About the new Fix pack

Involved Joined: Jul 03, 2006 Posts: 273

Does it only include the Fix for the found Vulnerability or does it also include Fixes for the other issues already resolved since 2.3.1 release?

Posted: Fri Jun 26, 2009 1:09 am

Yey ,new version . Good job guys.
duck, check the updated files and file compare them with ravenphpscripts.com opened on a side window, might help you Razz

. nah I'm kidding , I don't know. Embarassed

registered · Site Admin Joined: Jun 04, 2004 Posts: 6437

Please see the Only registered users can see links on this board! Get registered or login! for details.

Posted: Fri Jun 26, 2009 1:02 pm

kguske wrote:

Please see the Only registered users can see links on this board! Get registered or login! for details.

I read the announcement but it only mentions the File Upload Manager so if that is your elaborate way of saying no then why not just say NO it would have saved you some typing. However seeing as how this is a new version number I would have thought it might included some other already resolved issues too?

Posted: Fri Jun 26, 2009 1:34 pm

It isn't a new version. As the announcement details, it's an upgrade / fix to address a perceived security issue.

And, as I'm sure you are aware, Raven published the process for upgrades / fixes, so I guessed that your original question was your elaborate way of restating your desire to change that process.

Finally, the table name issue that led to this whole discussion was an installation issue. I'm sure the team would be open for suggestions on how to address that beyond the simple changes to the installation routine, which I'm sure you wouldn't want to rerun on your site.

Posted: Fri Jun 26, 2009 2:04 pm

Well its just that it was named FixPack to me a pack implies there may be more than one fix So I though maybe there were other fixes in it too besides the one mentioned.

Posted: Fri Jun 26, 2009 2:35 pm

you can always post a pack with all the fixes the members found here Wink

Posted: Fri Jun 26, 2009 2:45 pm

I'm not sure why you would infer changes that aren't specified in the announcement, which is pretty clear on what's included.

Again, the fix you're referring to was an installation issue. Since most sites that had that issue resolved it by renaming the tables after installation, it doesn't make sense to address that in an upgrade.

Finally, I'd prefer to discontinue this rehashed discussion so we can focus on the next release, which will include much more than a single authorization fix.

Posted: Fri Jun 26, 2009 3:02 pm

@duck - How would you suggest we name these releases?
Maybe we could use;
FixPack - one fix?
FixesPack - more than one fix?

What naming convention, in your opinion, removes all doubt as to what is released?

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

Duck,

Seriously, you need to let up a bit. You seem to want to hammer us about everything, big/little. While this is your prerogative it is definitely (un/counter)productive. Your presence here has helped many people and you have offered up a great deal of help. At other times you seem hell bent on stirring things up and ticking people off.

If you read the announcement in the forums it clearly states
"This change prevents the unauthorized uploading of files via the file manager identified by S. Electric. When used with RavenNuke(tm), the editor is configured to allow uploads for admins
Note that "change" is singular.

Then in the Change Log it states
2009-06-23 v2.30.02 Security/Fix/Maintenance Release for RavenNuke(tm) - Minor Enhancements Possible
===================================================
0001455: [Module - nukeWYSIWYG/FCKeditor] Prevent unauthorized uploads through FCKeditor identified by S. Electric (Kguske) - resolved.

I don't really believe it needs further clarification.

Posted: Fri Jun 26, 2009 3:20 pm

@eldorado: As issues are identified and verified we enter a Mantis tracking issue. We then scope it to decide if it needs to be a special fix/security release or we will just include it in the next regular release.

@duck: For future reference, FixPack simply means it is a pack of one or more fix(es). The user must read the Change Log and/or other Documentation for the details. This is pretty standard in the Community and even Industry.

registered · Posted: Fri Jun 26, 2009 4:24 pm

I have also mentioned elsewhere that we are going to be looking at our release cycle internally starting with the 2.4.0 release. We know that there is a better way to do this, but we already had way too many changes to our trunk since 2.3.1 went out, that it was more risky to try and port those over to a patch release.

We just ask that you give us a little benefit of the doubt and give us time to get straight on a few things. Ok?

registered · Posted: Fri Jun 26, 2009 5:01 pm

I think you guys are doing a fine job.... I'm just overjoyed that y'all are working on RavenNuke. Ever how you decide to release it will be fine with me.... Smile

Posted: Sat Jun 27, 2009 3:30 pm

Raven, I know , thats why I said Good Job :p Don't be so paranoid , the second one was a bit sarcastic.

Posted: Sat Jun 27, 2009 3:41 pm

Just the facts, plain and simple - No paranoia; no sarcasm.