5.2.6 Security Release - why no patch?

[easyhosting]

They probably fixed their mistakes and just uploaded a new zip file without telling everyone or changing the version number like they did last time. WHMCS's deployments, patches and support are a joke!

 

i uploaded this to my dev install as soon as i got the notice of the blog, before i got the official email notice

[hostEONS]

Hello,

 

That is not the case. We did make an update to the build, and published that information on our blog. Please feel free to verify here: http://blog.whmcs.com/?t=76327

 

Chris

But this update is also full of bugs, i've downloaded this build and having a lot of issues, already submitted ticket couple of hours ago with no response or solution

[WHMCS Chris]

Chris

But this update is also full of bugs, i've downloaded this build and having a lot of issues, already submitted ticket couple of hours ago with no response or solution

 

What's your ticket number? We've only had a small list of legit issues come through. So I'm a bit leery to agree with the statement being "Full of bugs"

[hostEONS]

What's your ticket number? We've only had a small list of legit issues come through. So I'm a bit leery to agree with the statement being "Full of bugs"

 

Ticket #HFK-480871

[WHMCS Chris]

Ticket #HFK-480871

 

Hello,

We've responded and are waiting for your response. Additionally, you can troubleshoot blank/white pages in the future to expedite the resolution with our documentation: http://docs.whmcs.com/Blank_Pages

[hostEONS]

Hello,

We've responded and are waiting for your response. Additionally, you can troubleshoot blank/white pages in the future to expedite the resolution with our documentation: http://docs.whmcs.com/Blank_Pages

 

Thanks issue resolved

 

It was memory_limit issue as far as I remember whmcs memory requireement in php.ini is 32 MB and i set it up as 32MB but after i increased it to 64MB all errors are gone, it might help other clients as well

 

Thanks again

[WHMCS Chris]

Thanks issue resolved

 

It was memory_limit issue as far as I remember whmcs memory requireement in php.ini is 32 MB and i set it up as 32MB but after i increased it to 64MB all errors are gone, it might help other clients as well

 

Thanks again

 

Greetings,

I'm glad you were able to resolve it. Most PHP applications have a base requirement of 64M, so that is a recommend value to have.

[Matt]

...

Quality has gone to "** They censored sh-it ** LOL" since Matt took a backseat to development or whatever happened when cPanel got involved.

 

I just want to take a moment and comment on these remarks, both the one above and the general comments about releases being problematic recently.

 

Firstly no one is taking a "back seat". Everyone at WHMCS is dedicated and is working diligently to not only ensure the long-term viability of the company, product, and services of WHMCS, but the overall customer experience with WHMCS, and that includes myself.

 

But with that said, no release can ever be completely bug free. And when you must maintain, release, publish and support multiple versions, the potential for imperfect releases inevitably increases.

 

We as a company have made a lot of big strides forward over the past several months to address this reality. I do not wish to go on the defensive, however from my perspective I find it curious that people are labelling the latest round of releases "bad". The releases that were made on Wednesday morning were Targeted Security Releases which contained some very important and low-level changes within the product: these changes affected many parts of the product, and the permutation complexity was therefore extremely high. But the number of technical issues that have been reported from these changes are far less than previous releases that contained a similar, or even lesser, impact level. So given that perspective, I'd have to say that we're moving in the right direction: we are able to deliver more sophisticated change, in a shorter time frame, with less impact to customers than before.

 

In addition, as some of you will have noticed, build numbers are another thing we have introduced to address the concerns some people have had in the past regarding changing of updates once released, something which does not and will not happen again, and the first public release of 5.2.6 was build 3, as builds 1 and 2 both went through our internal QA process, during which issues were discovered and fixed prior to the release ever making it out the door.

 

Hopefully I will have an opportunity in the near future to blog or discuss in detail the changes that we've implemented at WHMCS over the last several months and how everyone benefits from them. However, now is not the time for that. Our Support team is receiving many tickets and doing a great job of analyzing and creating internal cases. From there the Developers, QA, and I can easily identify regressions or pre-existing issues and prepared fixes appropriately.

