• Register
    • Help

    striker  0 Items
    Currently Supporting
    • Home
    • News
      • VaultWiki News
      • Visit the Wiki
    • Forum
    • Wiki
    • Support
    • What's New?
    • Buy Now
    • Manual
    • 
    • Home
    • VaultWiki Security Update: July 2021

    1. Welcome to VaultWiki.org, home of the wiki add-on for vBulletin and XenForo!

      VaultWiki allows your existing forum users to collaborate on creating and managing a site's content pages. VaultWiki is a fully-featured and fully-supported wiki solution for vBulletin and XenForo.

      The VaultWiki Team encourages you to join our community of forum administrators and check out VaultWiki for yourself.

    • VaultWiki Security Update: July 2021

      by
      pegasus
      • View Profile
      • View Forum Posts
      • View Blog Entries
      • Visit Homepage
      • View Articles
      Published on July 25, 2021 3:00 AM
      0 Comments Comments
      As of July 25, security patches for July 2021 are now available.

      Issue List

      VWE-2021-6131 is a Subscription Management issue, where the wrong user may receive a notification when a moderator takes action against a user's wiki content. The issue affects all versions of the VaultWiki 4.x series.

      VWE-2021-6136 is a Data Loss issue, where when renaming content, a user can unintentionally change all synonyms attached to that content into double redirects. The issue affects VaultWiki 4.0.16 and higher.

      VWE-2021-6139 is a Permissions Escalation issue, where when renaming content, the rename is completed without a valid synonym, even if the user does not have permission to rename without generating a synonym. The issue affects VaultWiki 4.0.16 and higher.

      VWE-2021-6145 is a Permissions Escalation issue, by which a user who can move content to another area can also send it to the approval queue, even though the user does not have permission to moderate content. The issue affects VaultWiki 4.1.0 RC 2 and higher.

      VWE-2021-6148 is a Data Loss issue, where deferred tasks containing a reference to triggering content can fail to queue due to custom field assignments or unencoded IP data, resulting in data denormalization, orphaned content, and other effects. The issue affects VaultWiki 4.1.0 RC 2 and higher.

      Patches

      The following patches address the aforementioned issues:
      • 4.1.2 Patch Level 1
      • 4.1.1 Patch Level 6
      • 4.1.0 Patch Level 8


      Notes

      We strongly recommend that all users running VaultWiki in a production environment update to a patched release.
    • Contact Us
    • License Agreement
    • Privacy
    • Terms
    • Top
    All times are GMT -4. The time now is 1:04 PM.
    This site uses cookies to help personalize content, to tailor your experience, and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Learn more… Accept Remind me later
  • striker
    Powered by vBulletin® Version 4.2.5 Beta 2
    Copyright © 2025 vBulletin Solutions Inc. All rights reserved.
    Search Engine Optimisation provided by DragonByte SEO (Pro) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
    Copyright © 2008 - 2024 VaultWiki Team, Cracked Egg Studios, LLC.