Gnomercy
04-28-2005, 12:25 AM
This notice is intended for our customers using ModernBill, or for resellers with customers using ModernBill. On March 17th, 2005, the makers of the ModernBill billing software released a new version of their software.
Quote:
---------------------------------------------------------
Version 4.3.1 Release - Security Update
In keeping with our quarterly release policy, ModernGigabyte is proud to release our new version 4.3.1. Please note that this version release contains some important security upgrades. You will want to upgrade to this version as soon as practicable. Changes in PHP scripting methods make it necessary for us to make changes from time to time to reduce the possibility of cross-scripting and SQL injection attacks.
---------------------------------------------------------
Users of the ModernBill software package are advised to upgrade to the newest version to repair some bugs introduced by the recent upgrade to php 4.3.10, however, if you are unable to upgrade, please ensure that you have removed the “samples” directory from your ModernBill installation. The "samples" files are not intended for live usage and should only be used as an example of how to integrate some aspects of ModernBill into your existing web site. This will protect your ModernBill from the "Remote File Include Vulnerability" until you can upgrade to the latest release.
We have upgraded to the most recent version and can confirm it is fully functional and does seem to resolve some bugs. We ask that everyone that is using or has a customer using modernbill follow the above stated procedures for locking down the security hole and ensuring the security of both your site and the server your site is on.
Quote:
---------------------------------------------------------
Version 4.3.1 Release - Security Update
In keeping with our quarterly release policy, ModernGigabyte is proud to release our new version 4.3.1. Please note that this version release contains some important security upgrades. You will want to upgrade to this version as soon as practicable. Changes in PHP scripting methods make it necessary for us to make changes from time to time to reduce the possibility of cross-scripting and SQL injection attacks.
---------------------------------------------------------
Users of the ModernBill software package are advised to upgrade to the newest version to repair some bugs introduced by the recent upgrade to php 4.3.10, however, if you are unable to upgrade, please ensure that you have removed the “samples” directory from your ModernBill installation. The "samples" files are not intended for live usage and should only be used as an example of how to integrate some aspects of ModernBill into your existing web site. This will protect your ModernBill from the "Remote File Include Vulnerability" until you can upgrade to the latest release.
We have upgraded to the most recent version and can confirm it is fully functional and does seem to resolve some bugs. We ask that everyone that is using or has a customer using modernbill follow the above stated procedures for locking down the security hole and ensuring the security of both your site and the server your site is on.