 

So while yesterday's releases weren't perfect, and we have room for improvement, we are making improvements and we plan to make many more: continually making internal process, as well as physical code changes, that improve the functionality, reliability and safety of WHMCS.

 

Regards,

 

Matt

[easyhosting]

Matt, I must be one of the lucky ones as testing the upgrade in my dev install this had no issues, so i installed this in production and have had orders processed and tickets in and out etc. without any issues of any kind. the only thing is that i never upgraded the lang or templates folder in production install

Edited July 25, 2013 by easyhosting

[ckh]

Hello,

 

I had explained in my above posts why there is not a patch release for v5.2.6. Nearly every file of WHMCS has been reviewed, and had some level of code refactor, thus to provide an incremental update would be providing nearly every file already. As such, it provides less room for error if an entire build is provided.

 

Why were there incremental patches for older releases?

 

23rd Jul 2013 5.2.6 RELEASE Full Package 12.6 MB

23rd Jul 2013 5.1.8 SECURITY Incremental Patch Update 2.61 MB

23rd Jul 2013 5.0.7 SECURITY Incremental Patch Update 2.49 MB

23rd Jul 2013 4.5.6 SECURITY Incremental Patch Update 2.23 MB

[Juanzo]

Thanks for taking the time to explain this kind of changes Chris.

 

Hopefully next updates will specify exactly what files have been changed, specially considering the automatic update is already in progress.

 

You can understand how frustrating could updates result if you made several customizations to files outside templates folde

[WHMCS Chris]

You can understand how frustrating could updates result if you made several customizations to files outside templates folde

 

Absolutely. However my question is, what files are being changed? The encoded files, as they're encoded, should not be modified. Language files, config.php, etc - of course can be.

 

If you'd like to discuss in private, I'm absolutely open to that. This information is invaluable to us as we need to have data on where people are having issues with upgrades so we can streamline this.

 

Assuming everyone has a vanilla installation of WHMCS is not a possibility, but identifying where people have made changes will absolutely help us moving forward.

 

Invitation for this is of course open to anyone.

[DavidBee]

Why were there incremental patches for older releases?

 

23rd Jul 2013 5.2.6 RELEASE Full Package 12.6 MB

23rd Jul 2013 5.1.8 SECURITY Incremental Patch Update 2.61 MB

23rd Jul 2013 5.0.7 SECURITY Incremental Patch Update 2.49 MB

23rd Jul 2013 4.5.6 SECURITY Incremental Patch Update 2.23 MB

 

 

Sorry if this sounds rude but how clear does he have to be?

 

Other than a few security patches the latest release had some code changes. This is the current release WHMCS is actively maintaining and updating and not the previous versions your mentioned.

 

http://docs.whmcs.com/Long_Term_Support#Active_Development

http://docs.whmcs.com/Long_Term_Support#WHMCS_Version_.26_LTS_Schedule

[ckh]

Sorry if this sounds rude but how clear does he have to be?

 

Other than a few security patches the latest release had some code changes. This is the current release WHMCS is actively maintaining and updating and not the previous versions your mentioned.

 

http://docs.whmcs.com/Long_Term_Support#Active_Development

http://docs.whmcs.com/Long_Term_Support#WHMCS_Version_.26_LTS_Schedule

 

I was under the impression that the security issue involved a lot of files. Maybe not.

 

Doesn't matter any more, I guess. I installed the script on 3 different whmcs instances only to find out when I completed, that a another update was needed when I went back and checked and ended up with a couple bugs which I opened a support ticket for. I took the time to only upload the files that were needed, no tpl files, no images, only to have whmcs go in and perform a complete installation anyway, overwriting the changes I wanted to save.

[AssociatedVOIP]

I have a custom admin folder name... and the upgrade cannot find the language folder... so now my admin area is broken.

Support ticket #FSS-014288

Thanks for testing this out before you published WHMCS!

