Jump to content

Release 3.6.2 (Security Advisory)


Paul

Recommended Posts

Okay both my dev blesta and my production blesta have both been patched.

Thank you paul for fixing the issue and keeping the details at bay until all of us blesta users could patch our installs.

 

You are very welcome. Thanks for patching and letting us know all went through well! :blesta:

 

For anyone reading this, be sure to run /admin/upgrade, it will write a new config option to your /config/blesta.php config file.

Link to comment
Share on other sites

i see more php files included in the package, are all them concerned to this advisory ?

 

are they are some core-id corrected and fixed ?

 

The patch includes items from the 3.6.1 patch as well. You can run a diff between the two patches if you want to know what must be overwritten to go from 3.6.1 to 3.6.2 Our patches are meant to be applied to any specific minor version, ie 3.6.0 or 3.6.1 in this case.

 

There are 3 tasks for 3.6.1, however only the one related to path disclosure is public, in coordination with our competition. You may have noticed they released a patch at the same exact time.

Link to comment
Share on other sites

i had the oops come up again, and now not able to login as admin. This is great news with upgrades thanks Paul. 

 

What does the error say? If it is generic, you can edit /config/blesta.php and set this back to true:

 

Configure::set("System.debug"), true);

 

Then you should get a stack trace with more information about the issue. The more information you can provide the better.

Link to comment
Share on other sites

×
×
  • Create New...