Guest x2demitri Posted July 31, 2014 Report Share Posted July 31, 2014 Greetings, We have been notified of a potential security vulnerability in X2Engine. This vulnerability will be fixed in the next release, but it is too important to wait until then. It affects all versions from 2.8 through 4.1.7. To patch/fix this vulnerability on your installation before the update: 1. Download the following archive:Security-Patch-Jul31-2014.tar.gzOr, if you're on 4.1.7, download the following package and proceed to step 4:Jul31-2014-4.1.7-security-patch.tar.gz2. Unpack the archive3. Find the archive file within the contents that corresponds to your version of X2Engine (their names should contain version number)4. Unpack the archive for your version5. Copy SiteController.php into X2Engine on your web server, to replace the file protected/controllers/SiteController.php Also included is a git patch for the corresponding version that will apply the relevant changes. Effective immediately, error/bug reports submitted from all instances of X2Engine that do not have this patch will be ignored/denied. Link to post Share on other sites
Recommended Posts