Jump to content

I am still with whmcs 6 final how long can I go on? need time


Jbro

Recommended Posts

I know people that are still running 5.x for mysterious reasons. They're relatively fine because they have small and unknown websites and they're crazy too. I mean they're counting on luck.

That said, WHMCS will not explode but of course you should upgrade for obvious reasons (security).

 

 

Edited by Kian
Link to comment
Share on other sites

8 minutes ago, Kian said:

I know people that are still running 5.x for mysterious reasons. They're relatively fine because they have small and unknown websites and they're crazy too. I mean they're counting on luck.

 

 

I'm unaware of any exploits in the wild for v5 that would justify the "small / unknown and crazy" or "being lucky" comments. 
The push to v7 is more to "stay modern" and up to date, but I can't recall seeing exploits being done against them or releases to address "bad things" while  was still actively supported. Have links?

Link to comment
Share on other sites

1 hour ago, bear said:

I'm unaware of any exploits in the wild for v5 that would justify the "small / unknown and crazy" or "being lucky" comments. 

Public exploits exists for WHMCS v5.
I think the security risk does not require any discussion. It's not just about public exploits, but also about things like CVE-2016-10033 (I know that this vulnerability is likely to be exploited with luck, but be that as it may).

3 hours ago, Jbro said:

Right now I am final 6   is it safe?

WHMCS v6 is EOL, thereforce i would not call it safe to use. However, I can not find any public exploits right away, but that does not mean that there are no non public exploits.
Longer LTS releases would be desirable, but I think that will not change in the future.

Link to comment
Share on other sites

1 hour ago, string said:

Public exploits exists for WHMCS v5.

Earlier versions, yes. Nothing past 5.2.8 on that site, not the last version in that branch (I believe), which was 5.3.17 (or so). If there were public exploits beyond that, I've not seen them. 😉 Doesn't mean there aren't any, naturally, but then again, there is just as much possibility of unpublished ones for more recent versions, even the latest (given it's complexity, and how hooks are being written by amateurs like myself). 

Clearly the OP needs to move on and bite the bullet at some point, but alarmist claims aren't needed, I'd suggest. 

CVE-2016-10033 is about PHPmailer,  not WHMCS. 😉

Link to comment
Share on other sites

1 hour ago, bear said:

CVE-2016-10033 is about PHPmailer,  not WHMCS. 😉

That is correct. But WHMCS uses several third party libraries, including PHPMailer (see the security advisory from WHMCS).
This CVE came to mind spontaneously as an example that the vulnerability does not necessarily have to be in the WHMCS core. Older WHMCS versions naturally contain older third party libraries 🙂

1 hour ago, bear said:

Nothing past 5.2.8 on that site, not the last version in that branch (I believe), which was 5.3.17 (or so).

My comment on this is more generally related to v5. I think that @Kian does not only refer to the "latest" v5 version.

Edited by string
Link to comment
Share on other sites

11 hours ago, string said:

WHMCS v6 is EOL, therefore i would not call it safe to use.

EOL is just WHMCS no longer supporting it, not a lethal klaxon warning. ⚠️

if v6 is working for you, and you're in good control of the server environment, then there's no real problems with it in the short-term... all versions of WHMCS have potential security issues, and there have already been security updates for v7, so there's no 100% guaranteed "safe" version.

always remember that while each new release adds new features, more importantly, it often removes features that you may currently be using (or need) - so never assume that upgrading is a win-win scenario.... weigh up each upgrade by testing thoroughly first.

14 hours ago, Jbro said:

Before upgrading to 7 I need to do a lot , I have to make some changes I need at 6 months more before upgrading to 7

by which time, the v8 beta will likely be out and the circus starts all over again. 🎪

if you get your license from WHMCS direct, you should get yourself a free developer's license, install v7.6.1 (or whichever release) and start working on the updates in your spare time... that will give you time to find what features have been removed and how to work around their absence.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated