NASLDB: Invision Power Board < 3.0.5 Multiple Vulnerabilities


http://www.scip.ch/?nasldb.43163

I believe yes :)

The article linked to state's that it doesn't affect 3.0.5 and later ;)

The article linked to state's that it doesn't affect 3.0.5 and later ;)

Im asking is it patched for < 3.0.5

many are using 3.0.2

Version 3.0.5 is the latest version and contains all needed fixes.

Version 3.0.5 is the latest version and contains all needed fixes.

but you could release bug fix for 3.0.1 3.0.2 3.0.3 3.0.4

but you could release bug fix for 3.0.1 3.0.2 3.0.3 3.0.4

The bug fix is 3.0.5

I thought it was common knowledge for webmasters to update when new bug/security fixes are released.:unsure:

You need to run the upgrade script anyway in order to patch any bugs and security issues, so might as well upgrade to 3.0.5. It's not that difficult to do, just upload the files via Filezilla or another FTP client overwriting the old files, and run the upgrade script.

Not a whole heck of a lot of applications require file edits in IPB3 when compared to IPB2, file edits are fairly minimal with IPB3 application, the upgrade process should be five times easier than it was with IPB2 and modifications.

I remember how many file edits the IPB2 version of CSEO required compared to the IPB3 version, the IPB3 version of CSEO only requires some minor edits to a couple files whereas the IPB2 version required a substantial amount of edits to about five or eight files, then there were god awful template edits to tackle after the file edits were completed.:o

maybe to made something like patch only releases ? (if there are any potential hacks into ipb ...)
not just ipb 3.0.x and upgrade ...

From what I understand, with the amount of files which are altered/patched in new releases which contain bugfixes and security fixes, it is best just to upload all files from a new release and upgrade.

With the amount of files that are patched for each new version, it isn't viable to release patch only releases for older versions of IPB. The upgrade script will need to be ran anyway since it alters database entries that patch the install, so might as well upgrade anyway.

As with any software, if you choose not to apply maintenance releases well... you aren't getting the maintenance updates (security updates, bug fixes, performance improvements, etc.) contained within them :)