We just released new builds of both 5 beta 5 and 4.11.6. These are primarily security releases, and we recommend that you update as soon as possible.
Special thanks to Rack911 for reporting the security vulnerabilities. These were found as part of their audit of popular software being used in the web hosting industry, which is detailed in this Web Hosting Talk thread.
Below is a summary of changes in both 4.11.6 build 476 and 5 beta 5 build 518:
[SIZE=3] 4.11.6 build 476[/SIZE]
Security:
- Fixed a privilege escalation bug related to Secondary Domains.
- Fixed a privilege escalation bug related to Backups.
- Fixed a bug that could be exploited to cause damage to InterWorx on the system.
[SIZE=3] 5 beta 5 build 518[/SIZE]
Security:
- Fixed a privilege escalation bug related to Secondary Domains.
- Fixed a privilege escalation bug related to Backups.
- Fixed a bug that could be exploited to cause damage to InterWorx on the system.
- Fixed a problem with DNS records not being properly updated when a domain's IP is changed.
- Fixed a problem with a domain's mail sender-ip not always being updated when an domain's IP is changed.
- Fixed missing ip6_pool_to_sw_map table during initial beta install.
- Fixed a problem where an internal IP could be published in DNS rather than the external ip.
- Updated SiteWorx account edit API to allow a package template to be specified for package options and features.
- Updated the English Language file.
All InterWorx servers that have auto-updates enabled will be updated according to their subscribed release channel over the next 24 hours. To see the full changelog for these and previous releases, head here: http://www.interworx.com/developers/changelog
Feel free to discuss this release or ask questions here, but for the serious issues, open a ticket at the support desk.
See my post below for a pair of related releases