Página 1 de 2 12 ÚltimoÚltimo
Resultados 1 a 10 de 13
  1. #1
    Super Moderador
    Data de Ingresso
    Sep 2010
    Localização
    Procurando...
    Posts
    4,106

    WHMCS Security Advisory TSR-2014-0003

    WHMCS Security Advisory TSR-2014-0003

    ========================================
    WHMCS Security Advisory TSR-2014-0003
    http://blog.whmcs.com/?t=92542
    ========================================

    WHMCS has released new updates for all supported versions of WHMCS. These
    updates include changes that address security concerns within the WHMCS
    product.

    WHMCS has rated these updates as having a moderate to important security impact.
    Information on security ratings can be found at
    http://docs.whmcs.com/Security_Levels

    ==========
    Releases
    ==========
    Please update your installation to the latest version 5.3.9.

    This update includes significant changes to IP detection logic in conjunction
    with the use of proxies. If using services such as CloudFlare, or any other
    similar public or private proxy service, to proxy traffic to your WHMCS
    installation, you will need to perform additional steps post upgrading in order
    to keep IP detection functioning correctly. If in any doubt, we urge you to read
    the Release Notes or contact our support team for further information prior to
    updating.

    The update includes a significant update to the low-level cryptographic routines
    used for admin authentication. These changes will affect any 3rd-party
    integration which directly accesses the admin user database table; should not
    have an observable impact on installations otherwise. Further details can be
    found in the Release Notes.

    The update brings End Of Life for the Ensim server module as well as the E-Gold
    and PayOffline gateway modules. Please read the Release Notes if you activity
    using those modules.

    Release Notes: http://docs.whmcs.com/Version_5.3_Re...#Release_Notes

    ** Update: If you use Two-Factor Authentication with admin users, a further
    update is required after applying the 5.3.9 core update. For more details,
    please see http://forum.whmcs.com/showthread.php?92550


    == Patches ==

    Incremental patches can be downloaded by following the links below.

    These patch sets contain only the files that have changed between the previous
    release and this update. The previous release version that these patch sets are
    designed for is clearly indicated as the first and smaller number.

    5.3.8 --> 5.3.9 http://go.whmcs.com/434/v538_incremental_to_v539_patch
    MD5 Checksum: a019f6e67c81ecb9087cfba22a0a6d84

    Need a patch for an older version? Visit our downloads page:
    http://download.whmcs.com/

    To apply a patch set release, download the files as indicated above. Then follow
    the upgrade instructions for a "Patch Set" which can be found at
    http://docs.whmcs.com/Upgrading#For_a_Patch_Set


    == Full Release ==

    A full release distribution contains all the files of a WHMCS product
    installation. It can be used to both perform a new installation or update an
    existing one (regardless of previous version).

    5.3.9 Full Version - Download Now http://download.whmcs.com/
    MD5 Checksum: ba03da59cc51fbedc6c62d993baa7617

    To apply a full release, download the release from the URL above. Then follow
    the upgrade instructions for a "Full Release Version" which can be
    found at http://docs.whmcs.com/Upgrading#For_...elease_Version


    =========================================
    Security Issue Information
    =========================================

    The security changes in these releases address 15 issues, all of which were
    reported via the security bounty program, or discovered internally by the WHMCS
    Development Team. The issues addressed are rated as having Moderate to Important
    security impacts.

    Once sufficient time has passed to allow WHMCS customers to update their
    installed software, WHMCS will release additional information regarding the
    nature of the security issues.

    ============================
    Maintenance Issue Information
    ============================

    This release also provides resolution for a number of maintenance issues. For
    full details please refer to the changelog:

    V5.3.9 - http://changelog.whmcs.com/WHMCS_V5.3

    All published and supported versions of WHMCS prior to 5.3.8 are affected by one
    or more of these maintenance and security issues.


    ============================


    WHMCS Limited
    www.whmcs.com

    - Members Area: https://www.whmcs.com/members/
    - Support: http://www.whmcs.com/support/
    - Documentation: http://docs.whmcs.com/
    - Community Forums: http://forums.whmcs.com/
    Siga-nos em nosso twitter: @wht_brasil

  2. #2
    WHT-BR Top Member
    Data de Ingresso
    Nov 2010
    Posts
    1,608
    Atualizei aqui, fiz alguns testes de pedido com domínio, autologin e geração de boleto e aparentemente tudo ok
    oGigante.com*• Revenda de Hospedagem Cloud Linux + WHMCS Grátis
    VWhost.com.br • Revenda de Hospedagem Linux Cpanel + CloudFlare
    Zocka.com.br • Hospedagem de Sites Cpanel + Construtor de Sites

  3. #3
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Localização
    /sc/rionegrinho
    Posts
    1,036
    Quem tem o TFA pode precisar de um patch adicional para conseguir logar de novo no admin, que foi o meu caso. Embora eu acredito que eles já tenham incluído isso no patch original.
    Alexandre Silva Hostert

    Veezon
    Gerenciamento de Servidores


    http://veezon.com.br
    http://br.linkedin.com/in/alexandreveezon

  4. #4
    Super Moderador
    Data de Ingresso
    Sep 2010
    Localização
    Procurando...
    Posts
    4,106
    Citação Postado originalmente por AlexandreVeezon Ver Post
    Quem tem o TFA pode precisar de um patch adicional para conseguir logar de novo no admin, que foi o meu caso. Embora eu acredito que eles já tenham incluído isso no patch original.
    pode traduzir: TFA ? :-)
    Siga-nos em nosso twitter: @wht_brasil

  5. #5
    WHT-BR Top Member
    Data de Ingresso
    Nov 2010
    Posts
    1,608
    Citação Postado originalmente por Winger Ver Post
    pode traduzir: TFA ? :-)
    Acredito que seja autenticação de dois fatores
    oGigante.com*• Revenda de Hospedagem Cloud Linux + WHMCS Grátis
    VWhost.com.br • Revenda de Hospedagem Linux Cpanel + CloudFlare
    Zocka.com.br • Hospedagem de Sites Cpanel + Construtor de Sites

  6. #6
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Localização
    /sc/rionegrinho
    Posts
    1,036
    Isso aí chuva!
    Alexandre Silva Hostert

    Veezon
    Gerenciamento de Servidores


    http://veezon.com.br
    http://br.linkedin.com/in/alexandreveezon

  7. #7
    Super Moderador
    Data de Ingresso
    Sep 2010
    Localização
    Procurando...
    Posts
    4,106
    #whmcsmeirritaprofundamente
    Siga-nos em nosso twitter: @wht_brasil

  8. #8
    WHT-BR Top Member
    Data de Ingresso
    Jul 2011
    Posts
    1,036
    Citação Postado originalmente por Winger Ver Post
    #whmcsmeirritaprofundamente
    Pena que não pode dar like em post de moderador...

  9. #9
    Super Moderador
    Data de Ingresso
    Sep 2010
    Localização
    Procurando...
    Posts
    4,106
    voces viram que por apenas u$30,00 voce pode ter seu ticket de suporte atendido com prioridade?
    Siga-nos em nosso twitter: @wht_brasil

  10. #10
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Localização
    /sc/rionegrinho
    Posts
    1,036
    Será que alguém usa isso?
    Alexandre Silva Hostert

    Veezon
    Gerenciamento de Servidores


    http://veezon.com.br
    http://br.linkedin.com/in/alexandreveezon

Permissões de Postagem

  • Você não pode iniciar novos tópicos
  • Você não pode enviar respostas
  • Você não pode enviar anexos
  • Você não pode editar suas mensagens
  •