Site Software not updated with latest versions?

halie

Active Member
Apr 12, 2006
30
0
156
Hi

I have been told that CPanel "Site Software tends to be behind on its updates". Obviously this is not a good sign bearing in mind we rely on WHM and CPanel products to properly secure our servers and, it goes without saying that, outdated software poses significant security risks.

Would it be possible for the CPanel team to explain why this is the case, and whether there will be any improvement in future?

Thanks in advance
Halie
 

cPanelDavidG

Technical Product Specialist
Nov 29, 2006
11,216
11
313
Houston, TX
cPanel Access Level
Root Administrator
Hi

I have been told that CPanel "Site Software tends to be behind on its updates". Obviously this is not a good sign bearing in mind we rely on WHM and CPanel products to properly secure our servers and, it goes without saying that, outdated software poses significant security risks.

Would it be possible for the CPanel team to explain why this is the case, and whether there will be any improvement in future?

Thanks in advance
Halie
Nowadays, we tend to stay up to date with the Site Software (also known as cPAddons). Is there any particular application you feel is currently out-of-date?
 

halie

Active Member
Apr 12, 2006
30
0
156
David

If you don't mind me saying, your answer is rather ambiguous; words such as "nowadays" and "tend" do not impart much peace of mind.

Wasn't it *always* a priority for CPanel to keep it's software free of known security vulnerabilities, and doesn't CPanel *ensure* that Site Software is always kept up to date? If not, may I ask what is the company policy on this product?

I will try to let you know the main concerns about specific software in the suite shortly.

Thanks for your response.
Halie
 

halie

Active Member
Apr 12, 2006
30
0
156
David
The software that we are most interested in are those that are not available in Fantastico:

PostNuke
ClickCartPro
E107
phpMyChat
OSCommerce
cPSupport
Advanced_Guestbook
YaBB
AgoraCart

Do you know what the schedule is for updates to the new versions of each of these products via "Site Software", compared with the actual releases direct from the respective websites?

Thanks
Halie
 

halie

Active Member
Apr 12, 2006
30
0
156
My provider is adamant that they will remove the "Site Software" addon for security reasons.

Is anyone able to tell me when and if the above products have been udpated to the latest versions? What is the schedule for updates for these products in the future?

I cannot find this information on the cpanel website, and without it it's obviously impossible to present a reasoned argument to my provider in favour of this product.

Thanks
Halie
 

halie

Active Member
Apr 12, 2006
30
0
156
I hope it's clear from my posts that I am genuinely attempting to find the correct information about the cPanel Site Software addin product and, in case there was an assumption to the contrary, I am not simply being antagonistic.

Hence, I would appreciate an answer to my previous questions as, currently, the silence implies that my provider was correct to remove this software.

Thank you
Hal
 

cPDan

cPanel Staff
Staff member
Mar 9, 2004
721
13
243
Hello,

I understand the importance of your question, allow me to explain the process:

We have a version watching system that alerts us when a given script has been updated.

As soon as the alert comes into our feed we create a case and review the update, typically within minutes of the alert. An good example of what we try to shoot for is the recent CopperMine update. The same day as Coppermine released their update we released the updated cPAddon of Coppermine.

Sometimes that is not always possible for various reasons. For example, by means of hyperbole:

There are currently 4 cPAddons needing to be updates. I will list them below along with the cause of the delay:

phpMyChat: it is actually up to date but there is a new, maintained, product that replaces it, we can't do an update to it though as the new version does not support table prefixes. The script developers have know about this for several months.

Xoops: the new 2.3.0 branch is essentially a new product and great care will need taken to convert the data without losing any of it

Geeklog: essentially the same problem as Xoops

PostNuke: This was literally made into a new product and we've been waiting since Jun 11, 2008 for the developers to get back to us about a few things they promised to give us information about. We've since then decided to handle the new product like we did with phpBB 2.x to phpBB 3.x and it should be out later this week.

Aside from freak situations like these 4 that happened almost simultaneously (and which very few people even use), our target is to release the cPAddon update the same day as the script is updated barring other important factors and of course factoring in review and QA. The most common factor in delay is "destructive SQL changes" and no documentation about what data needs moved to where. If the various projects would document their SQL changes typically it'd take approximately 30 minutes to create and initially test a cPAddon update.

