AlexJ Posted March 6, 2019 Share Posted March 6, 2019 How can I download 4.3.6 security update? I got the notification in ACP but when i try to download i only get 4.4.1. Thanks Link to comment Share on other sites More sharing options...
Joel R Posted March 6, 2019 Share Posted March 6, 2019 4.3.6 is no longer available, and the security patches are bundled in to 4.4.1 Link to comment Share on other sites More sharing options...
Mercury Forever Posted March 6, 2019 Share Posted March 6, 2019 Hello... Directly installed 4.4.1 or update first to 4.4.0 and then patch with 4.4.1.? I understand that the possible vulnerability is present in the commerce module. ??? Link to comment Share on other sites More sharing options...
Joel R Posted March 6, 2019 Share Posted March 6, 2019 Go directly to 4.4.1 when you're ready. Remember to take a backup, disable all third-party applications and plugins, and disable your custom theme. Link to comment Share on other sites More sharing options...
Mr World Posted March 6, 2019 Share Posted March 6, 2019 19 minutes ago, Joel R said: Go directly to 4.4.1 when you're ready. Remember to take a backup, disable all third-party applications and plugins, and disable your custom theme. What was the critical security issue? Link to comment Share on other sites More sharing options...
Joel R Posted March 6, 2019 Share Posted March 6, 2019 @giovanny castroYou can refer to the Release Notes for more information about each release. IPS doesn't disclose details about the security fixes. https://invisioncommunity.com/release-notes/ Link to comment Share on other sites More sharing options...
AlexJ Posted March 6, 2019 Author Share Posted March 6, 2019 3 hours ago, Joel R said: 4.3.6 is no longer available, and the security patches are bundled in to 4.4.1 It says 4.3.6 released yesterday and I can't download the patch? So only way to protect from security issue is to go 4.4.1 while people are not yet ready for 4.4.1? Before IPS used to support old versions for certain period of time. Now even for active license holders, it's screw you or upgrade, policy? What's so hard about providing security patch separately like old days in separate zip file? I am not asking to support 4.3.5, 4.3,4, etc. Just last final release i.e. 4.3.6 before current major version? @bfarber Link to comment Share on other sites More sharing options...
Sonya* Posted March 6, 2019 Share Posted March 6, 2019 2 hours ago, AlexJ said: Now even for active license holders, it's screw you or upgrade, policy? Yes. This is what I have been said in support ticket. If you have an issue with 4.3.6 then you must upgrade to the latest version to get support. I can understand that they want to bundle their efforts into development of the new version. But I am also unhappy not to be able to upgrade right now (not ready for 4.4 yet) and not getting support for the current version. Link to comment Share on other sites More sharing options...
newbie LAC Posted March 6, 2019 Share Posted March 6, 2019 Link to comment Share on other sites More sharing options...
bfarber Posted March 6, 2019 Share Posted March 6, 2019 You do not need to update to 4.4.x in order to obtain the security fix - we explicitly released a 4.3.6 patch to address anyone unprepared to upgrade. You should be able to run the support tool, which will point out the patch and allow you to apply it. If you have any trouble, please feel free to submit a ticket and we will assist. In short - there is a patch available for 4.3.x. You are not being forced to upgrade to 4.4.x at this time for this specific issue. Link to comment Share on other sites More sharing options...
AlexJ Posted March 6, 2019 Author Share Posted March 6, 2019 Thanks @bfarber. @newbie LAC linked helped me to update our site. Joel's response got me worried but all good now. :) Thank you Link to comment Share on other sites More sharing options...
Joel R Posted March 6, 2019 Share Posted March 6, 2019 I was able to clarify with IPS that they do sometimes offer a patch in the last version without needing to upgrade to 4.4 since it's such a big upgrade. Just seeing if you were awake 😁. Link to comment Share on other sites More sharing options...
Mr World Posted March 7, 2019 Share Posted March 7, 2019 On 3/6/2019 at 10:54 AM, Joel R said: @giovanny castroYou can refer to the Release Notes for more information about each release. IPS doesn't disclose details about the security fixes. https://invisioncommunity.com/release-notes/ Doesn't really go into specifics on the potential exploit, Can you highlight it for me? Link to comment Share on other sites More sharing options...
Florent Bouillon Posted March 7, 2019 Share Posted March 7, 2019 On 3/6/2019 at 4:31 PM, bfarber said: You do not need to update to 4.4.x in order to obtain the security fix - we explicitly released a 4.3.6 patch to address anyone unprepared to upgrade. You should be able to run the support tool, which will point out the patch and allow you to apply it. If you have any trouble, please feel free to submit a ticket and we will assist. In short - there is a patch available for 4.3.x. You are not being forced to upgrade to 4.4.x at this time for this specific issue. Hello bfarber, can you also please confirm that the new push-upgrade for 4.4.1 is the same ? I applied the patch to my 4.3.6 after the alert in admin panel, so I don't need to apply furthermore the 4.4.1, right? (not that I don't want to go on 4.4, but I have to wait for my theme to be updated by its author! ) Link to comment Share on other sites More sharing options...
bfarber Posted March 7, 2019 Share Posted March 7, 2019 4.4.1 contains bug fixes for 4.4.0, as well as the same Commerce patch. If you applied the Commerce patch to your 4.3.6 installation, you do not need to upgrade to 4.4.x, correct. Link to comment Share on other sites More sharing options...
Maksim Posted March 8, 2019 Share Posted March 8, 2019 IPB won... upgraded to 4.4.1... could not find options to just put the patch. lol. Link to comment Share on other sites More sharing options...
Black Tiger Posted March 9, 2019 Share Posted March 9, 2019 Me neither and at this moment there will not be upgraded from 4.3.6 yet. Just curious also if the bug I found in Commerce was also fixed in 4.4.1. Link to comment Share on other sites More sharing options...
bfarber Posted March 11, 2019 Share Posted March 11, 2019 There was talk of putting the patch up for client download in the client area, but I'm not sure if that was done. Worst case scenario, if you submit a ticket and request the 4.3.6 patch we will gladly supply it. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.