Jump to the post that solved this thread.
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Solved: 4 Years, 8 Months, 1 Week ago 1.8.1 security without upgrade
#1
Solved: 4 Years, 8 Months, 1 Week ago
I'm using 1.8.1 version and I need to remove its security  issue, but I really do not like to upgrade to 1.8.3 in reason of whole changes I made in the script. Is there any manual about most important core files or code-lines replacement with no change in the website, to solve the high-risk issue?
Reply
#2
Solved: 4 Years, 8 Months, 1 Week ago
First of all, if you read our blog with release news, you'd know there are no changes except security fixes in 1.8.2 and 1.8.3, so your question doesn't make any sense.

Secondly, you shouldn't lose anything after minor version upgrades (so 1.8.x -> 1.8.y) and you gain lots of bugfixes, so there's nothing to worry about.

EDIT: unless I misread and you have lots of core changes that may get overwritten in the modified files, see the post below then.
Reply
#3
Solved: 4 Years, 8 Months, 1 Week ago
Have you made changes to core files and you don't want to lose those edits?

Look in the file verification tab in your ACP. It will show the files you have changed. You can make copies of those and then upgrade.

For the future, Ppatches and plugin library DO work with 1.8, so you can install those and make patches to your core files rather than changing them.
Random Fish and Sims Maniac
MY PLUGINS
Help MyBBSupport help you - remember to mark your threads as solved


Reply
#4
Solved: 4 Years, 8 Months, 1 Week ago
Guys my question is really easy: which file (or codes) was exactly hacked on Git-hub? And made the db security issue for 1.8.1 version.

I just wanna change that file or code, and as mentioned words, yep, I have many changes in script and DO NOT want to lose them.

Refer to @Destroy666, I have to say that upgrade is not that much neutral as claimed.

@Leefish thanks, it's fruitful, but time consuming.
Reply
#5
Solved: 4 Years, 8 Months, 1 Week ago
(02-05-2015, 07:01 AM)artman Wrote: @Leefish thanks, it's fruitful, but time consuming.

Hmmm... Leefish suggests you to overwrite the files using 1.8.3 package and redo those changes (i believe maybe just a bunch) you made to core files... and you think its time consuming.... you might think again if you check this: https://github.com/mybb/mybb/compare/myb......feature
We can't help everyone, but everyone can help someone - Ronald Reagan
Did you know? Your question has already been answered. But you haven't seen it yet.
Don’t  Forget to “Mark as Solved” after the fix
Reply
#6
Solved: 4 Years, 8 Months, 1 Week ago
@mmadhankumar... Thanks for help, Leefish approach is the fastest in a glance, but if a changed function exists in upgraded files it'll make the script totally erroneous, in reason of chained functions in files. I had some bad experience with this method.

As a result of this thread I decided not to change script version until I find a debug solution by myself. Up to that moment I'll strengthen my website security by .htaccess tricks.
Reply
#7
Solved: 4 Years, 8 Months, 1 Week ago
Both 1.8.2 and 1.8.3 only contain security fixes. Since only a few files are changed applying these changes shouldn't be too difficult.
[Image: banner.png]
Reply
#8
Solved: 4 Years, 8 Months, 1 Week ago
i hope you keep track of the changes in the future and offer upgrade packages, then we will know which files have changed !!
Reply
#9
Solved: 4 Years, 8 Months, 1 Week ago
Here you can see the files where the vulns were reported:

http://blog.mybb.com/2014/11/13/mybb-1-8...y-release/

http://blog.mybb.com/2014/11/20/mybb-1-8...-releases/

and this is the fixes on github for 1.8.1 :

https://github.com/mybb/mybb/issues?q=mi...s%3Aclosed

It lists the files the issues were found in if security patches is your only concern. I do not know if that list is total; I don't make the packages.
Random Fish and Sims Maniac
MY PLUGINS
Help MyBBSupport help you - remember to mark your threads as solved


Reply
#10
Solved: 4 Years, 8 Months, 1 Week ago
(02-06-2015, 04:09 AM)expat Wrote: i hope you keep track of the changes in the future and offer upgrade packages, then we will know which files have changed !!
But we already offer uprade packages?
[Image: banner.png]
Reply
Jump to the post that solved this thread.


Forum Jump:


Users browsing this thread: 1 Guest(s)