[bigguy]

The Jamroom Core downloads page has been updated with the latest release of Jamroom - version 3.3.6.

This new release contains a very important security fix, and everyone running any version of Jamroom 3.3.x (or 3.2.x with Payment Pack installed) should upgrade immediately. If you are running Jamroom 3.2.6 and older, are are not running the Jamroom Payment Pack, you are not affected by this issue. Also - if PHP is running with "register_globals" turned OFF, then you are also not affected.

If you cannot update immediately, it is highly recommend to delete the following files until you can upgrade:

jamroom/include/plugins/jrBrowser/payment.php
jamroom/include/plugins/jrBrowser/purchase.php

This will prevent the "payments" and "purchases" tab from working in your Admin Browser, but will remove the vulnerability from your Jamroom until you can upgrade.

A full list of changes in Jamroom 3.3.6 can be found here:

http://www.jamroom.net/index.php?m=td_tracker&o=browse&v=3.3.6

If anyone has any questions, please let me know.

Thanks!

- Brian


_________________
Make sure and check out:
* The Jamroom FAQ
* The Jamroom Documentation

Last edited by bigguy on 07/09/08 09:31; edited 2 times in total

[johnypneumo]

Thanks Brian !

your a busy guy


_________________
V7 music.com

[SteveX]

Thanks man, it is very reassuring to see such a fast and effective response in a potential crisis. (Didn't effect me though, I think I now only have sites on servers with register globals off).

For public information, reading Brian's and DJ's responses to a potential security issue is a short but sweet experience.

It brings to mind a quality wildlife programme in which a bewilderbeast steps stupidly into field of view, spots a potentially tasty morsel, and plonders towards it in true bewilderbeast fashion. Brian and DJ stir from beneath their shady trees. A few quiet signals, flanking maneuvers, some building up of speed (think cheetah), and the bewilderbeast is down, and seconds later dead. Gorily.

Takes a few minutes to chill down and carry the security spoils back to the cubs, but half an hour after first sighting, we are eating bewilderbeast tonight.

Great to see you guys in action! Thankyou!


_________________
Lush!

"Stranger from another planet, welcome to our hole. Just strap on your guitar and we'll play some rock and roll"

Ultrabubble create things.

[pasher]

A great and amusing allegory Steve

And thanks to Brian and DJ for closing the door and so rapidly

(DJ spent his day off on Sat. repairing all the JR sites he hosts - a bet a lot of you didn't even realise there was a problem )

Cheers
Pa


_________________
What a long, strange, trip its been.

www.paulasher.com
www.motagator.net
www.gigmemories.com

[Conbud]

Thanks for the update bigguy!


_________________

[minusme]

I checked my logs this afternoon and had almost 100 attempts to access these files. I came to the forum and there's a fix (which is good).

However if I didn't have globals turned off, I fear I would be in bad shape right now.

Is there a way to send a security warning to paid jamroom members before they are posted on the public tracker page?

[bigguy]

minusme:

I checked my logs this afternoon and had almost 100 attempts to access these files. I came to the forum and there's a fix (which is good). However if I didn't have globals turned off, I fear I would be in bad shape right now. Is there a way to send a security warning to paid jamroom members before they are posted on the public tracker page?

I'm working on some updates to Jamroom.net, and will be rolling out a new "backstage" forum for licensed Jamoom members - it would probably be best to post issues like this in there.

However, the users hitting your site most likely did not find out about this from Jamroom.net - it was posted on 50+ different security sites several hours before it was posted here.

Hope this helps!

- Brian


_________________
Make sure and check out:
* The Jamroom FAQ
* The Jamroom Documentation

[SteveX]

bigguy:

I'm working on some updates to Jamroom.net, and will be rolling out a new "backstage" forum for licensed Jamoom members

Is there a bar?


_________________
Lush!

"Stranger from another planet, welcome to our hole. Just strap on your guitar and we'll play some rock and roll"

Ultrabubble create things.

[bigguy]

There is And you'll provide the drinks right?

- Brian


_________________
Make sure and check out:
* The Jamroom FAQ
* The Jamroom Documentation

[SteveX]

Real Ale is free and on me, but if it needs an umbrella and an olive on a stick it is very, very expensive.


_________________
Lush!

"Stranger from another planet, welcome to our hole. Just strap on your guitar and we'll play some rock and roll"

Ultrabubble create things.

[Conbud]

bigguy:

There is And you'll provide the drinks right? - Brian

Yeah and I'll supply some Cajun food.


_________________

[pasher]

Conbud:

bigguy: There is And you'll provide the drinks right? - Brian Yeah and I'll supply some Cajun food.

Now your talking


_________________
What a long, strange, trip its been.

www.paulasher.com
www.motagator.net
www.gigmemories.com

[djmerlyn]

I have a serious craving for some 5 star Thai


_________________
Pro JR Hosting
-100% Guaranteed

"more server and network power than any host, dedicated to your jamroom site"

[Jamie]

Thanks for updating my site to the new version bigguy.

The control panel system with the hot buttons are very cool.
First I was confused when logging in for the first time, but only after 2 minutes browsing and getting used to it. I realized how great it was.
Thanks alot.

Cant wait for future versions and all that you bring to jamroom.

-Jamie


_________________
I'll be back with a jamroom site someday!
Music Distribution And Artist Promotion Centre

[bigguy]

Jamie:

Thanks for updating my site to the new version bigguy. The control panel system with the hot buttons are very cool. First I was confused when logging in for the first time, but only after 2 minutes browsing and getting used to it. I realized how great it was. Thanks alot. Cant wait for future versions and all that you bring to jamroom. -Jamie

Thank you Jamie - I'm glad you like the new look

- Brian


_________________
Make sure and check out:
* The Jamroom FAQ
* The Jamroom Documentation