When running a forum it is crucial to keep it up to date with latest releases. I see version 3.7.3 is used here while the latest is 3.7.3 PL1, released on sep 4 to correct a security flaw. It might be though the PL1 part just isn't shown in the footer. I have no experience with vBulletin but as a programmer and familar with other (similar) PHP type forum it appear to be practice to either show the correct version numbers or totally hide it to discourage hackers.
If not the latest version is used here I strongly urge the Avalon team to upgrade the forum software, especially as this upgrade appear to be just a simple copy operation.
From the vBulletin site:
Quote:
vBulletin 3.7.3 PL1 and 3.6.11 PL1 Released
vBulletin 3.7.3 PL1 / vBulletin 3.6.11 PL1
A report was published recently pointing to potential flaws within the random number generator in PHP applications who use a weak seed and then go on to disclose any of the random numbers generated. This flaw could allow random numbers within vBulletin to be predicted and under the correct circumstances allow an attacker to obtain access to a user's account. To resolve this issue, it is necessary to release patch level versions of vBulletin 3.7.3 and 3.6.11.
|
[EDIT] I sent a PM to Bill about this