Jump to content

Version / Security concern


OctoDev

Recommended Posts

I think the point is, if you're on anything less than 4.1.19, you're exposed to the security defect. However, if you miss the red banner (and perhaps email notification) and only catch 4.1.19.1, you could be forgiven for missing the fact that you're a critical update behind.

Link to comment
Share on other sites

Even when you click on the link in the banner the relevant security information does not appear in the updater. There is no way for somebody who has missed the red banner and didn't check their email and hasn't checked this site to know that this is a security update.

Now, to be honest, if you're this person then I wouldn't join your site since I expect you to be on top of security updates especially but yeah there is some seeming inconsistency here.

Link to comment
Share on other sites

18 hours ago, Simon Woods said:

Even when you click on the link in the banner the relevant security information does not appear in the updater. There is no way for somebody who has missed the red banner and didn't check their email and hasn't checked this site to know that this is a security update.

Now, to be honest, if you're this person then I wouldn't join your site since I expect you to be on top of security updates especially but yeah there is some seeming inconsistency here.

It feels contrived, but you're a lone admin of a smaller site and are away for a couple of weeks. 19 and 19.1 dropped within about a week, so I could see you logging in and missing the red banner. Obviously, the system is currently orders of magnitude better than 3.x, but keeping the banner red if any pending updates are critical is a nice nod to security.

Link to comment
Share on other sites

50 minutes ago, Mark H said:

That is a bug, and I will report it as such.

If you are running a version less than a security release update, the banner should remain Red and not be able to be dismissed.

I remember that I already report that in the past, and it was fix. It's weird that this bug is back :unsure:

Link to comment
Share on other sites

1 minute ago, Simon Woods said:

A good reminder that every admin should check the Release Notes on this site at least once a month. ;)

or at least 'Follow' that entire page so when updates are made they are emailed to you. I have mine piped (commerce) into the suite so all admins are notified.

Link to comment
Share on other sites

1 minute ago, MADMAN32395 said:

or at least 'Follow' that entire page so when updates are made they are emailed to you. I have mine piped (commerce) into the suite so all admins are notified.

You could so inventive with access to that as well -- even to the point of being notified on your phone. That way it doesn't matter if you haven't visited your site or ACP or whatever.

Although, not everybody is willing to have their site intrude on them in this way so it's good to know that IPS is still on the case with improving the basic communication.

Link to comment
Share on other sites

The problem with following that section, or even getting emails when new versions are released, is that security updates aren't always flagged at the time that the notifications are sent - .19 wasn't flagged when I got the email about it, and .19.1 has only just been flagged (PSA: upgrade asap).

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...