What a great team!

 

And where is the incremental update?

Perhaps people think this security patch is full of bugs because they don't realize that WHMCS, for some reason, is refusing to provide the incremental update of bug fixes.

My guess is that they are too focused on the next version to support their existing versions (the ones that still have supposed support life).

Edited July 26, 2013 by AssociatedVOIP

[WHMCS Chris]

I have a custom admin folder name... and the upgrade cannot find the language folder... so now my system is broken.

Thanks for testing this out before you published WHMCS!

What a great team!

 

Howdy, this was absolutely tested.

 

Please ensure you're not including a starting slash, or dot (/,.) in your admin folder name. The dot is a security issue which can be used for directory traversal.

 

Thanks!

[AssociatedVOIP]

The admin folder name does not have a dot or slash.

Are you meaning in the config.php file?

[WHMCS Chris]

Hello,

Yes - ( http://docs.whmcs.com/Further_Security_Steps ). However the folder name itself should absolutely not have a period in it.

[AssociatedVOIP]

Thanks Chris!

That was it!

However... one of your support personnel put the leading and trailing slash in a couple months ago when I was having a bug issue.

I removed the trailing slash then, because it wouldn't resolve.

So now I have removed the leading slash and it works fine!

Thanks!

[WHMCS Chris]

Thanks Chris!

That was it!

However... one of your support personnel put the leading and trailing slash in a couple months ago when I was having a bug issue.

I removed the trailing slash then, because it wouldn't resolve.

So now I have removed the leading slash and it works fine!

Thanks!

 

Very glad to hear that. I apologize for the inconvenience this may have caused as well.

 

I would say this warrants an internet high five

[Chris74]

I don't understand what all the fuss is about. This isn't a complicated process.

 

All you have to do is make a copy of your files then download the update, delete the directories and files you don't want to update such as the lang directory, states dropdown list, install directory, additionaldomainfields.php etc etc. That takes all of five minutes. Then just upload the files.

 

This is no different than the usual update process, except that here are no template changes to worry about and no database updates - whats the problem?

 

If it doesn't work after you uploaded the files, then you probably did something wrong - but you can simply copy back the files anyway, no risk involved.

 

If you have customized files then you should have made a note of the files you made changes to. Updating this software is not complicated, unless you don't know how to perform basic file operations, in which case you shouldn't be running a hosting business.

 

My advice to the people who made negative comments in this thread is to stop whining and get on with it.

[Si]

I don't understand what all the fuss is about. This isn't a complicated process.

 

All you have to do is make a copy of your files then download the update, delete the directories and files you don't want to update such as the lang directory, states dropdown list, install directory, additionaldomainfields.php etc etc. That takes all of five minutes. Then just upload the files.

 

This is no different than the usual update process, except that here are no template changes to worry about and no database updates - whats the problem?

 

If it doesn't work after you uploaded the files, then you probably did something wrong - but you can simply copy back the files anyway, no risk involved.

 

If you have customized files then you should have made a note of the files you made changes to. Updating this software is not complicated, unless you don't know how to perform basic file operations, in which case you shouldn't be running a hosting business.

 

My advice to the people who made negative comments in this thread is to stop whining and get on with it.

 

Aww, isn't that sweet - have you met easyhosting? If not, you should. Both of the same ilk.

 

A total misunderstanding of the situation Chris74 - and if that's how you think you go about winning friends and influencing people who are your peers on this community - you probably shouldn't be in the hosting business either. It's not that simple.

 

IF you got it working, a simple 'it worked for me' would suffice - not telling everybody how stupid they are and insulting them. I'm glad you did the upgrade and it worked for you - seriously

Edited July 26, 2013 by Si

[ckh]

I don't understand what all the fuss is about. This isn't a complicated process.

 

All you have to do is make a copy of your files then download the update, delete the directories and files you don't want to update such as the lang directory, states dropdown list, install directory, additionaldomainfields.php etc etc. That takes all of five minutes. Then just upload the files.

