Christopher Nadeau
2009-03-02, 13:50
We have discovered a security vulnerability within DeskPRO that may allow a user to inject SQL into a query. Please read this message entirely to learn how to secure your helpdesk.
If you have downloaded and installed/upgraded DeskPRO after March 2nd, 2009 then you can safely ignore this message. But ALL downloads before that date are affected.
--------------------------------------------------
1. Upload patches
--------------------------------------------------
If your helpdesk is already up to date using v3.1.5, v3.2.2 or v3.3.1, you can simply download a set of patched files from your members area.
Log in and click "Download software" as usual. But instead of clicking the "Download" button, notice there are links to download patches instead. This is the second patch released for these versions. This notice is in regards to the patch titled "2009-03-02".
To install the patch, just upload the "class_Cache.php" file from the archive to your live DeskPRO installation. The patched file will replace the old file on your server and fix the identified security issue.
--------------------------------------------------
2. Upgrade to the newest version
--------------------------------------------------
If you are NOT using v3.1.5, v3.2.2 or v3.3.1 then you must upgrade. Log in to your members area and "Download software" as usual. All packages have been updated with the fix for this identified security issue. You can choose to upgrade to v3.1.5, v3.2.2 or v3.3.1 (whichever is easiest for you).
If you have downloaded and installed/upgraded DeskPRO after March 2nd, 2009 then you can safely ignore this message. But ALL downloads before that date are affected.
--------------------------------------------------
1. Upload patches
--------------------------------------------------
If your helpdesk is already up to date using v3.1.5, v3.2.2 or v3.3.1, you can simply download a set of patched files from your members area.
Log in and click "Download software" as usual. But instead of clicking the "Download" button, notice there are links to download patches instead. This is the second patch released for these versions. This notice is in regards to the patch titled "2009-03-02".
To install the patch, just upload the "class_Cache.php" file from the archive to your live DeskPRO installation. The patched file will replace the old file on your server and fix the identified security issue.
--------------------------------------------------
2. Upgrade to the newest version
--------------------------------------------------
If you are NOT using v3.1.5, v3.2.2 or v3.3.1 then you must upgrade. Log in to your members area and "Download software" as usual. All packages have been updated with the fix for this identified security issue. You can choose to upgrade to v3.1.5, v3.2.2 or v3.3.1 (whichever is easiest for you).