Jump to content

5.2.6 Security Release - why no patch?

Redsign

By Redsign
in Feedback

 Share

Recommended Posts

  • Replies 86
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

Redsign Senior Member

Redsign

Posted
  • Author
Posted

Thanks for the quick reply.

 

How come the other versions get a patch? What about users who rely on a reseller to get the update? I understand not wanting the full version publicly available, but delaying a security release isn't great...

 

Does 5.2.6 roll in any other bug fixes fixed since 5.2.5?

 

Thanks.

Link to comment
Share on other sites
edvan.com.br Member

edvan.com.br

Posted
Posted
Hello,

 

There are no template modifications done, however due to the amount of files that have been touched - a Full release is necessary.

 

Thanks!

 

Several clients are with this question ... because the vast majority have customizations in "tpl". Would not it be wiser to just create a file with the file instead of folder /templates/

 

Here is my suggestion ... create a separate file!

Link to comment
Share on other sites
DF-Duncan Senior Member

DF-Duncan

Posted
Posted

I cannot believe there is no patch for v5.2.5.

 

The amount of problems with files we had going to 5.2.5, there is no way you can expect you clients to blindly upgrade, even with a dev install, hoping it all works.

 

There is just to much to test, as the confidence we have in everything just supposed to be working is no longer there, it needs testing in a dev install. With a security release, the testing period is no longer an option.

 

You cannot test cron runs, credit card auto billing, etc etc in a small amount of time. It took us 3-4 weeks to get a fix for the last upgrade which Matt solved in the end with a new file.

 

I think this is a poor decision.

Link to comment
Share on other sites
WHMCS Chris Senior Member

WHMCS Chris

Posted
Posted
Several clients are with this question ... because the vast majority have customizations in "tpl". Would not it be wiser to just create a file with the file instead of folder /templates/

 

Here is my suggestion ... create a separate file!

 

As 5.2.6 is the latest version, it's also the one that new downloads will obtain for their full version. Thanks.

Link to comment
Share on other sites
WHMCS Chris Senior Member

WHMCS Chris

Posted
Posted
I cannot believe there is no patch for v5.2.5.

 

The amount of problems with files we had going to 5.2.5, there is no way you can expect you clients to blindly upgrade, even with a dev install, hoping it all works.

 

There is just to much to test, as the confidence we have in everything just supposed to be working is no longer there, it needs testing in a dev install. With a security release, the testing period is no longer an option.

 

You cannot test cron runs, credit card auto billing, etc etc in a small amount of time. It took us 3-4 weeks to get a fix for the last upgrade which Matt solved in the end with a new file.

 

I think this is a poor decision.

 

 

 

Thanks for your feedback.

Link to comment
Share on other sites
WHMCS Chris Senior Member

WHMCS Chris

Posted
Posted
Quite disappointed with such a reply. That is taken with a big 'who cares' response.

 

Hello,

 

I had explained in my above posts why there is not a patch release for v5.2.6. Nearly every file of WHMCS has been reviewed, and had some level of code refactor, thus to provide an incremental update would be providing nearly every file already. As such, it provides less room for error if an entire build is provided.

Link to comment
Share on other sites
DF-Duncan Senior Member

DF-Duncan

Posted
Posted
Hello,

 

I had explained in my above posts why there is not a patch release for v5.2.6. Nearly every file of WHMCS has been reviewed, and had some level of code refactor, thus to provide an incremental update would be providing nearly every file already. As such, it provides less room for error if an entire build is provided.

 

Maybe the case Chris, but when it took 5-6 weeks to get a fix ( I just checked the dates of the tickets to confirm ) on the last update, to which we also had to pay a 3rd party programmer to write a temp solution for us, to eventually get a fixed ccfunctions.php sent to us, you just cannot expect your clients to blindly update with no period of testing.

 

There have been to many 'broken' releases, patches since the migration with cPanel, to not test the software.

Link to comment
Share on other sites
WHMCS Chris Senior Member

WHMCS Chris

Posted
Posted
Maybe the case Chris, but when it took 5-6 weeks to get a fix ( I just checked the dates of the tickets to confirm ) on the last update, to which we also had to pay a 3rd party programmer to write a temp solution for us, to eventually get a fixed ccfunctions.php sent to us, you just cannot expect your clients to blindly update with no period of testing.

 

There have been to many 'broken' releases, patches since the migration with cPanel, to not test the software.

 

Hey Duncan,

I understand your concerns, believe me. However my concern is your comments on 'blindly update with no period of testing', as well as 'broken releases...to not test the software'.

 

This release has gone through a large series of testing which I was personally involved with along with our new Quality Assurance team member to ensure these releases have ability to maintain their previous versions functionality.

