Jump to content

Important Security Patch

security patch

  • Please log in to reply
No replies to this topic

#1 Guest_x2demitri_*

  • Guests

Posted 31 July 2014 - 12:48 PM



We have been notified of a potential security vulnerability in X2Engine. This vulnerability will be fixed in the next release, but it is too important to wait until then. It affects all versions from 2.8 through 4.1.7.


To patch/fix this vulnerability on your installation before the update:


1. Download the following archive:

Attached File  Security-Patch-Jul31-2014.tar.gz   997.11KB   3 downloads

Or, if you're on 4.1.7, download the following package and proceed to step 4:

Attached File  Jul31-2014-4.1.7-security-patch.tar.gz   20.79KB   12 downloads

2. Unpack the archive

3. Find the archive file within the contents that corresponds to your version of X2Engine (their names should contain version number)

4. Unpack the archive for your version

5. Copy SiteController.php into X2Engine on your web server, to replace the file protected/controllers/SiteController.php


Also included is a git patch for the corresponding version that will apply the relevant changes.


Effective immediately, error/bug reports submitted from all instances of X2Engine that do not have this patch will be ignored/denied.

Also tagged with one or more of these keywords: security, patch

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users