This post outlines the steps required to update your IPB 2.1.x or IPB 2.1.x for this security update.
If you've downloaded IPB 2.1.6 since the time of this post, there is no need to update your installation as the main download has been updated.
It has come to our attention that changes in how regular expressions are executed in PHP 5 versus PHP 4 leave Invision Power Board 2.1.x vulnerable via injecting HTML into a post via hexidecimal HTML entities.
This security update has a full version number of: 21012.60619.s.
Please read our KB article on how to locate your full version number.
Invision Power Board 2.1.6 Update Package (21012.60516 to 21012.60619)
If you are running a version previous to 2.1.6, please update to 2.1.6 by downloading the main download zip.
Once you've performed the update, visit your ACP and click the link under the "Security Update Available" link to reset the image check.
Download Now
No replies to this topic
