Resultados 1 a 6 de 6
  1. #1
    Web Hosting Guru
    Data de Ingresso
    May 2011
    Posts
    331

    Nova atualização whmcs

    =======================================
    WHMCS Security Advisory TSR-2014-0001
    WHMCS - WHMCS Security Advisory TSR-2014-0001
    ========================================

    WHMCS has released a new update for all supported versions of WHMCS. These
    updates contain changes that address security concerns within the WHMCS
    product.

    We recommend you update your WHMCS installation(s) as soon as possible.

    WHMCS has rated this update as having an important security impact. Information
    on security ratings can be found at Security Levels - WHMCS Documentation

    ==========
    Releases
    ==========
    Please update your installation to the one of the following versions:
    v5.2.16

    == Patches ==

    Incremental patches can be downloaded by following the provided links below.
    These patch sets contain only the files that have changed between the previous
    release and this update. The previous release version that these patch sets are
    designed for is clearly indicated as the first and smaller number.

    The following incremental patches are available for direct download:

    5.2.15 --> 5.2.16 http://go.whmcs.com/298/v5215_increm...to_v5216_patch
    MD5 Checksum: 706e352796e91c4f27a40470c83125b8

    To apply a patch set release, download the files as indicated above. Then follow
    the upgrade instructions for a "Patch Set" which can be found at
    Upgrading - WHMCS Documentation

    == Full Release ==

    A full release distribution contains all the files of a WHMCS product
    installation. It can be used to perform a new install or update an existing
    installation (regardless of previous version).

    5.2.16 - Downloadable from the WHMCS Members Area
    https://www.whmcs.com/members
    MD5 Checksum: fe2a804ade2bfd69d4107ff8aa1b718b

    To apply a full release, download the files as indicated above. Then follow the
    upgrade instructions for a "Full Release Version" which can be found
    at Upgrading - WHMCS Documentation


    =========================================
    Important Maintenance Issue Information
    =========================================

    This Advisory provides resolution for the following important maintenance
    issues:

    Case #2557 - 2Checkout Gateway: Update to currency variable
    Case #2623 - Fix calculations of promotions when more than 50% off
    Case #2739 - Add TLD Specific Fields required for .CN domain registrations
    Case #2874 - Authorize.net Echeck: Fix capture function behaving incorrectly
    Case #3019 - Refine internal criteria for bulk domain lookup
    Case #3030 - Resolve SQL error in Income by Product Report
    Case #3086 - Nominet Registrar: Update to Contact Registration Logic for
    Individuals
    Case #3116 - Required Custom Fields not validating correctly when using API
    Case #3360 - Resolved issue where one time promotions could be treated as
    recurring
    Case #3360 - Disable Recur For input box when Recurring is disabled
    Case #3361 - Fix time limited recurring promotions calculating incorrectly
    Case #3388 - Fix Invalid Token Error when applying credit in Original and
    Portal Client Templates
    Case #3414 - Payflow Pro: Update to store PayFlow Reference in PayFlow Mode
    Case #3617 - Do not CC password reset emails to sub-accounts
    Case #3740 - ProtX VSP Form: Pass correct callback values to debug log
    Case #3801 - Resolved PDF Quotes missing clients name/address
    Case #3802 - Make a quantity of zero remove item from the cart
    Case #3809 - Regular Expression Custom Field Validation failing on single
    quotes
    Case #3811 - Resolve Invalid Token error when deleting recurring calendar
    entry
    Case #3814 - Improvements to IPv6 detection and validation logic
    Case #3862 - NameCheap Registrar: Fix incorrect function name call
    Case #3864 - Authorize.net Echeck: Fix storage of bank account details
    Case #3893 - Enom SSL Module: Fix Province is Required Error Message

    =========================================
    Security Issue Information
    =========================================

    This Advisory provides resolution for several security issues, all of which were
    either reported privately via the Security Bounty Program or found internally by
    the WHMCS Development team as part of the regular on-going internal security
    audits.

    There is no reason to believe that any of these vulnerabilities are known to the
    public. As such, WHMCS will only release limited information about the
    vulnerabilities at this time.

    Once sufficient time has passed, WHMCS will release additional information about
    the nature of the security issues.

    Case #3637 - Improve Access Controls in Project Management Addon
    Case #3782 - Improve Access Controls in Tickets
    Case #3783 - Improve Access Controls in Invoices
    Case #3784 - Resolve Admin Area SQL Injection Vulnerability
    Case #3839 - Resolve Potential XSS Vulnerability
    Case #3841 - Resolve Potential XSS Vulnerability
    Case #3842 - Resolve Potential XSS Vulnerability
    Case #3843 - Resolve Potential XSS Vulnerability
    Case #3846 - Improve Access Controls in Tickets
    Case #3922 - PayPal Express Checkout Improve Validation
    Case #3931 - Potential header injection via whois lookups
    Case #3932 - Improve sanitization for whois query

    All supported versions of WHMCS are affected by one or more of these maintenance
    and security issues.

    For information regarding our Long Term Support Policy, read our documentation
    here:
    Long Term Support - WHMCS Documentation


    =========================================


    WHMCS Limited
    The Complete Client Management, Recurring Billing & Support Solution

    - Members Area: https://www.whmcs.com/members/
    - Support: Support - WHMCS
    - Documentation: Documentation Home - WHMCS Documentation
    - Community Forums: WHMCS Forums

  2. #2
    Lá vamos nós

  3. #3
    WHT-BR Top Member
    Data de Ingresso
    Nov 2010
    Posts
    1,611
    Atualizei um aqui, esperar p/ testar e depois atualizo o outro hehehe
    oGigante.com*• Revenda de Hospedagem Cloud Linux + WHMCS Grátis
    VWhost.com.br • Revenda de Hospedagem Linux Cpanel + CloudFlare
    Zocka.com.br • Hospedagem de Sites Cpanel + Construtor de Sites

  4. #4
    WHT-BR Top Member
    Data de Ingresso
    Jul 2011
    Posts
    1,038
    (Case #3931 - Potential header injection via whois lookups
    Case #3932 - Improve sanitization for whois query)

    Ou seja, não é restrição de acesso à area admin que resolve isso...

    ... mas pode ser que via mod_security esteja filtrado.

  5. #5
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Localização
    /sc/rionegrinho
    Posts
    1,036
    Feito, tudo ok pelo que vi.
    Alexandre Silva Hostert

    Veezon
    Gerenciamento de Servidores


    http://veezon.com.br
    http://br.linkedin.com/in/alexandreveezon

  6. #6
    Aspirante a Evangelist
    Data de Ingresso
    Feb 2012
    Localização
    Lisboa, Portugal
    Posts
    403
    Parece que muito tempo depois conseguiram lançar uma release sem bugs..
    Sampling Line - Serviços e Internet, Lda.
    PTServidor - Alojamento Web, Domínios, Lojas, VPS, Radios, Dedicados, Housing/Colocation
    Blog PTServidor | Registrar Oficial FCCN|MS Partner|R1Soft

Permissões de Postagem

  • Você não pode iniciar novos tópicos
  • Você não pode enviar respostas
  • Você não pode enviar anexos
  • Você não pode editar suas mensagens
  •