1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Recent security fixes and auto updates

Discussion in 'General XenForo Discussion and Feedback' started by RobinHood, Jul 27, 2015.

  1. RobinHood

    RobinHood Well-Known Member

    I was just wondering if any sites had reported issues or had been hacked to bring the recent security fixes to light or if the issues were found by the good guys before issuing the fixes?

    I see some were brought to the devs attention by @batpool52!

    That was lovely to read, especially after reading about his previous ties to the warez scene. Glad to see it looks like you've turned over a new leaf and it's benefitting the core product of XenForo and the sites that use it as a result.

    Nicely done :)

    Are there any plans to include auto patching in XF 1.6 or 2.0?

    Wordpress seem to have implemented that pretty well now. I've noticed the last few security updates had already downloaded and installed automatically upon logging into my Wordpress ACP after receiving the email update. I didn't have to lift a finger, I guess it was immediately pushed out to all qualifying installs.

    It's seems like an excellent feature to help keep the install secure. Especially if an admin lapses on updates for days, weeks or months, which is easily done depending on the size of the site or how often it's updated. Would probably reduce the number of support tickets too I imagine if it was a major security update that hadn't been applied.
     
    Eagle, empire, otto and 2 others like this.
  2. batpool52!

    batpool52! Well-Known Member

    For XenForo Media Gallery I would check for html content in comments, media / album title and description to know if your site was actually hacked :p
     
    wcbryant and lit like this.
  3. dethfire

    dethfire Well-Known Member

    I would love auto updates for security updates. It's a pain to reupload everything.
     
    ┼ŻivaAkcija likes this.
  4. Slavik

    Slavik XenForo Moderator Staff Member

    It was brought to our attention before any public release of the exploit.

    Auto updates have been discussed before, and obviously has arguments both ways for allowing us to push data to your hosting automatically...
     
    RobinHood and batpool52! like this.
  5. Liam W

    Liam W Well-Known Member

    I just use my own script to download the upgrade package and extract it and run the CLI upgrader.

    All I have to do it run the script and press y and enter twice...

    Liam
     
    Fred. and 1im like this.
  6. Fred.

    Fred. Well-Known Member

    If you want to share it... :D

    I also optimized the upgrading, but I still have to download the upgrade packages and upload it to my server.
    It would be easy if you didn't had to log in... then you could just use wget.
     
  7. Liam W

    Liam W Well-Known Member

    I released a GUI add-on version instead :)

    Beta - XenForo Updater
     
    RobinHood and MattW like this.
  8. Fred.

    Fred. Well-Known Member

    That's great Liam :) Looks good! Thanks (y)
    I will try it out tomorrow :sleep:
     
  9. Karelke

    Karelke Active Member

    WordPress, Chrome, Windows 10 ... all are offering the possibility to install updates automatically.

    XenForo should follow the trend and provide an option to install security updates automatically, or at least provide some tools to notify the website administrator.
     
    RobinHood and HammerDown like this.

Share This Page