This announcement details the required steps to perform this security update to your IPB 2.1.4 or IPB 2.0.4 installation. If you have yet to upgrade to IPB 2.1.4 or IPB 2.0.4, do so before running this security update.

If you have downloaded IPB 2.1.4 or IPB 2.0.4 AFTER 11:15am GMT (6:15am EST) then you can disregard this notice as the main download zip has been updated.

It has come to our attention that a potential SQL exploit exists in all versions of IPB 2.x.x which can allow malicious SQL queries to be executed by forcing code into cookies. We received this report this morning and have closed this vulnerability, updated the main ZIP and released this patch.

Downloading the IPB 2.1.4 (01-05-06) Patch

Please make sure you're logged in to your client center. Once logged in, please visit this download page and download the patch.

Downloading the IPB 2.0.4 (01-05-06) Patch

Please make sure you're logged in to your client center. Once logged in, please visit this download page and download the patch.

Once the patch is downloaded to your harddrive, unzip and upload the patched files over the ones on your webserver. The directory structure has been preserved for your convenience.

There is no need to run the IPB upgrade system and no langauge or template files have been modified for this update.

This attached DIFF report will help you manually modify your files to complete this update.