| « b2evolution 4.1.0 (beta) released | b2evolution 4.0.4 (stable) released » |
b2evolution 4.0.5 (stable) released & security fix
b2evolution 4.0.5 was released some time ago containing an important security fix.
It is recommended that everyone upgrades to that version.
We originally released this silently so that people would have time to upgrade without drawing any more attention to the security issue.
It is now time that people who don't nomally upgrade minor versions consider doing so too.
You might wait for b2evolution 4.1 -- to be released in a couple of weeks -- but be advised that b2evo 4.1 will be released as a beta whereas 4.0.5 is released as a stable version.
We will point more specifically to the issue once everyone now warned has been given a chance to upgrade either to v 4.0.5-stable or v 4.1-beta.
Note: the threat level for this issue is considred Moderate (2/5), but still, we want to give you time to upgrade before letting the bad guys know exactly where to look.
| Tweet this! |
|
|
6 comments
It's unfortunate that you guys didn't give the heads up to users on the importance sooner. Since it was done silently without the slightest indication of any changes, I assumed it just contained minor changes, not an important security update. 
The upgrade from 4.0.4 to 4.0.5 is not possible with the latest release.After running the upgrade script, the version of b2evolution is still 4.0.4.
Well, it's good news that a new version is coming anyway. I'll be upgrading as soon as possible. Keep up the good work! 
Hypocrite: you probably haven't uploaded all files from the new version. Thanks. Seems like there really were some files missing even though I double checked.The thing that confused was the _version.php file in install which says:
$current_version = 2; // 4.0.4
Don't worry about that file, it's experimental ;)
Comment feed for this post