Jump to content

IPB 2.1.7 Security Update (Low and Medium Risk)


Guest IPS News

Recommended Posts

then how come my files(2.1.6 and 2.1.7 for one board) already had the edit within them? I noticed it when I went to paste the patched edit into the file...but there it was...right in front of me... :lol: I'll be glad to send you a copy of the default files from my downloads....they contain the patch edit already. ;)

Link to comment
Share on other sites

  • Replies 87
  • Created
  • Last Reply

then how come my files(2.1.6 and 2.1.7 for one board) already had the edit within them? I noticed it when I went to paste the patched edit into the file...but there it was...right in front of me... :lol: I'll be glad to send you a copy of the default files from my downloads....they contain the patch edit already. ;)



you must be special as I looked at all my development and skin 2.1.7 and 3 live 2.1.7's and 1 2.1.7 archived on a cd-rom disc and it never had this added

and thanks Matt and staff for this quick fix its better to be safe then sorry is my saying on php security
Link to comment
Share on other sites

then how come my files(2.1.6 and 2.1.7 for one board) already had the edit within them? I noticed it when I went to paste the patched edit into the file...but there it was...right in front of me... :lol: I'll be glad to send you a copy of the default files from my downloads....they contain the patch edit already. ;)



It's simply not possible. Note that the edit is to comment out a section of code. The section of code could and should be there already yes, but it is not commented out :)
Link to comment
Share on other sites

Hello
I see the risk is low and Matt even posted in this thread
quote
I'm confident that this won't be a huge problem. It requires such a specific sequence of events to execute, most script kiddies won't really bother. In any case, we had the fix out around two hours after the vulnerability was made public.
quote
but wondered if someone could help, a forum I am a member of had problems yesterday and the usernames of 3 members were changed, two of the usernames were changed to the peoples real life names and one to a different id. The owner of this forum seems to be having problems in sorting this out could you advise him on the best course of action. Members are concerned about privacy violations if hackers are able to access your forums. This is the thread and forum in question
http://www.gptinfo.net/forum/index.php?showtopic=3380
Thank you for any help you can give on solving this problem.

Link to comment
Share on other sites

Hello


I see the risk is low and Matt even posted in this thread


quote


I'm confident that this won't be a huge problem. It requires such a specific sequence of events to execute, most script kiddies won't really bother. In any case, we had the fix out around two hours after the vulnerability was made public.


quote


but wondered if someone could help, a forum I am a member of had problems yesterday and the usernames of 3 members were changed, two of the usernames were changed to the peoples real life names and one to a different id. The owner of this forum seems to be having problems in sorting this out could you advise him on the best course of action. Members are concerned about privacy violations if hackers are able to access your forums. This is the thread and forum in question


http://www.gptinfo.net/forum/index.php?showtopic=3380

Thank you for any help you can give on solving this problem.



Please submit a ticket for support. :)

http://invisionpower.com/customer
Link to comment
Share on other sites

I dont mean to be a complainer, but in the future could you please post security updates as new topics? Especially in this case as there is a medium security update in a formerly lower security topic. I get my updates notices by subscribing to new posts in that forum. Again sorry to be a PITA, but it is a fairly important matter.

Thanks

Link to comment
Share on other sites

Why not created new topic about update? Since it shows up to date anyway even if not updated.



Agreed. I was wondering why discussion in here started up again but took no notice. I only noticed when someone posted in 2.2 BETA Forum about it. :|
Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...