NewsFeaturesDownloadsDevelopmentSupportAbout Us

Critical security issue: Lifetype 1.1.6 and Lifetype 1.2-beta2 released

A critical security issue has been discovered in Lifetype affecting all versions including Lifetype 1.1.5 and Lifetype 1.2-beta 1. It is recommended that all users upgrade to the 1.1.6 and 1.2-beta2 releases as soon as possible.

< !-- ADS -->

The issue is critical and a carefully crafted URL could disclose the contents of critical files. As a result, Lifetype 1.1.6 and Lifetype 1.2-beta2 are ready for download including a fix for this issue. Users of the 1.1.x branch should upgrade to Lifetype 1.1.6 and users of Lifetype 1.2-beta1 should upgrade to Lifetype 1.2-beta2.

For Lifetype 1.1.6, these are the downloadable packages: 

LifeType 1.1.6 (.tar.bz2)
LifeType 1.1.6 (.tar.gz)
LifeType 1.1.6 (.zip)

If you are already running LifeType 1.1.5 and wish to upgrade to LifeType 1.1.6 in a short and easy way, these are the upgrade packages:

lifetype-1.1.5-upgrade-lifetype-1.1.6.tar.gz
lifetype-1.1.5-upgrade-lifetype-1.1.6.zip

Needless to say, these packages can not be used to upgrade from 1.0.x, 1.1 or 1.1.1 to 1.1.6, but only from LifeType 1.1.5 to 1.1.6

For those of you interested, this is the full list of issues fixed in this release:

1177: Issue when inserting some YouTube links via TinyMCE.
1176: Memory optimization when loading post comments.
1179: Errors related to the bayesian filter in tmp/sql_error.log

With regards to Lifetype 1.2-beta2, the new release includes a fix for this issue as well as fixes and all the feedback collected since beta1 was launched.

Please use the forums to let us know of any problems with these releases and our bug tracking system to report any issues you might find.

  1. Comment 1.0.X

    does this also affect 1.0.X installations? if so, where can we look to fix this? :(

    Posted by Frank 16 Feb 2007, 08:23
  2. Comment No fix for 1.0.X

    There is no fix for 1.0.x. Support for the 1.0.x series was discontinued as soon as 1.1. was released almost a year ago (and 1.0 was released two years ago) The development team strongly advises you to upgrade to 1.1.6, as there have been other security fixes during the 1.1.x branch that you are also mising out on.

    Posted by oscar 16 Feb 2007, 08:49
  3. Comment Can I upgrade from 1.0.6 directly?

    I heard that 1.0.6 can upgrade to 1.1.6 directly, just use the full version, is that true? or I must upgrade step by step from 1.0.6 to 1.1, then 1.1.1, then 1.1.2...?

    Posted by Patrick Lo 18 Feb 2007, 21:18
  4. Comment Re: Can I upgrade from 1.0.6 directly?

    Yes, it is possible.

    By using the full package you can upgrade from any 1.0.x to any 1.1.x (1.1.6 in this case)

    Posted by oscar 19 Feb 2007, 03:03
  5. Comment Can I keep my old template files?

    Oscar, if I upgrade from 1.0.6 to 1.1.6 directly by overwriting, can I keep my old template files (I made lots of changes) or should I overwrite those too?

    Posted by Papier 12 Mar 2007, 01:17