WHERE IS Security Update: 3rd May 2013 FIX FOR 3.1.X version?

[blair]

For the most part I can upgrade PHP and not have it affect my site in any way. I'm running PHP 5.3.23 on 2.3.4 without issue. I don't see the relevance.

It's not not irresponsible. I'll give you the URL, and you can let me know when you find a vulnerability.

[Marcher Technologies]

For the most part I can upgrade PHP and not have it affect my site in any way. I'm running PHP 5.3.23 on 2.3.4 without issue. I don't see the relevance.

There will be bugs. There will be flaws. There will be security holes. All of these can remain uncovered.

No matter the programming language, or the skill level of the programmer.

Each new version expounds upon the other in improving the script and the difficulty of translating any change back.

In the case of 2.x, there is very little(to no) back-portability.

In the general case, EOL means upgrade, because the programmers are not touching the code again, use at your own risk and headache.

[Royzee]

I run three sites. Two have 3.4.2 and one has 2.3.6. There are security issues with 2.3.6, but it is a mole hill, not the mountain it is being blown into in this thread. Nor do I expect security updates for it.

[blair]

2.3.6 as well... I stand corrected.

[Cyrem]

@ Cyrem, I see you joined in 2009. If you look at my profile, I joined in 2003. I still have a site running 2.3.4. It's the little engine that could. It just steadily, and slowly grows. I also have a 3.1.4 site that lost significant traffic after upgrading fro 2.3.4 (other sites as well). I used to be someone that upgraded the day an update became available. Now, I guess I'm older and wiser. The longer you have your forum, the more you'll realize not all upgrades are improvements.

3.4.4 is the first upgrade I've considered in a long time. I'm making progress on a dev server, but I shouldn't be forced into an emergency upgrade (no skin, lost mods) because of an unpatched security issue. I understand not offering support (even with a paid license), and I have a Facebook login issue that could use some support. I don't understand leaving known security issues unpatched.

Every unpatched 3.1.4 forum, 2.3.4 forum... could be the next server that helps DDoS your site (or this one). That infects your computer with malware. That sends you spam. It's irresponsible to leave them unpatched.

I love the 2x series, it's those version which made me love IPB.

However. As you know, your big upgrade killed off your other site a lot... so why increase the version gap for the sake of building your forum up... just to tear it back down when you upgrade? If it affects it that much you might as well always run the latest version.

Regardless, no matter how much you put it off... you will have to update eventually.

[Charles]

We no longer release patches for 2.x, 3.0.x, and now 3.1.x. At some point we have to draw a line (just as we did in 2.x and 3.0.x) and we have decided that 3.1 is time to die. It's out of date much like 2.x and 3.0.x are.

Of course this same exact topic comes up every time we finally stop worrying about an old version :)

[Hexsplosions]

It's probably worth locking IMO. The answer is... "no". :)