Recent security fixes and auto updates

RobinHood

Well-known member
I was just wondering if any sites had reported issues or had been hacked to bring the recent security fixes to light or if the issues were found by the good guys before issuing the fixes?

I see some were brought to the devs attention by @batpool52!

That was lovely to read, especially after reading about his previous ties to the warez scene. Glad to see it looks like you've turned over a new leaf and it's benefitting the core product of XenForo and the sites that use it as a result.

Nicely done :)

Are there any plans to include auto patching in XF 1.6 or 2.0?

Wordpress seem to have implemented that pretty well now. I've noticed the last few security updates had already downloaded and installed automatically upon logging into my Wordpress ACP after receiving the email update. I didn't have to lift a finger, I guess it was immediately pushed out to all qualifying installs.

It's seems like an excellent feature to help keep the install secure. Especially if an admin lapses on updates for days, weeks or months, which is easily done depending on the size of the site or how often it's updated. Would probably reduce the number of support tickets too I imagine if it was a major security update that hadn't been applied.
 
I was just wondering if any sites had reported issues or had been hacked to bring the recent security fixes to light or if the issues were found by the good guys before issuing the fixes?

It was brought to our attention before any public release of the exploit.

Auto updates have been discussed before, and obviously has arguments both ways for allowing us to push data to your hosting automatically...
 
I just use my own script to download the upgrade package and extract it and run the CLI upgrader.

All I have to do it run the script and press y and enter twice...

Liam
 
I just use my own script to download the upgrade package and extract it and run the CLI upgrader.

All I have to do it run the script and press y and enter twice...

Liam
If you want to share it... :D

I also optimized the upgrading, but I still have to download the upgrade packages and upload it to my server.
It would be easy if you didn't had to log in... then you could just use wget.
 
Wordpress seem to have implemented that pretty well now.

WordPress, Chrome, Windows 10 ... all are offering the possibility to install updates automatically.

XenForo should follow the trend and provide an option to install security updates automatically, or at least provide some tools to notify the website administrator.
 
Top Bottom