Subscribe to
There has been a rush in the last week of a hack being widely posted that can cause user credentials to be made available via a SQL Injection. It is stated on these sites that this applies to Version 2.1. This is, actually, the same exploit that was mentioned in this post last October 15th.
It appears that some users of the plugin, whilst apparently running a 2.1 version, are running an earlier ‘beta’ that was offered prior to the final version. As was stated last October, it was very important to take the correct and final release to ensure this exploit was not a threat.
Please check the build number of the version you are currently using. ANY BUILD PRIOR TO 237 must be considered ‘at risk’. Build 237 is the currently available build of 2.1 and has been for a long time. Please note that this security exploit is real and applies to all versions prior to 2.1. Updates should be applied as soon as possible.
There s no need to include the ‘patches’ as the full build already has those applied.
[UPDATE: The Version and Build number can be found in the version strip at the very bottom of the forum page display]
How do we tell the build number? I don’t see it in the options control panel and there is no build documentation or changelog included with the download. The "IMPORTANT.rtf" document included with the current download says Build 230.
Apologies - you are correct. I have updated the text document. I will also update the item above.
The Version and Build number are displayed in the strip at the very bottom of the forum page.
Thanks! Much appreciated.
Even as in fact running a 2.1 version, are running a past ‘beta’ that was offered prior to the final version. .it’s really great…..The Version and Build number are displayed in the bit at the very bottom of the forum page….