Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted December 7, 200915 yr http://seclists.org/bugtraq/2009/Dec/46 How long till a patch is released?
December 7, 200915 yr http://community.invisionpower.com/topic/299835-turn-around-time-on-published-exploits/ Summary: Will be addressed in 3.0.5 to be released this week!
December 7, 200915 yr The advisory of course sounds scary, but realistically both issues are relatively mitigated already. The SQL injection requires a moderator account (or above) to perform, and the local file inclusion requires that a malicious script has already been uploaded to your server. We have been verifying the patches over the weekend and they've proved stable. We decided to simply roll them into 3.0.5 and release 3.0.5 this week, instead of making a separate release for the patches this week.
December 8, 200915 yr The advisory of course sounds scary, but realistically both issues are relatively mitigated already. The SQL injection requires a moderator account (or above) to perform, and the local file inclusion requires that a malicious script has already been uploaded to your server. We have been verifying the patches over the weekend and they've proved stable. We decided to simply roll them into 3.0.5 and release 3.0.5 this week, instead of making a separate release for the patches this week. Is there going to be something released for 2.3.6 too?
Archived
This topic is now archived and is closed to further replies.