NewsFeaturesDownloadsDevelopmentSupportAbout Us

Important security upgrade: Lifetype 1.0.5 released

LifeType 1.0.5, containing a fix for a severe security issue, has just been released.
< !-- ADS -->

Just yesterday the development team was notified of a critical SQL injection bug in all versions of LifeType 1.0.5 and we are happy to announce than in less than 24 hours, there is a new maintenance release fixing this issue. The issue should have not been there had the development team been more careful, but we tried to fix it as soon as humanly possible. We would like to thank 'rgod' for reporting the issue.

As with any release, packages are available in .ZIP, .TAR.GZ and .TAR.BZ2 format from Sourceforge.net:

lifetype-1.0.5.zip
lifetype-1.0.5.tar.gz
lifetype-1.0.5.tar.bz2

Please keep in mind that is not necessary to run wizard.php if you are upgrading from any 1.0.x version to 1.0.5, as there are no changes in the database schema. Simply upload the files and overwrite all older files except the configuration files under the config/ folder.

Additionally, we have "update only" packages from LifeType 1.0.4 to 1.0.5, which only include new or modified files. These packages can not be used to upgrade from 1.0, 1.0.1, 1.0.2, 1.0.3 but only from 1.0.4 to 1.0.5. There is no need to run wizard.php to upgrade to this release. Just upload the files and you are good to go:

lifetype-1.0.4-upgrade-lifetype-1.0.5.tar.gz
lifetype-1.0.4-upgrade-lifetype-1.0.5.zip

There is a full list with all the issues fixed in this release in Mantis (select the filter called "Fixed in 1.0.5")

Please use the LifeType forums or the LifeType bug-tracker in case you need to discuss anything or report any bug related to LifeType 1.0.5. In the meantime, the development team will continue working on LifeType 1.1 (more news on that soon)

  1. Trackback Trackback: LifeType 1.0.5 - yet another security update
    24 hours after the first SQL Injection vulnerabiltiy was reported, the development team released version 1.0.5, hopefully the last release before the shiny new version 1.1 is out. Speaking of the new version: If you don't have the time to try one of t...
    Posted by 24 hours after the first SQL Injection vulnerabiltiy was reported, the development team released version 1.0.5, hopefully the last release before the shiny new version 1.1 is out. Speaking of the new version: If you don't have the time to try one of t... 05 Jun 2006, 11:34
  2. Trackback Trackback: Wichtiges Sicherheitsupdate von LifeType
    LifeType 1.0.5 wurde soeben veröffentlicht und schliesst eine kritische Sicherheitslücke (SQL Injecti...
    Posted by LifeType 1.0.5 wurde soeben veröffentlicht und schliesst eine kritische Sicherheitslücke (SQL Injecti... 05 Jun 2006, 09:29
  3. Trackback Trackback: Wichtiges Sicherheitsupdate: LifeType 1.0.5
    LifeType 1.0.5 wurde soeben verffentlicht und schliesst eine kritische Sicherheitslcke. Bei der von 'rgod' entdeckten Sicherheitslcke handelt es sich um eine SQL Injection Verwundbarkeit. Nur 24 Stunden nach Eingang des Hinweises konnten
    Posted by LifeType 1.0.5 wurde soeben verffentlicht und schliesst eine kritische Sicherheitslcke. Bei der von 'rgod' entdeckten Sicherheitslcke handelt es sich um eine SQL Injection Verwundbarkeit. Nur 24 Stunden nach Eingang des Hinweises konnten 05 Jun 2006, 09:07
  4. Trackback Trackback: 更新LifeType到1.0.5
    這次更新主要是修正一個SQL Injection的錯誤。對一般使用者影響不大。做個記錄。官方說明在這 [中文] [英文]...
    Posted by 這次更新主要是修正一個SQL Injection的錯誤。對一般使用者影響不大。做個記錄。官方說明在這 [中文] [英文]... 05 Jun 2006, 03:36
  1. Comment dont download

    Dont download lifetype-1.0.4-upgrade-1.0.5.zip ?

    Posted by lee 05 Jun 2006, 02:36
  2. Comment Fix

    Thanks for the quick fox guys!

    Posted by Alexander 05 Jun 2006, 09:22