Recent Topics

A deadly vulnerability on the latest product

Started by on Nov 21, 2012 – Contents updated: Nov 25, 2012

Nov 21, 2012 07:47    

Hi,

I tried to send private meesages to your developers, I could never succeed after trying more than one hour. I have to open a new topics. It is a very serious security bug for your product. You could contact me for more information about this bug.

Daniel

Nov 21, 2012 08:07

Sorry, I attempted to send you a message from the forum and it didn't work. I will send a messge through the link that you provide.

Daniel

Nov 21, 2012 09:15

Ok. Got the message. Working on a fix...

Nov 22, 2012 15:24

We have a fix but we found additional similar vulnerabilities. We are working on a global fix now.

Nov 26, 2012 15:24

Is that bug too critical ? I mean i am gonna upgrade to v5 already when itÂ’s out.Should i absolutely upgrade to 4.1.6 ? I dont wanna go through two upgrades in one week

i am currently on 4.1.3 , does this bug exist in 4.1.3 too ?

Nov 26, 2012 18:54

The bug was in all versions back to 2.x or 3.x.

I will never recommend to *not* apply a security patch. (Quick install with only changed files is available on download page)

The plan is to release v5-alpha on Thursday. It is an alpha version. I will never recommend to run an alpha on a production site unless you are ready to make super quick fixes to the code overnight.

So my official recommendation is: install 4.1.6 asap and do extensive testing on v5 before upgrading to v5-alpha.

Nov 26, 2012 19:05

i see but i guess i'll skip that 4.1.6 and upgrade to v5 alpha (well it has hold for 4 years like that, whatever the vuln. is, it can wait 4 days i think.)

Upgr. to v5 alpha might seem a little crazy, but i just have a lot in mind, and all depends on v5, so it'll worth the risk i think.Besides, any b2 alpha release is more stable any day than beta releases of other softwares.Of course i will make a test run before actually upgrading, and if all goes well, hopefully i'll be running v5 the day it comes out (:

I'll make a good lab rat though (: since my unique hits recently got over 10k per day.


Form is loading...

CMS + email marketing – This forum is powered by b2evolution CMS, a complete engine for your website.