Jump to content


Photo
* * * * * 2 votes

IP.Board 3.3.x, 3.2.x, and 3.1.x Critical Security Update (6 November 2012)


  • Please log in to reply
No replies to this topic

#1 IPS News

IPS News

    Public Relations

  • IPS Staff
  • 1,055 posts

Posted 06 November 2012 - 02:49 PM

*
POPULAR

On 25 October 2012 we released a critical security patch for IP.Board to address an issue with PHP serialized data in the software. Today we are releasing an update that further enhances the security of the impacted areas.

IPS Security Procedures

When IPS identifies a security issue we always immediately release a patch to address the issue as we did on 25 October. Our second phase of security procedures involves taking time to audit the impacted area of the software and other areas that use similar functionality. This second phase of security auditing helps to ensure the safety of your community by allowing us to proactively harden the security features before an actual exploit is found.

Security Update: 6 November 2012

While we have not been made aware of a specific exploit, our security audit has determined other areas of the software that can be hardened against intrusion or exploit. To proactively ensure the security of your community: today we are releasing a critical security update.

Instructions

We are providing a patch for IP.Board versions 3.3, 3.2, and 3.1. Version 3.1 is end of life for support but we are still providing the patch for the convenience of clients who have not yet upgraded. If you are running a version less than 3.1 you should upgrade to get this and other security enhancements.

Patching is very easy:

  1. Identify the version of IP.Board you are running.
  2. Download and unzip the appropriate patch file below that matches your version.
  3. Upload the contents of the zip to your IP.Board home directory


IP.Board 3.3.x
Attached File  ipb33_nov12.zip   49.69KB   7214 downloads

IP.Board 3.2.x
Attached File  ipb32_nov12.zip   48.84KB   1906 downloads

IP.Board 3.1.x
Attached File  ipb31_nov12.zip   70.43KB   1959 downloads


Notes:

  • This security update replaces the security patch on 25 October 2012. You do not need to apply the 25 October 2012 patch as the release today contains that update and more.
  • When you apply the security update the bulletin in your AdminCP will still display. We keep the bulletin in place for at least a week after a security release.
  • Our main software packages accessed via the client area have already been updated with this security update.
  • If you are running version 3.2.x or 3.1.x and do not have database topic marking enabled then all content will be marked as unread on applying update.
  • If you are an IPS Hosting client your community will be automatically patched.

  • Matt, Breadfan, Ryan11433 and 157 others like this




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users