b2evolution 4.0.5 (stable) released & security fix

Posted by on Aug 25, 2011 in New releases, b2evolution.net

b2evolution 4.0.5 was released some time ago containing an important security fix.

It is recommended that everyone upgrades to that version.

Download here »

We originally released this silently so that people would have time to upgrade without drawing any more attention to the security issue.

It is now time that people who don't nomally upgrade minor versions consider doing so too.

You might wait for b2evolution 4.1 -- to be released in a couple of weeks -- but be advised that b2evo 4.1 will be released as a beta whereas 4.0.5 is released as a stable version.

We will point more specifically to the issue once everyone now warned has been given a chance to upgrade either to v 4.0.5-stable or v 4.1-beta.

Note: the threat level for this issue is considred Moderate (2/5), but still, we want to give you time to upgrade before letting the bad guys know exactly where to look.

6 comments

Comment from: Keith Visitor

Keith

It’s unfortunate that you guys didn’t give the heads up to users on the importance sooner. Since it was done silently without the slightest indication of any changes, I assumed it just contained minor changes, not an important security update.

Comment from: Hypocrite Visitor

Hypocrite

The upgrade from 4.0.4 to 4.0.5 is not possible with the latest release.

After running the upgrade script, the version of b2evolution is still 4.0.4.

Comment from: Member

Hypocrite: you probably haven’t uploaded all files from the new version.

Comment from: Hypocrite Visitor

Hypocrite

Thanks. Seems like there really were some files missing even though I double checked.

The thing that confused was the _version.php file in install which says:
$current_version = 2; // 4.0.4


Form is loading...