Jump to content

IPB 2.1.7 Security Update (Low and Medium Risk)

Guest IPS News

By Guest IPS News
in Feedback

Recommended Posts

Michael Grand Master

Michael

Posted
Posted

The code that tells your Admin CP which image to show is actually executed on IPS's servers. Since we all have that red banner right now, it means that something IPS has done with stuff on their end is causing it. Just be patient, it will be resolved shortly I'm sure.

Link to comment
Share on other sites
  • Replies 87
  • Created
  • Last Reply
.Mike Rookie

.Mike

Posted
Posted

This Medium Risk security update was handled poorly. Customers can't seriously be expected to check our admincp and the IPB forums on a daily basis, several times per day, just to make sure there hasn't been a new security update.

I'm subscribed to the RSS feed, the new topic notifications, and the IPS mailing list. I was not notified. I stumbled upon the update at IPSBeyond by chance-- six hours after it was released.

1. No new topic. This Medium Risk security update was appended to a Low Risk security update. No new topic subscriptions were sent out because no new topic was made.

2. No RSS subscription. Obviously, this is tied to a new topic, and that is why it is important to start a new topic for every update.

3. No email sent. I just double-checked to confirm that I'm on the IPS email list. I haven't received any email regarding this security update.

4. Update notification in AdminCP still not working properly.

Not very professional in my opinion. Is there not a specific protocol for releasing security updates so that customers are notified of security updates?

Security update notifications should be consolidated to one place, and a standard should be implemented to make sure that customers are kept in the loop for every single update, no matter how minor. The AdminCP graphic is inadequate, and the other three methods of notification all failed.

Additionally, customers should be notified of security updates before they are posted to the public. Why publicize exactly which code is flawed before most customers have updated, let alone been informed of the update?

Mike

Link to comment
Share on other sites
phinsup Explorer

phinsup

Posted
Posted

I don't really care about the admin cp image to be honest after the Vietnamese crap showed up in my admin cp last week I'd like to see that whole "feature" gone.

That said, I would rather not have to load the admin cp daily to check for security updates, if for no other reason then the possibility that logging into the admin cp when there's a security risk in the works may not be the best bet.

Anyhow, i just figured for future reference we'd all like to have a new topic for any new patch releases.

Link to comment
Share on other sites
RawkBob Rookie

RawkBob

Posted
Posted

I set the url of the iframe which contains the image as a bookmark in my bookmarks toolbar and open it as i would any other site, means i don't need ot log into the admin panel to check (although, i tend to do this daily to delete the spam users that seem to be signing up quite regular.)

the url looks something like this with {random_string} changed to an actual sting of text which probably contains details of your build and the latest build.

http://www.invisionpower.com/download/vers...random_string}=

Link to comment
Share on other sites
AtariAge Veteran

AtariAge

Posted
Posted

Just wanted to add my two cents about Invision being more proactive in getting news of security patches out to their paying customers. I don't log into my Admin CP every day, nor do I check this forum every day. The only reason I'm checking the forum frequently now is because I am watching IPB 2.2 development. Otherwise I check this forum fairly infrequently. I really don't understand why it's so hard for Invision to send email to their customers every time a new security update is posted, and to do so IMMEDIATELY. If Invision has a series of steps they follow when releasing a new patch, sending email to clients should be among them. Regardless of whether it's a "low", "medium", or "high" security risk. Also, I do agree that any new security patch should be posted as a NEW topic, not appended to an existing topic that most people are probably not subscribed to.

..Al

Link to comment
Share on other sites
Steve G. Enthusiast

Steve G.

Posted
Posted

Just wanted to add my two cents about Invision being more proactive in getting news of security patches out to their paying customers. I don't log into my Admin CP every day, nor do I check this forum every day. The only reason I'm checking the forum frequently now is because I am watching IPB 2.2 development. Otherwise I check this forum fairly infrequently. I really don't understand why it's so hard for Invision to send email to their customers every time a new security update is posted, and to do so IMMEDIATELY. If Invision has a series of steps they follow when releasing a new patch, sending email to clients should be among them. Regardless of whether it's a "low", "medium", or "high" security risk. Also, I do agree that any new security patch should be posted as a NEW topic, not appended to an existing topic that most people are probably not subscribed to.



..Al


Hello,

Use
Link to comment
Share on other sites
Michael Grand Master

Michael

Posted
Posted

I have to concur, I didn't notice the new patch from today until I saw Brandon open the topic about it at IPSBeyond. To my knowledge, IPS had always done new 'Company News and Updates' topics for each new patch, but this time it got added into an existing one. I have to wonder what the thinking was on that, since the 'subscribe to this forum' feature so many of us rely on does not have any effect on replies to existing topics.

Link to comment
Share on other sites
.Sephiroth. Newbie

.Sephiroth.

Posted
Posted

This Medium Risk security update was handled poorly. Customers can't seriously be expected to check our admincp and the IPB forums on a daily basis, several times per day, just to make sure there hasn't been a new security update.



I'm subscribed to the RSS feed, the new topic notifications, and the IPS mailing list. I was not notified. I stumbled upon the update at IPSBeyond by chance-- six hours after it was released.



1. No new topic. This Medium Risk security update was appended to a Low Risk security update. No new topic subscriptions were sent out because no new topic was made.



2. No RSS subscription. Obviously, this is tied to a new topic, and that is why it is important to start a new topic for every update.



3. No email sent. I just double-checked to confirm that I'm on the IPS email list. I haven't received any email regarding this security update.



4. Update notification in AdminCP still not working properly.



Not very professional in my opinion. Is there not a specific protocol for releasing security updates so that customers are notified of security updates?



Security update notifications should be consolidated to one place, and a standard should be implemented to make sure that customers are kept in the loop for every single update, no matter how minor. The AdminCP graphic is inadequate, and the other three methods of notification all failed.



Additionally, customers should be notified of security updates before they are posted to the public. Why publicize exactly which code is flawed before most customers have updated, let alone been informed of the update?



Mike



Definately deserves a quote.. Not everyone has time to check these forums every day, and I did NOT learn about the security patch until I logged into my ACP this morning to check up on a board setting.

Personally, I would like to be notified right away when it boils down to a security patch.. I don't want to have my sites exploited. <_<;
Link to comment
Share on other sites
ckoebke Explorer

ckoebke

Posted
Posted

Update's and Security management should be written competly new. Such a thing that shows all releaseversion of all files and check it against a xml / or what ever and display each file version difference in red, maybe send also a email to all root admin when updates are avaible.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Invision Community © 2024 IPS, Inc.
×
×
  • Create New...