New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
WHMCS security update
I just stumbled across a fresh post on blog.whmcs.com: WHMCS Security Advisory for 4.x, 5.x
They say that the patch is fixing 6 security vulnerabilities
I have no idea if WHMCS sent any email update yet, I just checked my inbox and got none. Perhaps it's on its way.
update time, I guess
Comments
Oh, not again.
Let's see how many times they will reissue the same patch this time, until it finally works.
@rds100
Remember cpanel is in charge now.
patch from 5.1.3 to 5.1.4 breaks the transaction log, no payments are recorded after we applied it
Fantastic, we just used that one as well.
Do tell this to WHMCS, they should fix it eventually.
Well I guess @rds100 is right. Still can't get it right even with Cpanel involved.
Why not just write safe code in the first place?
Because it would result in less profit for the code writer i guess? ;-)
cPanel are far from perfect themselves and they aren't in charge at WHMCS, Matt still is, they just have share in the company i believe.
@superpilesos Problem is when they right it, it looks secure. if something changes in the php kernel then an exploit is found in a function that they were using. It happens. It happens to most if not all software companies. Apple, Microsoft, RedHat, Unbuntu. It is a fact of life with software.
@GetKVM_Ash It sounded like cpanel owned more than Matt does. And that Cpanel's coder's were going to help get whmcs back on track.
I can confirm that. Another issue is that whmcs shows "An update is available!" but there isn´t any update ready..
Is all we get.
Fixed that. Now we're on the things that @fileMEDIA mentioned.
@fileMEDIA: WHen you go to Help->Check for Updates, what's the version?
@Damian Version installed: 5.1.4 Latest Version Version: 5.1.3..I think the update function checks: lastest version != installed version and not latest version > installed version..
Has WHMCS fixed the transaction log issue yet?
@Jono20201 they probably don't even know there is a problem, until someone tells them.
If it's so important, they should have it as an update when the administrator logs in.
Your Version 5.1.4
Latest Version 5.1.3
Yeah.. that someone is normally me. I sit there for the next hour uploading dbconnect files to my WHMCS install for Matt. -.-
@fileMEDIA: did you set up htaccess for your payment notification callbacks?
Anybody informed WHMCS yet or...
No, only on the admin dir, but works fine up to 5.1.3..I´ll take a few tests..
5.2.1 is the latest update, anyone else?
That wasn't there earlier.. Typical WHMCS. Change this and that, inform nobody.
WHMCS @whmcs
WHMCS v5.2 is out now! Get the latest version at https://whmcs.com/members http://blog.whmcs.com/?t=69406
32 Minutes ago via Twitter, messy release to say the least
This is why I usually wait 6-10 months between updates.
The WHMCS/Solus interface seems to be perpetually down for maintenance now:
Yup, I learned this when I installed a Beta version of Solus and it ended up screwing up majority of the database.
You'd wait 6-10 months to put a security update in?
I suggest you install the security update (5.1.4) even tho it may have some bugs.
While the fixed vulnerabilities are not public, this may quickly change. As the patches are now available, someone can decode them and see the vulnerabilities while comparing to the previous, vulnerable versions.