nuke versions + patched

Involved Joined: Apr 06, 2008 Posts: 484

Hi all,

Im new to all this but from what i have been reading it seems a lot of the various nuke flavours seem to be based on nuke 7.6 with chatserv patchs.

What im wondering is why is 7.6 the preferred nuke to use?, also i would have thought that using the latest nuke version with patchs would be the better alternative as those versions would have a lot of bug fixes aswell.

Could some explain why 7.6 is better and what the disadvantages would be of running say 8.1 with chatserv patches.

also what version is ravens latest nuke based on.

Thanks
Peter

Posted: Sun Apr 06, 2008 6:34 am

7.6 is considered to be the most secure of the releases and versions after this introduced a number of security issues.

RN is originally based off of 7.6, but many many improvements, fixes etc. The patches come already applied and Sentinel comes pre-installed. RN is considered to be the most secure of the Nuke versions.

Posted: Sun Apr 06, 2008 6:39 am

Raven nuke is based off of the 7.6 version, but has been reworked significantly to improve it. Searching here will explain why it is not recommended to use any phpnuke version over 7.6 EVEN with patches due to numerous security problems. You can have the patches and NukeSentinel installed in later versions and not be as secure as the 7.6. since the quality of phpnuke (IMO) went down after this version. After 7.6, the releases opened more holes and bugs then they closed.

Take a look around here and I am sure you will find all the information needed to answer your questions directly, but if not, please post and you will find a very helpful, friendly, and knowledgable bunch of folks that are second to none...... RavensScripts

lol....sorry Jakec....didn't know you had posted..... Wink

registered · Posted: Sun Apr 06, 2008 8:04 am

Quote:

that using the latest nuke version with patchs would be the better alternative as those versions would have a lot of bug fixes aswell.

That might have been the case if the author had the community in mind. He would never even take the patches provided by Chatserv and community members and incorporate into nuke. He would just continue to develop new junk. I guess I should never say never, because there have been isolated incidences where he would take code from the patches, but then subsequently create new ones... And, did he care? Nope.

Posted: Sun Apr 06, 2008 4:12 pm

ok thanks for your reply's, i did search but couldn't find anything usefull, thats also a query of mine as i've noticed searching can gigve you somewhat sceptical results, but i assume that is from the phpbb side of things.

But anyway thanks for your replies.

Posted: Sun Apr 06, 2008 5:41 pm

One thing that happened, I think after 7.6, was that the Nuke author started integrating a wysiwyg editor into Nuke. For Ravennuke we have a true data processing professional, Kguske (who is also a site admin here) doing that work and the Nuke author is definitely not such. When you give users access to a textarea and the ability to incorporate HTML into pages, you darned well better have security and integrity as top criteria for what you do and we do with Ravennuke.

That's an important example but far from the only one. Thru the several versions of Ravennuke that have been released we have incorporated thousands of fixes to various bugs in the base Nuke code. As far as I know, none of them have been "backported" (as that chick whose name I forget on the tv show 24 would say) into PHPnuke.

registered · Site Admin Joined: Jun 04, 2004 Posts: 6437

Thanks for the compliment, fkelly, but even though some basic security was DISABLED in 7.7 to allow for the HTML editor and as you mentioned, we took a more secure approach with nukeWYSIWYG in RavenNuke, the most important difference is the way RN is developed and enhanced - by a team of dedicated professionals. Led by Raven and Montego, this team (of which I am hardly the most prolific contributor), includes developers, testers - working with SVN and a bug tracker to add valuable enhancements, fix known issues, simplify installation, improve compliance - and, of course, security. So many people contribute - people who not only use it, but also support it (something else you won't find on the original site, unfortunately).

Providing support has a funny way of forcing a focus on bugs, security issues, and the like, instead of simply trying to slam in poorly conceived and tested functional enhancements.

Posted: Sun Apr 06, 2008 6:38 pm

It sounds like we are on the same page Kguske, maybe even in the same textarea.

Smile

And yeah, your last point is important. The same people who do the development here also are involved with support. How different that is from PHPnuke. There is nothing like holding your own feet to the fire, so to speak.

Posted: Sun Apr 06, 2008 8:58 pm

IF you look in the 2.20 Fourm under "All Issues"....You will see it is a very short list and only a few of those really come back to RN being the real issue. I wonder how mnay times RN has been dowloaded here? Thousands I am sure. For the list to be that short....You know these guys are doing something right!!

Dawg

Posted: Sun Apr 06, 2008 11:42 pm

Dawg wrote:

IF you look in the 2.20 Fourm under "All Issues"....You will see it is a very short list and only a few of those really come back to RN being the real issue. I wonder how mnay times RN has been dowloaded here? Thousands I am sure. For the list to be that short....You know these guys are doing something right!!

Dawg

I was just wondering was all.

I'd heard a fair bit about the chatserv patchs and assumed that the patchs fixed up all the major vulnerabilities.