 

This is no different than the usual update process, except that here are no template changes to worry about and no database updates - whats the problem?

 

If it doesn't work after you uploaded the files, then you probably did something wrong - but you can simply copy back the files anyway, no risk involved.

 

If you have customized files then you should have made a note of the files you made changes to. Updating this software is not complicated, unless you don't know how to perform basic file operations, in which case you shouldn't be running a hosting business.

 

My advice to the people who made negative comments in this thread is to stop whining and get on with it.

 

That's what I did, twice in a few hours as they came out with another update after I finished updating 3 sites. Then there were some bugs introduced, I opened a couple tickets, they came in and replaced all the files not bothering to let me know they were going to do that or backing anything up. I expected them to replace a couple files due to the issues, but, not everything.

 

A patch is a lot quicker to perform the upgrades. I don't have to scour the files to see what has been changed and uploads are a lot quicker also.

 

How hard would it have been to exclude the templates directory and language files since nothing changed there? Sure would have saved me a few hours and I could have done something more productive in that time.

 

Chris stated they want feedback so I'm giving it. If you didn't like the whining in the thread, why did you add yours to it?

[Chris74]

That's what I did, twice in a few hours as they came out with another update after I finished updating 3 sites. Then there were some bugs introduced, I opened a couple tickets, they came in and replaced all the files not bothering to let me know they were going to do that or backing anything up. I expected them to replace a couple files due to the issues, but, not everything.

 

A patch is a lot quicker to perform the upgrades. I don't have to scour the files to see what has been changed and uploads are a lot quicker also.

 

How hard would it have been to exclude the templates directory and language files since nothing changed there? Sure would have saved me a few hours and I could have done something more productive in that time.

 

Chris stated they want feedback so I'm giving it. If you didn't like the whining in the thread, why did you add yours to it?

 

I'm entitled to my opinion, just like you. You have expressed that you would have preferred a "patch" - yet WHMCS have explained their reasons for making this a full version and you continue to make a fuss about it.

 

You should never have to "scour the files" to see what has been changed, unless you have not made any record of the files you have modified / replaced - or if you have decrypted and modified the core files, which would break your licence anyway. Why would it take you hours?

 

If you backup your files and the upgrade doesn't work - it takes only a few seconds to put it back the way it was. There are no DB changes. This is a very low risk procedure.

 

As I said, I'm entitled to my opinion in the same way as you. I've read the comments in this thread and my opinion is that many people (not all) who've made negative comments are just making a big fuss and panicking for no real reason. This is a discussion forum. I'm entitled to disagree with your "feedback".

 

I truly believe that WHMCS have got to change the way they work and communicate and they are clearly a company that is going through a period of disruption and change - but it takes time to move those changes forward. Not long ago there were issues with support ticket replies taking several days - but they've taken on new staff and I'm pleased to say the response times have improved. This shows that they are making efforts to improve in that area and in other areas.

 

I was royally pissed off when they released the recent Nominet changes at the last minute and failed to communicate properly about it. I gave my feedback then, as I do now.

 

In this case, I don't think that your criticism is valid. They released an urgent, critical security update that required a replacement of all core files. Personally - I just got on with it and updated our installation and it went without incident.

 

Thanks to WHMCS for working quickly to fix the security issues.

[JLHC]

Absolutely. However my question is, what files are being changed? The encoded files, as they're encoded, should not be modified. Language files, config.php, etc - of course can be.

 

If you'd like to discuss in private, I'm absolutely open to that. This information is invaluable to us as we need to have data on where people are having issues with upgrades so we can streamline this.

 

Assuming everyone has a vanilla installation of WHMCS is not a possibility, but identifying where people have made changes will absolutely help us moving forward.

 

Invitation for this is of course open to anyone.

 

One important file for us will be the "/includes/countries.php" file. We cannot do business with countries which the US imposed trade embargo on so we will need to remove those countries manually whenever we upgrade WHMCS.