gav240z

22 hours ago, Daniel F said:

Sounds like a WAF( web application firewall)

Your webhost should be able to assist with this.

Thanks all resolved.

Feedback from my web host.

Quote

A mod security rule triggered and blocked the access, I've whitelisted the mod security rule for this domain.

Just an fyi for anyone else who has the same issue in future.

Hi there,

When I post an embedded Youtube link or even reference another post (which generates an iframe) I notice my server returns a 403 error. I'm not sure how to troubleshoot this and what to check in terms of server configuration to fix this?

Can you please let me know what to try/check to try and resolve this issue?

A member tried to post a link to embed this video recently and it failed to post.

Image attached of error generated.

Ok, was able to upgrade after that. Thank you.

Ok ran the UTF8MB4 update and that's fixed a couple of issues.

On 10/19/2023 at 11:15 PM, Miss_B said:

This is almost always server related. When you ran those sql queries, did you encounter any issues? What version are you upgrading from?

Version 4.7.12

Only issue I had was the log tables couldn't be found - which you can see in the support panel as a message also (refer screenshot).

On 10/19/2023 at 11:57 PM, Marc Stridgen said:

Check that you dont have anything showing in the support area of your admin CP before you start an upgrade. I suspect its not set as utf8mb4 on your database

I was kind of putting this off because I didn't really care for being able to post more obscure symbols and it sounds like it requires extensive resources to run this upgrade. However it sounds like this is now a requirement?

Hi there,

I'm having issues upgrading to the latest version of Invision Power.

Here is what I see:

Step 1.

Step 2.

If I try the Fix Automatically option it times out. (500 error on server)

Step 3.

I ran all these SQL commands via phpMyAdmin manually last night. (sequentially)

However I'm still running into the same problem and cannot get past this prompt.

Any ideas as to what might be wrong?

Regards,
Gavin.

Hi @Marc Stridgen,

Thanks for that, is that something my hosting company can confirm? Or something I can find in Cpanel of my hosting environment variables like via php.ini?

Just wondering how I can double check that?

Hi there,

My issue is similar to the post,

However after reading that post and the guide above as recommended by Mark, I'm still confused if I need to take any action? Below is the email I got from Amazon. I am running the latest version of Invision Community v4.7.12.

I upgraded recently from an earlier version which required updating to PHP Version 8. So I'm thinking perhaps the older API call was due to running an older version of the software?

Do I need to take any action to maintain access to the AWS cloud storage bucket?  

Quote

Hello,

We have identified TLS 1.0 or TLS 1.1 connections to Amazon Simple Storage Service (Amazon S3) objects hosted in your account, which must be immediately updated for these connections to maintain their access to your S3 objects. Please update your client software as soon as possible to use TLS 1.2 or higher to avoid an availability impact. We recommend considering the time needed to verify your changes in a staging environment before introducing them into production.

As of June 28, 2023, we have begun deploying updates to the TLS configuration for all AWS API endpoints to a minimum of version TLS 1.2 even if you still have connections using these versions. These deployments will complete by no later than December 31, 2023. This update removes the ability to use TLS versions 1.0 and 1.1 with all AWS APIs in all AWS Regions [1].

What actions can I take to maintain access?
To avoid potential interruption, you must update all client software accessing your Amazon S3 objects using TLS 1.0 or 1.1, to use TLS 1.2 or higher. If you are unable or would prefer to not update all impacted clients, we recommend replacing direct client access to the S3 objects with use of a proxy, such as an Amazon CloudFront distribution. This will allow clients to access your S3 objects via Amazon CloudFront using any TLS version you choose to allow. Amazon CloudFront will forward the calls to your S3 objects using TLS 1.2 or higher. For more guidance for how to setup your CloudFront distribution to front your S3 object access, please review this Knowledge Center article [2].

How can I determine the client(s) I need to update?
We have provided the affected S3 bucket(s) in your account following this messaging. In order to gather additional information about the affected objects and user agents performing these calls, we recommend enabling Amazon CloudTrail data events on the affected S3 bucket(s) [3] [4]. The information contained in the S3 data events will help you pinpoint your client software that is responsible for using TLS 1.0 or TLS 1.1, so you may update it accordingly. Additionally, our related AWS Security blog post [1] provides information on how you may use TLS information in the CloudTrail tlsDetails field. Please note there is an associated cost for enabling CloudTrail data events, please see the CloudTrail pricing page for more detail [5]. Another alternative is to use Amazon S3 server-access logs, see the S3 Logging options page for more details and pricing information [6].

How can I enforce connections to my bucket(s) be over TLSv1.2 and above?
As a best practice, and to prepare for our enforcement of TLS 1.2 or higher, we recommend you proactively enforce a minimum of TLS 1.2 directly on all of your shared S3 bucket(s). You may do this by applying a bucket policy with the s3:TlsVersion condition key as per the documented this Knowledge Center article [7]

If you need further guidance or assistance, please contact AWS Support [8] or your Technical Account Manager.

[1] https://aws.amazon.com/blogs/security/tls-1-2-required-for-aws-endpoints
[2] https://aws.amazon.com/premiumsupport/knowledge-center/s3-access-old-tls/
[3] https://docs.aws.amazon.com/AmazonS3/latest/userguide/cloudtrail-logging-s3-info.html#cloudtrail-object-level-tracking
[4] https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-cloudtrail-logging-for-s3.html#enable-cloudtrail-events
[5] https://aws.amazon.com/cloudtrail/pricing/
[6] https://docs.aws.amazon.com/AmazonS3/latest/userguide/logging-with-S3.html
[7] https://aws.amazon.com/premiumsupport/knowledge-center/s3-enforce-modern-tls/
[8] https://aws.amazon.com/support

Please see the following for S3 buckets in which object-level calls were made over TLS 1.0 or TLS 1.1 connections between July 17, 2023 and July 25, 2023 (the UserAgent may be truncated due to a limit in the number of characters that can be displayed): 

Connections details will be in the following format:
Region | Bucket name(s) | APIAction | TLSVersion | NumCalls | UserAgent
ap-southeast-2 | auszcarinvisionbucket | REST.GET.OBJECT | TLSv1 | 2 | [BPImageWalker/2.0 (www.bdbrandprotect.com)]

I'm seeing the following in my Invision power board list of warnings/issues.

The hosting provider says this is supported.

Is there anything further I can do to fix this/check for issues?

Cheers,
Gavin.

Looks like this may be the solution.

Am I over looking something here?

I see the red error message, despite REDIS having been configured and appears to be working?

Anything else I can check?

Thanks,
Gavin.

Maybe cached?

No plans for backwards compatibility? This is exactly what I need but I am on 3.X right now :(.