IP.Board 3.3.x, 3.2.x, and 3.1.x Critical Security Update (6 November 2012)

[IPS News]

On 25 October 2012 we released a critical security patch for IP.Board to address an issue with PHP serialized data in the software. Today we are releasing an update that further enhances the security of the impacted areas.

IPS Security Procedures

When IPS identifies a security issue we always immediately release a patch to address the issue as we did on 25 October. Our second phase of security procedures involves taking time to audit the impacted area of the software and other areas that use similar functionality. This second phase of security auditing helps to ensure the safety of your community by allowing us to proactively harden the security features before an actual exploit is found.

Security Update: 6 November 2012

While we have not been made aware of a specific exploit, our security audit has determined other areas of the software that can be hardened against intrusion or exploit. To proactively ensure the security of your community: today we are releasing a critical security update.

Instructions

We are providing a patch for IP.Board versions 3.3, 3.2, and 3.1. Version 3.1 is end of life for support but we are still providing the patch for the convenience of clients who have not yet upgraded. If you are running a version less than 3.1 you should upgrade to get this and other security enhancements.

Patching is very easy:

• Identify the version of IP.Board you are running.
• Download and unzip the appropriate patch file below that matches your version.
• Upload the contents of the zip to your IP.Board home directory

IP.Board 3.3.x
 ipb33_nov12.zip 49.69K 458 downloads

IP.Board 3.2.x
 ipb32_nov12.zip 48.84K 82 downloads

IP.Board 3.1.x
 ipb31_nov12.zip 70.43K 124 downloads


Notes:

• This security update replaces the security patch on 25 October 2012. You do not need to apply the 25 October 2012 patch as the release today contains that update and more.
• When you apply the security update the bulletin in your AdminCP will still display. We keep the bulletin in place for at least a week after a security release.
• Our main software packages accessed via the client area have already been updated with this security update.
• If you are running version 3.2.x or 3.1.x and do not have database topic marking enabled then all content will be marked as unread on applying update.
• If you are an IPS Hosting client your community will be automatically patched.

View the full article