invisiblex_merged Posted January 10, 2010 Posted January 10, 2010 NASLDB: Invision Power Board < 3.0.5 Multiple Vulnerabilities http://www.scip.ch/?nasldb.43163
stoo2000+ Posted January 10, 2010 Posted January 10, 2010 The article linked to state's that it doesn't affect 3.0.5 and later ;)
invisiblex_merged Posted January 10, 2010 Author Posted January 10, 2010 The article linked to state's that it doesn't affect 3.0.5 and later ;) Im asking is it patched for < 3.0.5 many are using 3.0.2
Management Charles Posted January 10, 2010 Management Posted January 10, 2010 Version 3.0.5 is the latest version and contains all needed fixes.
invisiblex_merged Posted January 10, 2010 Author Posted January 10, 2010 Version 3.0.5 is the latest version and contains all needed fixes. but you could release bug fix for 3.0.1 3.0.2 3.0.3 3.0.4
Brian Garcia Posted January 10, 2010 Posted January 10, 2010 but you could release bug fix for 3.0.1 3.0.2 3.0.3 3.0.4 The bug fix is 3.0.5
Gabriel Petrelli Posted January 10, 2010 Posted January 10, 2010 I thought it was common knowledge for webmasters to update when new bug/security fixes are released.:unsure: You need to run the upgrade script anyway in order to patch any bugs and security issues, so might as well upgrade to 3.0.5. It's not that difficult to do, just upload the files via Filezilla or another FTP client overwriting the old files, and run the upgrade script. Not a whole heck of a lot of applications require file edits in IPB3 when compared to IPB2, file edits are fairly minimal with IPB3 application, the upgrade process should be five times easier than it was with IPB2 and modifications. I remember how many file edits the IPB2 version of CSEO required compared to the IPB3 version, the IPB3 version of CSEO only requires some minor edits to a couple files whereas the IPB2 version required a substantial amount of edits to about five or eight files, then there were god awful template edits to tackle after the file edits were completed.:o
night23 Posted January 10, 2010 Posted January 10, 2010 maybe to made something like patch only releases ? (if there are any potential hacks into ipb ...) not just ipb 3.0.x and upgrade ...
Gabriel Petrelli Posted January 10, 2010 Posted January 10, 2010 From what I understand, with the amount of files which are altered/patched in new releases which contain bugfixes and security fixes, it is best just to upload all files from a new release and upgrade. With the amount of files that are patched for each new version, it isn't viable to release patch only releases for older versions of IPB. The upgrade script will need to be ran anyway since it alters database entries that patch the install, so might as well upgrade anyway.
Management Charles Posted January 10, 2010 Management Posted January 10, 2010 As with any software, if you choose not to apply maintenance releases well... you aren't getting the maintenance updates (security updates, bug fixes, performance improvements, etc.) contained within them :)
Recommended Posts
Archived
This topic is now archived and is closed to further replies.