Jump to content

Invision Community Blog

Managing successful online communities

IP.Board 3.3.x, 3.4.x Security Update


We are releasing a patch for IP.Board 3.3.x and 3.4.x to address an SQL injection issue.

It has been brought to our attention that specifically crafted URLs may allow an attacker to trigger an SQL error with specific configurations.

To apply the patch
Simply download the attached zip for your IP.Board version and upload the files to your forum server.


IP.Board 3.4.x:



IP.Board 3.3.x:


If you are an IPS Community in the Cloud client running IP.Board 3.4 or above, no further action is necessary as we have already automatically patched your account. If you are using a version older than IP.Board 3.4, you should contact support to upgrade.

If you install or upgrade to IP.Board 3.4.7 after the date and time of this post, no further action is necessary as we have already updated the main download zips.



Recommended Comments

I have just purchased the IP board software and tech support have loaded if for me, can you tell me if this patch has been done at the same time/was it included in the version they loaded or do I need to download it and add it to my software please?


Many Thanks

Link to comment
Share on other sites

Can I just say that not having a date next to these security updates is very poor. It must be a "feature" of this version of board to just show the day, ie "Friday", but for time sensitive issues such as security updates, customers need to see dates.

Link to comment
Share on other sites

No email and no notice in ACP? It took me a while to realise this was a newer patch than the other one this month... which was only when reading this entry with the "Friday" date, and assuming it was last Friday.



Once again, another critical notice that no one received unless they follow the updates here. No email. No admin CP notice.


Can you guys be more proactive and message your customers to alert them of such critical security updates?

Link to comment
Share on other sites

Also didn't notice that this was a new update due to the same title.

It's a shame that IPB doesn't update the version number when a security update is released. By this you can easily check if you're running the latest version.

Link to comment
Share on other sites

Interestingly, I installed a patch a few hours after it was available (noticed it in the ACP), same name/number, and now receive several emails about it, to download and install.

Is this the same thing, or is it a newer version, and if the latter, how do I find out?

Thanks in advance.

Kind regards, Wim

Link to comment
Share on other sites

I have just applied this patch and can't access the forums at all. I just get this message:

Parse error: syntax error, unexpected '?' in /var/sites/a/xxxxxx/public_html/forums/admin/sources/base/ipsRegistry.php on line 60

Create the ticket, I would say so IPS can look into it. 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Add a comment...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


Important Information

We use technologies, such as cookies, to customise content and advertising, to provide social media features and to analyse traffic to the site. We also share information about your use of our site with our trusted social media, advertising and analytics partners. See more about cookies and our Privacy Policy