Jump to content

Security Patches


Recommended Posts

I saw the other thread was closed before I could leave my feedback. So I'll leave it in this thread. This is a feedback response to @Chris Bell found at his thread here: https://invisionpower.com/forums/topic/432459-this-is-uncool/

I'm going to have to agree with Chris Bell on this one. Mine expired recently too, and I prefer to wait 6 months to a year to renew. Major security flaws in the software should be fixed for free. This flaw is a result of IPS Developer oversight.


Furthermore, take a look at their License Terms:


"Note that, whenever possible, security patches are made available to all customers even if you choose not to renew your service."

I expect IPS to honor this statement to all customers.


EDIT: I would like to request that IPS Staff does not close this topic as I opened it for constructive feedback posted in an appropriate matter. If anyone else is out of line, deal with the individual personally and do not negatively bring my thread down with individuals who cannot provide feedback in an appropriate matter.

Link to comment
Share on other sites

  • Management

Naturally, I'd expect anyone with an expired license to share a similar opinion.

I certainly understand your point of view, but to be clear, that excerpt clearly says when possible. In 3.x, it's possible to release individual patches and that's what we do. In IPS4, "patches" are full releases and as in this case, require the upgrader to be run for various reasons (in this case, there's a template update.) The system is not designed to build downloads for non or expired clients and to be rather frank, we're not eager to cobble something together for this purpose. It's important that clients know whether they're up-to-date and incrementing the version number and doing proper releases accomplishes that goal.

We've been very clear and forthcoming in that if you're more of a renewal hopper (renew once every year or two years for big ticket items) that IPS4 isn't likely going to be for you. I'm afraid there's simply too many complexities involve to warrant changing course for expired licenses. 

As an aside, the issue in this release related to servers that allowed loose execution of non-PHP files. We've opted to resolve that on a software level, but in reality, best practices since 2012 dictate this shouldn't be an issue. 

We take on a lot of feedback here. We've changed many things based on client feedback, but there's always a vocal minority driven hot button issue that appears every 6 months or so that we're just not willing to entertain and this is one of them (in fact, it may have been the last one as well.) We appreciate your feedback and recognize your concerns and frustrations, but we're not prepared to revisit security updates (or the red banner) in IPS4 at this time. 

You are certainly welcome to contact us to discuss your concerns, including moderation concerns - but when a topic is closed; it's closed... please respect that as we want you to be able to continue sharing your feedback in other areas. 



Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...