 

As this is a targeted release, bugs found in 5.2.5 and earlier are not introduced into the code base. Something that 5.3.0 which we've began working on, and will continue to work on before a beta release is available will address.

 

The end desire & result is to exponentially increase our amount of test code coverage, and functional (human testing) before each release is marked as stable. That being said, each release will go through a series of iterations prior to being marked as stable.

Link to comment
Share on other sites
DF-Duncan Senior Member

DF-Duncan

Posted
Posted (edited)

Maybe Chris, but looks like, all though a small problem, has already been found in the encryption of the config.php in the crons directory.

 

Can you now understand how nervous this makes us feel, there should be 'NO' problems in a release.

Edited by DF-Duncan
Link to comment
Share on other sites
WHMCS Chris Senior Member

WHMCS Chris

Posted
Posted
Maybe Chris, but looks like, all though a small problem, has already been found in the encryption of the config.php in the crons directory.

 

Can you know understand how nervous this makes us feel, there should be 'NO' problems in a release.

 

Checking into it now. And while I agree there should never be issues with a release, there will unfortunately always be some form of an issue with any software.

 

I'm still waiting on a bug from Adobe to get resolved that's two years old.

Link to comment
Share on other sites
DF-Duncan Senior Member

DF-Duncan

Posted
Posted

Issues maybe Chris, but then thats when support time responses needs to match with 'fixes'. When your clients have to wait 5-6 weeks for a fix to run auto mated daily credit card runs, then that is not acceptable. WHMCS is a daily billing client, it is not like software for designing, ie Adobe

 

This is why with every update we now have to check 'everything' works, and this takes time, it cannot be done in 2-3 hours.

 

I will not keep going over the point as it has been said above, and I do not want to sound like we no longer support WHMCS, as we do, and it is a great product, but the upgrade paths and patches have a lot to be desired of late.

 

I also hope this is fixed in the future, so it does not begin to alienate your clients.

Link to comment
Share on other sites
WHMCS Chris Senior Member

WHMCS Chris

Posted
Posted

There's no change to ./crons/config.php however the build utility did not ignore this file to be encoded. It can be excluded without issue. This file however should always be excluded during an upgrade if you've performed modifications to this file.

Link to comment
Share on other sites
WHMCS Chris Senior Member

WHMCS Chris

Posted
Posted
Issues maybe Chris, but then thats when support time responses needs to match with 'fixes'. When your clients have to wait 5-6 weeks for a fix to run auto mated daily credit card runs, then that is not acceptable. WHMCS is a daily billing client, it is not like software for designing, ie Adobe

 

This is why with every update we now have to check 'everything' works, and this takes time, it cannot be done in 2-3 hours.

 

I will not keep going over the point as it has been said above, and I do not want to sound like we no longer support WHMCS, as we do, and it is a great product, but the upgrade paths and patches have a lot to be desired of late.

 

I also hope this is fixed in the future, so it does not begin to alienate your clients.

 

I guarantee you that we are putting measures in place to alleviate this uncertainty. If you ever need an issue resolved in a more timely fashion, feel free to email me directly. My name @whmcs.com

 

Additionally, as many I feel would agree. We've exponentially increased our support ticket response & resolution time with the addition of four new Technical Analysts.

Link to comment
Share on other sites
netwisp Junior Member

netwisp

Posted
Posted
Hello,

 

I had explained in my above posts why there is not a patch release for v5.2.6. Nearly every file of WHMCS has been reviewed, and had some level of code refactor, thus to provide an incremental update would be providing nearly every file already. As such, it provides less room for error if an entire build is provided.

 

If every file has been reviewed and refactored then you really can't call it an incremental update anymore. You should just patch the known security holes and then come out with 5.3 that has code refactoring. Because all you're doing here is confirming the person's point that the code needs to be tested before going into a live environment which is the last thing you want to do for a security update.

 

Hal

Link to comment
Share on other sites
WHMCS Chris Senior Member

WHMCS Chris

Posted
Posted
If every file has been reviewed and refactored then you really can't call it an incremental update anymore. You should just patch the known security holes and then come out with 5.3 that has code refactoring. Because all you're doing here is confirming the person's point that the code needs to be tested before going into a live environment which is the last thing you want to do for a security update.

 

Hal

 

I'm not calling 5.2.6 an incremental, as we provided a full release.

Link to comment
Share on other sites
lbb Junior Member

lbb

Posted
Posted (edited)

Is there a list of changed files somewhere for changes between 5.2.5 an 5.2.6? I don't really need a patch file, but would really like to know which files have changes. I checked the changelog but could not find any detailed information. Thanks.

Edited by lbb
Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept