We are fixing the message sending asap.

This message form works: http://b2evolution.net/contact/?recipient_id=1

Sorry, I attempted to send you a message from the forum and it didn't work. I will send a messge through the link that you provide.

Daniel

Ok. Got the message. Working on a fix...

We have a fix but we found additional similar vulnerabilities. We are working on a global fix now.

We released a fix yesterday: http://b2evolution.net/news/2012/11/23/b2evolution-4-1-6-stable

Is that bug too critical ? I mean i am gonna upgrade to v5 already when it’s out.Should i absolutely upgrade to 4.1.6 ? I dont wanna go through two upgrades in one week

i am currently on 4.1.3 , does this bug exist in 4.1.3 too ?

The bug was in all versions back to 2.x or 3.x.

I will never recommend to *not* apply a security patch. (Quick install with only changed files is available on download page)

The plan is to release v5-alpha on Thursday. It is an alpha version. I will never recommend to run an alpha on a production site unless you are ready to make super quick fixes to the code overnight.

So my official recommendation is: install 4.1.6 asap and do extensive testing on v5 before upgrading to v5-alpha.

i see but i guess i'll skip that 4.1.6 and upgrade to v5 alpha (well it has hold for 4 years like that, whatever the vuln. is, it can wait 4 days i think.)

Upgr. to v5 alpha might seem a little crazy, but i just have a lot in mind, and all depends on v5, so it'll worth the risk i think.Besides, any b2 alpha release is more stable any day than beta releases of other softwares.Of course i will make a test run before actually upgrading, and if all goes well, hopefully i'll be running v5 the day it comes out (:

I'll make a good lab rat though (: since my unique hits recently got over 10k per day.