Jump to content
bfarber
 Share


IP.Board 3.3.x, 3.4.x Security Update

03-20-2015

We are releasing a patch for IP.Board 3.3.x and 3.4.x to address an SQL injection issue.

It has been brought to our attention that specifically crafted URLs may allow an attacker to trigger an SQL error with specific configurations.


To apply the patch
Simply download the attached zip for your IP.Board version and upload the files to your forum server.

 

IP.Board 3.4.x:

  patch3122015.zip

 

IP.Board 3.3.x:

  patch3122015_33.zip


If you are an IPS Community in the Cloud client running IP.Board 3.4 or above, no further action is necessary as we have already automatically patched your account. If you are using a version older than IP.Board 3.4, you should contact support to upgrade.

If you install or upgrade to IP.Board 3.4.7 after the date and time of this post, no further action is necessary as we have already updated the main download zips.

 

 Share

Comments

Recommended Comments



I have just purchased the IP board software and tech support have loaded if for me, can you tell me if this patch has been done at the same time/was it included in the version they loaded or do I need to download it and add it to my software please?

 

Many Thanks

Link to comment
Share on other sites

Can I just say that not having a date next to these security updates is very poor. It must be a "feature" of this version of board to just show the day, ie "Friday", but for time sensitive issues such as security updates, customers need to see dates.

Link to comment
Share on other sites

No email and no notice in ACP? It took me a while to realise this was a newer patch than the other one this month... which was only when reading this entry with the "Friday" date, and assuming it was last Friday.

Link to comment
Share on other sites

No email and no notice in ACP? It took me a while to realise this was a newer patch than the other one this month... which was only when reading this entry with the "Friday" date, and assuming it was last Friday.

This.

 

Once again, another critical notice that no one received unless they follow the updates here. No email. No admin CP notice.

 

Can you guys be more proactive and message your customers to alert them of such critical security updates?

Link to comment
Share on other sites

No notification when it was released and now received 4 today about a patch a week old.  IPS needs to iron out their security notification system.  What is currently being done is not sufficient.

Link to comment
Share on other sites

Also didn't notice that this was a new update due to the same title.

It's a shame that IPB doesn't update the version number when a security update is released. By this you can easily check if you're running the latest version.

Link to comment
Share on other sites

Interestingly, I installed a patch a few hours after it was available (noticed it in the ACP), same name/number, and now receive several emails about it, to download and install.

Is this the same thing, or is it a newer version, and if the latter, how do I find out?

Thanks in advance.

Kind regards, Wim

Link to comment
Share on other sites

I have just applied this patch and can't access the forums at all. I just get this message:

Parse error: syntax error, unexpected '?' in /var/sites/a/xxxxxx/public_html/forums/admin/sources/base/ipsRegistry.php on line 608

Link to comment
Share on other sites

I have just applied this patch and can't access the forums at all. I just get this message:

Parse error: syntax error, unexpected '?' in /var/sites/a/xxxxxx/public_html/forums/admin/sources/base/ipsRegistry.php on line 60

Create the ticket, I would say so IPS can look into it. 

Link to comment
Share on other sites




Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Add a comment...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...