No replies to this topic

[Michael]

This announcement details the required steps to perform this security update to your IPB 2.1.4 or IPB 2.0.4 installation. If you have yet to upgrade to IPB 2.1.4 or IPB 2.0.4, do so before running this security update.

If you have downloaded IPB 2.1.4 or IPB 2.0.4 AFTER 3:00pm GMT (10:00am EST) then you can disregard this notice as the main download zip has been updated.

It has come to our attention that a potential XSS attack exists in all versions of IPB 2.x.x which can allow reading of cookie data when using IE.

Downloading the IPB 2.1.4 (30-01-06) Patch

Please make sure you're logged in to your client center. Once logged in, please visit this download page and download the patch.

Downloading the IPB 2.0.4 (30-01-06) Patch

Please make sure you're logged in to your client center. Once logged in, please visit this download page and download the patch.

Once the patch is downloaded to your harddrive, unzip and upload the patched files over the ones on your webserver. The directory structure has been preserved for your convenience.

There is no need to run the IPB upgrade system and no langauge or template files have been modified for this update.

Source: Click Here