I hope that helps you to see the importance to us of and our dedication to updating cPAddons as quickly as possible while at the same time ensuring they are done safely!
 

halie

Active Member
Apr 12, 2006
30
0
156
Dan
It is good to have this insight into your processes, and I feel that the reasons you give for the exceptions/delays are understandable.
Thank you very much for explaining the situation in such detail.
Halie
 

cPDan

cPanel Staff
Staff member
Mar 9, 2004
721
13
243
I should also note that although PostNuke was discontinued in June they did not have a conversion utility to the new (and still very buggy according to the announcement) version until Feb 2nd, those sorts of delays also mean we can't do much with it :)
 

cPDan

cPanel Staff
Staff member
Mar 9, 2004
721
13
243
Dan
It is good to have this insight into your processes, and I feel that the reasons you give for the exceptions/delays are understandable.
Thank you very much for explaining the situation in such detail.
Halie
You're very welcome, any time :)
 

gkgcpanel

Well-Known Member
Jun 6, 2007
214
1
166
cPanel Access Level
DataCenter Provider
phpMyChat has a broken link in it.

Dear cPanel team,

Looks like the link to phpmychat.sourceforge.net is no longer available.

It seems to redirect to: http://www.phpheaven.net/phpmychat:home which results in a 404 page not found error.

This link is found when first going into phpMyChat under Site Software.

cPAddon cPanel::Chat::phpMyChat
This is a cPanel packaged module. (v0.1)

Website http://phpmychat.sourceforge.net/

Description: (v0.15.0)
PHP/MySQL based Chat

Just thought you might want to correct that as customers are asking us why the site is not there.
 

cPanelDavidG

Technical Product Specialist
Nov 29, 2006
11,216
11
313
Houston, TX
cPanel Access Level
Root Administrator
Dear cPanel team,

Looks like the link to phpmychat.sourceforge.net is no longer available.

It seems to redirect to: http://www.phpheaven.net/phpmychat:home which results in a 404 page not found error.

This link is found when first going into phpMyChat under Site Software.

cPAddon cPanel::Chat::phpMyChat
This is a cPanel packaged module. (v0.1)

Website http://phpmychat.sourceforge.net/

Description: (v0.15.0)
PHP/MySQL based Chat

Just thought you might want to correct that as customers are asking us why the site is not there.
It appears their own link to phpMyChat is broken on their website (phpHeaven.net). They may just be experiencing website issues but I have contacted them about this issue so they are aware of the situation.
 

cPanelDavidG

Technical Product Specialist
Nov 29, 2006
11,216
11
313
Houston, TX
cPanel Access Level
Root Administrator
Dear cPanel team,

Looks like the link to phpmychat.sourceforge.net is no longer available.

It seems to redirect to: http://www.phpheaven.net/phpmychat:home which results in a 404 page not found error.

This link is found when first going into phpMyChat under Site Software.

cPAddon cPanel::Chat::phpMyChat
This is a cPanel packaged module. (v0.1)

Website http://phpmychat.sourceforge.net/

Description: (v0.15.0)
PHP/MySQL based Chat

Just thought you might want to correct that as customers are asking us why the site is not there.
The link provided by cPAddons (Site Software) is now working again. Thanks for bringing this to our attention.
 

sharmaine001

Well-Known Member
Jun 23, 2006
143
0
166
Wordpress is already outdated. a new version 2.8.5 has been released. yours is still 2.8.4

when are you going to update? it has been several weeks since 2.8.5 has been released
 

cPDan

cPanel Staff
Staff member
Mar 9, 2004
721
13
243
Wordpress is already outdated. a new version 2.8.5 has been released. yours is still 2.8.4

when are you going to update? it has been several weeks since 2.8.5 has been released
It will be early this week, thanks! We'll post back here when it is available.
 

sharmaine001

Well-Known Member
Jun 23, 2006
143
0
166
It will be early this week, thanks! We'll post back here when it is available.
Thanks

Normally we do not have to request here a script to be updated right? and you update it automatically even without someone requesting?
 

cPDan

cPanel Staff
Staff member
Mar 9, 2004
721
13
243
Thanks

Normally we do not have to request here a script to be updated right? and you update it automatically even without someone requesting?
Correct, this month's schedule was very abnormal.
 

cPDan

cPanel Staff
Staff member
Mar 9, 2004
721
13
243
Hello, I apologize - I forgot to post back here: wordpress was updated tuesday morning. As for the scheduling, yes, it is very important to us to keep everything updated. Again this was an abnormal thing so shouldn't be a problem :)
 

sharmaine001

Well-Known Member
Jun 23, 2006
143
0
166
Thanks so much!

However I believe 2.8.6 has released

WordPress 2.8.6 prevents malicious code from being uploaded. So is it possible to upgrade your script to 2.8.6?

Thanks!