The discovery of a serious security vulnerability in versions of vBulletin 3 up to and including 3.0.4 has necessitated the immediate release of a version to plug the hole.

The vulnerability affects anyone running vBulletin 3 on PHP 4 with register_globals enabled in php.ini.

This is a CRITICAL update, and urge all affected customers to upgrade vBulletin with the utmost urgency.

vBulletin 3.0.5 includes all the updates recently released as part of vBulletin 3.0.4, including a long list of fixes for minor annoyances and bugs found since version 3.0.3.

If you are unable to upgrade immediately, we recommend that you download the init.php file attached to this message and overwrite the init.php in the includes folder of your existing vBulletin installation. This will patch the flaw. Note that this version supercedes the init.php patch available with the 3.0.4 release.