New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
WHMCS security update
Awmusic12635
Member, Host Rep
in General
Guess today is the day of security updates:
Just got this email:
An update for WHMCS was just released to address various security vulnerabilities and it is recommended that you update as soon as possible.
Official Link:
Comments
So @Francisco also found a whmcs security bug? What a coincidence.
What you call coincidence the world calls conspiracy.
I always turn to @maounique if such a thought crosses my mind for counsel and advice.
Thankfully this is only a patch. Full updates are a PiTA when there are a lot of template customizations.
Agree that this update was simple, and certainly a critical patch. Hopefully one day they will make their 'full' updates easier to do in the future without all the template hassle...
One day right?...
It has been a real ball breaker making the transition from v5 to v6...then from v6.1 to v6.2 which was full update only with all sorts of template changes. We were quite happy with what we had with v5 but they stopped supporting it so we had no choice.
The only new thing in v6 that I would say is useful to us is automatic PayPal subscription cancellation.
Copy your template to a custom name so updates to not effect your mods, then the README file usually details which changes are needed on each .tpl file
We already do that. The problem is they redid the templates going from v6.1 to v6.2. So you have to re-copy the generic template to your custom folder then go through and re-apply all your customizations. We have hundreds of them. It's not like you can just do a git merge either when the changes are significant like in the last update. Every change has to be manually checked, possibly modified, and tested against our customizations.
Also there were bug fixes in v6.1 we had to patch ourselves. We filed bug reports for all of them. They adopted some of our fixes in v6.2 so you're welcome. Some of the fixes they adopted had their own spin on it. So by fixing their broken code ourselves it was doubly hard on us. We had to remove or re-write some of our customizations because our patch fixes were no longer compatible with their patch fixes.
All of this is totally wasted time to us basically. Takes away from focussing on our core business. Would not have been necessary if we were still using v5.
WHMCS has started publishing template changes on Github so this makes it a lot easier.
https://github.com/WHMCS/templates-six/commits/master
http://docs.whmcs.com/Long_Term_Support#After_End_Of_Life
WHMCS 5.3 was made EOL at end of October, strange to see a lot of people still using it. Good to see WHMCS still publish a patch for that as well.
Not strange to see a lot of people still using v5 when updating to the new version is such a PiTA. They sprung that obsolescence on people quite quickly. Probably had a lot to do with all the security holes found in v5 if you look at the changes they did.
I guess so, we've also seen a instance where they made a change in 6.1 but didn't document it so we had to debug ourselves as the support were none the wiser.