM.
    This site uses cookies to help personalize content, to tailor your experience, and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Learn more… Accept Remind me later
  • striker
    Powered by vBulletin® Version 4.2.5 Beta 2
    Copyright © 2024 vBulletin Solutions Inc. All rights reserved.
    Search Engine Optimisation provided by DragonByte SEO (Pro) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
    Copyright © 2008 - 2024 VaultWiki Team, Cracked Egg Studios, LLC.