Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


WHMCS security update
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

WHMCS security update

Awmusic12635Awmusic12635 Member, Host Rep

Guess today is the day of security updates:

Just got this email:

An update for WHMCS was just released to address various security vulnerabilities and it is recommended that you update as soon as possible.

Official Link:

http://blog.whmcs.com/?t=110766

Thanked by 2miTgiB GM2015

Comments

  • So @Francisco also found a whmcs security bug? What a coincidence.

    Thanked by 1Francisco
  • GM2015 said: What a coincidence.

    What you call coincidence the world calls conspiracy. ;)

    Thanked by 2MSPNick GCat
  • I always turn to @maounique if such a thought crosses my mind for counsel and advice.

    miTgiB said: What you call coincidence the world calls conspiracy. ;)

    Thanked by 1GCat
  • smansman Member
    edited January 2016

    Thankfully this is only a patch. Full updates are a PiTA when there are a lot of template customizations.

    Thanked by 2FlamesRunner GCat
  • edited January 2016

    @sman said:
    Thankfully this is only a patch. Full updates are a PiTA when there are a lot of template customizations.

    Agree that this update was simple, and certainly a critical patch. Hopefully one day they will make their 'full' updates easier to do in the future without all the template hassle...
    One day right?...

  • smansman Member
    edited January 2016

    It has been a real ball breaker making the transition from v5 to v6...then from v6.1 to v6.2 which was full update only with all sorts of template changes. We were quite happy with what we had with v5 but they stopped supporting it so we had no choice.

    The only new thing in v6 that I would say is useful to us is automatic PayPal subscription cancellation.

  • sman said: We were so angry when we had to do a full update and re-customize all our templates all over again

    Copy your template to a custom name so updates to not effect your mods, then the README file usually details which changes are needed on each .tpl file

  • smansman Member
    edited January 2016

    @miTgiB said:
    Copy your template to a custom name so updates to not effect your mods, then the README file usually details which changes are needed on each .tpl file

    We already do that. The problem is they redid the templates going from v6.1 to v6.2. So you have to re-copy the generic template to your custom folder then go through and re-apply all your customizations. We have hundreds of them. It's not like you can just do a git merge either when the changes are significant like in the last update. Every change has to be manually checked, possibly modified, and tested against our customizations.

    Also there were bug fixes in v6.1 we had to patch ourselves. We filed bug reports for all of them. They adopted some of our fixes in v6.2 so you're welcome. Some of the fixes they adopted had their own spin on it. So by fixing their broken code ourselves it was doubly hard on us. We had to remove or re-write some of our customizations because our patch fixes were no longer compatible with their patch fixes.

    All of this is totally wasted time to us basically. Takes away from focussing on our core business. Would not have been necessary if we were still using v5.

  • ktkt Member, Host Rep
    edited January 2016

    WHMCS has started publishing template changes on Github so this makes it a lot easier.

    https://github.com/WHMCS/templates-six/commits/master

    http://docs.whmcs.com/Long_Term_Support#After_End_Of_Life
    WHMCS 5.3 was made EOL at end of October, strange to see a lot of people still using it. Good to see WHMCS still publish a patch for that as well.

  • smansman Member
    edited January 2016

    @Zeniva said:
    WHMCS has started publishing template changes on Github so this makes it a lot easier.

    https://github.com/WHMCS/templates-six/commits/master

    http://docs.whmcs.com/Long_Term_Support#After_End_Of_Life
    WHMCS 5.3 was made EOL at end of October, strange to see a lot of people still using it. Good to see WHMCS still publish a patch for that as well.

    Not strange to see a lot of people still using v5 when updating to the new version is such a PiTA. They sprung that obsolescence on people quite quickly. Probably had a lot to do with all the security holes found in v5 if you look at the changes they did.

    Thanked by 1GM2015
  • ktkt Member, Host Rep
    edited January 2016

    sman said: Not strange to see a lot of people still using v5 when updating to the new version is such a PiTA. They sprung that obsolescence on people quite quickly. Probably had a lot to do with all the security holes found in v5 if you look at the changes they did.

    I guess so, we've also seen a instance where they made a change in 6.1 but didn't document it so we had to debug ourselves as the support were none the wiser.

Sign In or Register to comment.