It really shouldn't be that difficult to follow
There is only one version number of cPanel. The release trees are simply milestones along version development. You will always know if, e.g., this fix is in the tree you are running because the tree version will be equal to or greater than the version that it was fixed in
Jonathan Michaelson
Need your cPanel servers secured and tuned?
cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
http://www.configserver.com
That's lovely too. If I was to take bets on when 10.8.1-S114 will reach 10.8.2-E1, I'd back being an old man by then. From the amount of bugs in File Manager and WysiwygPro listed in the changelog, cPanel appear to have bumped things a version.
And all that aside - we have a remotely exploitable hole - that isn't being fixed - hasn't been notified to customers - the bugzilla entry is locked so we can't investigate for ourselves - and we're ("we" as in those who happened to notice some reports before it is all quietly swept under the carpet) being told the solution is to upgrade to a version that lists one of it's recent fixes as "killacct deleting incorrect MySQL databases". Do I really need to explain what's wrong with this picture?
Just to let people know that sites are being hacked. Doesn't seem to give root access, but sites are erased.
Michael
Hi
the way I understand the changelog is that the version number is unique !!!
So if the current build is version 100. Then EDGE will be 101. so when current reaches say 105. It will include all the changes made into versions below 105. So it will include edge below it. and so on and so on.
I agree the version number needs work.
4 Separate displays for each branch, Stable, Release, current and edge would make it easier for us to understand it.
cheers
andy
Originally Posted by rs-freddo
Is there a mod security rule that stop it?
I just did the chmod outlined on page 1 and then went thru and deleted the WysiwygPro directory in all sites that had it. Luckily only one site was defaced and that was only being used for email, so the webpages were of no consequence.
Michael
How did you find websites with WysiwygPro?
Update: OK, I believe via
Code:find / -name WysiwygPro
Last edited by Nic; 03-07-2006 at 05:09 PM.
find /home/ -name WysiwygPro -type d -exec ls -al {} \;
It's a bit messy but I was in a hurry.
Yes, your code would be neater.
then again something like:
find /home/ -name WysiwygPro -type d -exec rm -rf {} \;
might do the whole thing in one go. I'm not entirely comfortable running rm -rf without the option of OK'ing each delete...
This isn't much use really as I did need to check that each client was not defaced.
Last edited by rs-freddo; 03-07-2006 at 05:16 PM.
Michael
Thank you, Michael.
Oh well...I have hundreds of websites with WysiwygPro.
Upgrading to bleeding EDGE is not our choice...
I have always wondered why CPanel doesn't develop using multiple code trunks, much like Mozilla does.
For instance, Mozilla.org had to release a new version of FireFox to fix a Javascript vulnerability. They released 1.5.0.3 to fix it. Originally 1.5.0.3 was to be a bigger release, but they had to release 1.5.0.3 faster, so they pushed all changes made to the trunk up to the 1.5.0.4 tree and then released 1.5.0.3 minus the changes they did that they are including in 1.5.0.4.
Makes more sense to me to have multiple development trunks. That way, if things go bad, like in this case, they can back port changes to previous versions.
And for that matter, every time something big happens, like a bug fix, CPanel has to go all the way back to the EDGE state to test it. Yeah, I know, testing and all, but some bug fixes are so small, so insignificant that they can easily just say, "Ok, the bug fix is so simple that there is no need for such a huge step back to EDGE."
The killing of wrong databases, that bug fix was so simple that it didn't need to be declared an EDGE build. Even people with limited coding knowledge but do know something about MySQL can see that. Simple fix!
Last edited by trparky; 05-04-2006 at 08:53 PM.
Tom Parkison – Rochen Ltd. – tom@rochen.com
- Reseller Plans & Multiple Domain Solutions
- http://www.rochen.com
the built does not shows up in the changelog any more, does it means it has been sent to the Release tree cause our Cpanel box are running release tree built.
Best Regards,
Andy
Is this problem being addressed? What does cPanel have to say about it? I surely don't want to have my client's sites compromised, and I don't want to get a new control panel and teach my clients "new tricks" just because of this
It was fixed in all versions once STABLE went to 10.8.2
Jonathan Michaelson
Need your cPanel servers secured and tuned?
cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
http://www.configserver.com
I have a reply from Nick that the RELEASE version also include the fixes for all Linux builds except for FREEBSD.
Tweakservers | Professional Server Setup & Security Hardening
Authorised SmarterTools Reseller, SSL Certificate & TRUSTe Privacy Policy
LinkBack URL
About LinkBacks
Reply With Quote