News Flash:
New Version of ShopClass theme 1.4.0 is Released on 13 JUNE 2018, Please upgrade your installation.

Re: [Development][Support] Status Update

A place to talk about anything related to Tuffclassified theme in general. This is not the place to ask support questions.
Locked
User avatar
tuffadmin
Site Admin
Posts: 1236
Joined: Tue Jan 29, 2013 7:31 pm
Has thanked: 33 times
Been thanked: 111 times

Re: [Development][Support] Status Update

Post by tuffadmin » Sat Oct 04, 2014 6:32 pm

PLEASE KEEP THIS INFORMATION PRIVATE, until we make a public announcement in the following days.


Hello all,

Yesterday we were contacted by someone who has found some vulnerabilities in Osclass. Said vulnerabilities are serious and we recommend you to update inmediately if possible.
We're still testing the changes but we have a patched version already here:

Code: Select all

http://static.osclass.org/download/osclass.3.4.3.zip

PLEASE KEEP THIS INFORMATION PRIVATE, until we make a public announcement in the following days.

Vulnerability affects the alerts system, once updated you should not have any problem, but as I already said, we are still testing this patch. Update *could* fail if you have hundreds of thousands of alerts or if some of your alerts are serialized instead of base64_encoded (but they shouldn't). If you think you will have problems, please send me ( [email protected] ) your t_alerts table and wait for my reply (I'm on holidays, but shouldn't be more than one day).

If you're holding back and using a previous version to 3.4.x, please update and make the changes needed in plugins/themes to make it work with 3.4, this patch is important.


PLEASE KEEP THIS INFORMATION PRIVATE, until we make a public announcement in the following days.



I also request you to not share this information until we make a public announcement, this vulnerability could put at risk all Osclass installation, so we do not want to share it until we're ready to release it and make everyone update as quickly as possible. Also consider that while it's patched, we did not have enough time to test the changes, use at your own risk.. You're free to privately share this patch/update from the following url :

Code: Select all

http://static.osclass.org/download/osclass.3.4.3.zip
I got this message from _CONEJO who you know in osclass forum and after testing with new version I though it is worthwhile to share with you.
No support for unnecessary PM, use forum for support queries.
Please give us good review if you bought our theme from Osclass Market

Locked