Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


WHMCS security update
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

WHMCS security update

liviuliviu Member
edited March 2013 in General

I just stumbled across a fresh post on blog.whmcs.com: WHMCS Security Advisory for 4.x, 5.x
They say that the patch is fixing 6 security vulnerabilities

I have no idea if WHMCS sent any email update yet, I just checked my inbox and got none. Perhaps it's on its way.
update time, I guess

«13456

Comments

  • Oh, not again.
    Let's see how many times they will reissue the same patch this time, until it finally works.

  • 24khost24khost Member
    edited March 2013

    @rds100
    Remember cpanel is in charge now.

  • patch from 5.1.3 to 5.1.4 breaks the transaction log, no payments are recorded after we applied it

  • @VPSCheap_net said: patch from 5.1.3 to 5.1.4 breaks the transaction log, no payments are recorded after we applied it

    Fantastic, we just used that one as well.

  • Do tell this to WHMCS, they should fix it eventually.

  • Well I guess @rds100 is right. Still can't get it right even with Cpanel involved.

  • Why not just write safe code in the first place?

  • @superpilesos said: Why not just write safe code in the first place?

    Because it would result in less profit for the code writer i guess? ;-)

  • @24khost said: Well I guess @rds100 is right. Still can't get it right even with Cpanel involved.

    cPanel are far from perfect themselves and they aren't in charge at WHMCS, Matt still is, they just have share in the company i believe.

  • @superpilesos Problem is when they right it, it looks secure. if something changes in the php kernel then an exploit is found in a function that they were using. It happens. It happens to most if not all software companies. Apple, Microsoft, RedHat, Unbuntu. It is a fact of life with software.

  • @GetKVM_Ash It sounded like cpanel owned more than Matt does. And that Cpanel's coder's were going to help get whmcs back on track.

  • I can confirm that. Another issue is that whmcs shows "An update is available!" but there isn´t any update ready..

  • Down for Maintenance (Err 2)
    An upgrade is currently in progress... Please come back soon...
    

    Is all we get.

  • DamianDamian Member
    edited March 2013

    Fixed that. Now we're on the things that @fileMEDIA mentioned.

    @fileMEDIA: WHen you go to Help->Check for Updates, what's the version?

  • @Damian Version installed: 5.1.4 Latest Version Version: 5.1.3..I think the update function checks: lastest version != installed version and not latest version > installed version..

  • Has WHMCS fixed the transaction log issue yet?

  • @Jono20201 they probably don't even know there is a problem, until someone tells them.

  • If it's so important, they should have it as an update when the administrator logs in.

    Your Version 5.1.4
    Latest Version 5.1.3

  • @rds100 said: they probably don't even know there is a problem, until someone tells them.

    Yeah.. that someone is normally me. I sit there for the next hour uploading dbconnect files to my WHMCS install for Matt. -.-

  • @fileMEDIA: did you set up htaccess for your payment notification callbacks?

  • Ash_HawkridgeAsh_Hawkridge Member
    edited March 2013

    Anybody informed WHMCS yet or...

  • fileMEDIAfileMEDIA Member
    edited March 2013

    No, only on the admin dir, but works fine up to 5.1.3..I´ll take a few tests..

  • image 5.2.1 is the latest update, anyone else?

  • That wasn't there earlier.. Typical WHMCS. Change this and that, inform nobody.

  • WHMCS ‏@whmcs
    WHMCS v5.2 is out now! Get the latest version at https://whmcs.com/members http://blog.whmcs.com/?t=69406

    32 Minutes ago via Twitter, messy release to say the least

  • KuJoeKuJoe Member, Host Rep

    This is why I usually wait 6-10 months between updates. :)

  • The WHMCS/Solus interface seems to be perpetually down for maintenance now:

    image

  • JacobJacob Member

    Yup, I learned this when I installed a Beta version of Solus and it ended up screwing up majority of the database.

    @KuJoe said: This is why I usually wait 6-10 months between updates. :)

  • @KuJoe said: This is why I usually wait 6-10 months between updates. :)

    You'd wait 6-10 months to put a security update in?

  • vldvld Member
    edited March 2013

    I suggest you install the security update (5.1.4) even tho it may have some bugs.

    While the fixed vulnerabilities are not public, this may quickly change. As the patches are now available, someone can decode them and see the vulnerabilities while comparing to the previous, vulnerable versions.

Sign In or Register to comment.