Jump to content

[IPS] IP.Board 3.3.x, 3.2.x, and 3.1.x Critical Security Update (6 November 2012)


Recommended Posts

On 25 October 2012 we released a critical security patch for IP.Board to address an issue with PHP serialized data in the software. Today we are releasing an update that further enhances the security of the impacted areas.

IPS Security Procedures

When IPS identifies a security issue we always immediately release a patch to address the issue as we did on 25 October. Our second phase of security procedures involves taking time to audit the impacted area of the software and other areas that use similar functionality. This second phase of security auditing helps to ensure the safety of your community by allowing us to proactively harden the security features before an actual exploit is found.

Security Update: 6 November 2012

While we have not been made aware of a specific exploit, our security audit has determined other areas of the software that can be hardened against intrusion or exploit. To proactively ensure the security of your community: today we are releasing a critical security update.

Instructions

We are providing a patch for IP.Board versions 3.3, 3.2, and 3.1. Version 3.1 is end of life for support but we are still providing the patch for the convenience of clients who have not yet upgraded. If you are running a version less than 3.1 you should upgrade to get this and other security enhancements.

Patching is very easy:

  1. Identify the version of IP.Board you are running.
  2. Download and unzip the appropriate patch file below that matches your version.
  3. Upload the contents of the zip to your IP.Board home directory


IP.Board 3.3.x
Attached File ipb33_nov12.zip   49.69K  354 downloads

IP.Board 3.2.x
Attached File ipb32_nov12.zip   48.84K  73 downloads

IP.Board 3.1.x
Attached File ipb31_nov12.zip   70.43K  111 downloads


Notes:

  • This security update replaces the security patch on 25 October 2012. You do not need to apply the 25 October 2012 patch as the release today contains that update and more.
  • When you apply the security update the bulletin in your AdminCP will still display. We keep the bulletin in place for at least a week after a security release.
  • Our main software packages accessed via the client area have already been updated with this security update.
  • If you are running version 3.2.x or 3.1.x and do not have database topic marking enabled then all content will be marked as unread on applying update.
  • If you are an IPS Hosting client your community will be automatically patched.


View the full article
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...