The owner and lead developer of the software Mr Brandee Diggs would like me to inform the masses that a new version of WHM AutoPilot is out and resolves the critical WHM AutoPilot security issues. Below are specific details given by Mr Diggs on how to upgrade your installation. Great job by the development team to get these holes patched quickly! :) ################################################# RELEASE: v2.5.0 Release Level Rating: HIGH ( Security Release ) Database Update required: Yes [ maintenance_v250.sql ] This will increment your version to v2.5.0[s] Release Date: December 29, 2004 ### BUGS RESOLVED ### [1] Internet Secure not passing through coupon discounts [2] WorldPay[2] errors passed to gateway [3] New "Offline Credit Card" gateway added --> this gateway automatically sets orders to pending ### ISSUES ADDRESSED AND RESOLVED ### [1] File Include Vulnerability [2] Cross Site Scripting (XSS) Vulnerability [3] Information Disclosure --> after installation, please delete the phpinfo.php file so that your server information is not public information Upgrading to this release will resolve all issues brought to our attention by James at GulfTech.org. We have had this reviewed by James and has been verfied to be 'closed' and corrected. ################################################# Since our upgrade of Zend Encoder, all encrypted files will require Zend Optimizer v2.5 or higher active on your server. If you are running PHP v4.3.10, please make sure you are running Zend Optimizer 2.5.7 Due to the nature of this release, every file has been altered or modified and a FULL file overwrite is required. ======================================== UPGRADE & FILE INFORMATION *** UPLOAD IN BINARY OR ERRORS WILL OCCUR *** ======================================== Estimated Time: between 15 - 45 minutes ( take your time ) [1] Login to your license management area OR obtain the full download release from your license provider. Some licensees have obtained licenses from their webhost without access to the downloads. This download will need to be provided by your provider or, they will need to authorize us to modify the license to your information. [2] make a backup of the following files in your current installation: /inc/header.php /inc/footer.php /inc/var.php ( just in case ) [3] Upload ALL files & folders from the full download to your installed location, overwriting ALL files with the new files. Due to the nature of this release, we have reactivated the 'Quick File Transfer' option to allow you to have all the files transferred directly to your site, in guaranteed BINARY mode. For this utility, visit the follow url: http://www.whmautopilotlicensing.com/d/quickup/index.php user: autopilot pass: upgrade *** THIS UTILITY WILL OVERWRITE EVERY FILE IN YOUR INSTALL - BACKUP CRITICALS FIRST *** [4] login to your cPanel and run the MySQL updates against your database ---> click on MySQL databases ---> click on link to phpMyAdmin ---> select your database on the left ---> click on export and at the bottom, choose save as and click GO ( save a local backup ) ---> click on the SQL link at the top *** FTP TO YOUR SITE AND GRAB THE SQL FOLDER IF YOU USED THE TRANSFER UTILITY *** *** DELETE THE SQL FOLDER AFTER YOU HAVE DOWNLOADED IT FROM YOUR DOMAIN *** ---> Locate maintenance_v250.sql in the SQL folder of the download and click GO If you are running a version OLDER than v2.4.7: *** Begin to walk up through versions from your previous version to this version in database updates in the SQL folder *** Example: If you are running v2.4.33, you will walk up the following SQL updates, in order: 1) maintenance_v245.sql 2) maintenance_v2451.sql 3) maintenance_v2453.sql 4) maintenance_v2456.sql 5) maintenance_v246.sql 6) maintenance_v2465.sql 7) maintenance_v247.sql 8) maintenance_v250.sql Remember to run this in the proper order so that incremental updates & changes are applied to the proper tables at the proper time. For those who are uneasy in completing upgrades to their installation, we do provide upgrade services, at a rate of $9.95 per installed upgrade. These upgrades are not completed right away after they are requested but are scheduled for completion normally during 'slow' or 'moderate' times of the day as to not disrupt your ordering system. These are normally done between 11pm - 2am and 9am - 11am EST. If you have an upgrade request in the system, bump it now if it has not been completed. To request an upgrade to be performed on your installation, please utilize the following steps: 1) make a payment in the amount of $9.95 to paypal@xxxxxxxxxxxxxxxx with the MEMO line reading 'upgrade from x.xx version to v2.5.0' along with your license number. 2) visit https://www.whmautopilot.com/support/ and submit a helpdesk request for the installation to the department of 'Upgrade Requests' with the following: ---[1] Current Version of Script ---[2] FTP/cPanel login information ---[3] admin area login information ---[4] receipt from PayPal showing payment has been made Your request will be confirmed with a canned response and will be schedule to be completed within a moderate amount of time. Some will be completed within the same day, others will be completed within 2 - 3 days, depending upon scheduling. If you have paid for an upgrade that has been completed within the past 10 days, an upgrade to this version will not cost you any extra. Remember, bugs must be reported to the bug tracking system in order to be reviewd and resolved. Bugs reported in the forums do not get as much attention as bugs in the tracking system. Also, note, a bug is something that can be reproduced on ALL installations. Please do not use the bug tracking system as a support system. I appreciate everyones patience. May your New Year be safe, happy and prosperous! Thank You. Respectfully, Brandee S. Diggs Owner / Developer Benchmark Designs, LLC. +++++++++++++++++++++++++++++++++++++++++++++++ Please do not reply to this email - replies are not reviewed or received by human eyes. You are receiving this email because you either have a license to one of our products or asked us to keep you up to date on any news regarding our products. To remove yourself from future mailing, click the link below. http://www.autopilotupgrades.com/newsletter/remove.php?u=46c9fff +++++++++++++++++++++++++++++++++++++++++++++++ -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.296 / Virus Database: 265.6.6 - Release Date: 12/28/2004
