Effective May 1st, 2013 WHMCS will have a Long-Term Support Policy. The Long-Term Support (LTS) Policy defines how long we intend to provide Important and Critical updates for published versions of WHMCS.
We encourage you to review the full Policy at http://docs.whmcs.com/Long_Term_Support. In short, we will provide Important and Critical updates for one year after the initial publication of the minor version. You can use the WHMCS Versions & LTS Schedule to see which versions are currently covered by Long-Term Support and when the End-Of-Life date is. The Schedule will be updated to include new minor versions when they are published.
NOTE: The LTS Policy does not introduce any changes to how WHMCS licenses or services are implemented with in the product or on our servers. Your WHMCS installation will continue to function according to the type and status of your license, the same as it has in the past.
Posted by Matt on Wednesday, May 1st, 2013
WHMCS V5.2.4 is now available for all WHMCS license holders to download.
This is a maintenance release for the V5.2.x series. It is an incremental update, and therefore upgrading is simple and straightforward. All you need to do is download the update from our client area, unzip and then upload the files to your WHMCS installation. No install or upgrade process is necessary.
Visit our members area to download it now: www.whmcs.com/members
As always, we are offering our professional upgrade service where we handle the entire update process for you. For more details or to order, visit www.whmcs.com/upgrade-service
The full change log for this release can be found @ http://changelog.whmcs.com/
Thank you for choosing WHMCS.
Posted by Matt on Tuesday, April 23rd, 2013
WHMCS has released new patches for the 4 series, 5.0 and 5.1 minor releases. These updates provide targeted changes to address security concerns with the WHMCS product. If you are not running the WHMCS 5.2, you are highly encouraged to update immediately.
WHMCS has rated these updates as including critical or important security impacts. Information on security ratings is available at http://docs.whmcs.com/Security_Levels.
The following full-release version of WHMCS have been published and address all known vulnerabilities:
The latest public releases of WHMCS are available inside our members area at https://www.whmcs.com/members/clientarea.php
Security Issue Information
The resolved security issue was identified by Dinesh Kumar Mohanty of Ultra Web Solutions Private Limited, India. There is no reason to believe that these vulnerabilities are known to the public. As such, WHMCS will only release limited information regarding the vulnerabilities at this time.
Once sufficient time has passed to allow WHMCS customers to update their installed software, WHMCS will release additional information regarding the nature of the security issue. These Targeted Security Releases and Patches address 1 vulnerability in WHMCS version 4.0, 4.1, 4.2, 4.3, 4.4, 4.5, 5.0, and 5.1. Additional, supplemental information is scheduled to be released May 28th, 2013.
WHMCS Version 4.x
Download and apply the appropriate patch files to protect against these vulnerabilities.
Patch files for affected versions of the 4.x series are located on the WHMCS site as itemized below.
4.0 series: http://www.whmcs.com/download/258/v403patch
4.1 series: http://www.whmcs.com/download/262/v413patch
4.2 series: http://www.whmcs.com/download/266/v422patch
4.3 series: http://www.whmcs.com/download/270/v432patch
4.4 series: http://www.whmcs.com/download/274/v443patch
4.5 series: http://www.whmcs.com/download/278/v454patch
To apply the patch, simply download the appropriate patch file specific to the WHMCS version you are running, extract the contents, and upload the files from the /whmcs/ folder to your installation.
No install or upgrade process is required.
WHMCS Version 5.x
Download and apply the appropriate full-version or patch of WHMCS to protect against these vulnerabilities.
Full-version and patches for the affected version of the 5.x series are located in the WHMCS members area download section, under your license details.
v5.0.5 (patch only)
v5.1.6 (full-version and patch)
When updating from v5.0.4 or v5.1.5, the upgrade process is not required. To apply the full-version or patch, simply download the appropriate file specific to the WHMCS version you are running, extract the contents, and upload the files from the /whmcs/ folder to your installation.
*This Security Advisory is in the process of being emailed to all active license holders.*
Posted by WHMCS David on Tuesday, April 23rd, 2013
We are pleased to announce the BETA release of Version 2.0 of the WHMCS Mobile Edition. This update is a major overhaul to the mobile friendly version of the WHMCS Admin Area, designed to be compatible with both mobile phones and other mobile devices such as tablets. Featuring a brand new responsive design, and more functionality than ever before, now users of all mobile devices can use WHMCS easily and comfortably from their mobile devices, regardless of platform.
With more and more of us now working while on the go, and accessing the web from our mobiles, mobile accessibility is a big deal, and here at WHMCS this is one of the first of a number of exciting things we will be doing to make the WHMCS platform more mobile friendly this year.
New functionality in this update includes:
- New Responsive Design
- Ajaxified Interface to optimise load times
- Enhanced Client Management Functionality
- Enhanced Invoice Management Functionality
- Enhanced Order Management Functionality
- Ability to Generate Orders
- Improved Ticket Interface
- Two-Factor Authentication Support
- And much much more...
The Mobile Edition is an addon which provides a slimmed down mobile optimized version of the main WHMCS admin area designed to make managing your business while on the go easier and more efficient.
To find out more or to order, please visit http://www.whmcs.com/addons/mobile-edition/
The update is available to download immediately from our client area.
Posted by Matt on Friday, April 12th, 2013
On March 12th, 2013 we announced a Security Advisory and provided several Targeted Security Full and Patch Releases for WHMCS series 4.x and 5.x. The Targeted Security Releases address six Flaws evaluated as having either Critical or Important security implications. Information on security ratings is available at docs.whmcs.com/Security_Levels.
If you have not upgraded or patched your WHMCS installation on or after March 12th, 2013, please do so now (WHMCS Security Advisory for 4.x, 5.x).
WHMCS would like to thank Vlad C. of NetSec Interactive Solutions <http://safeornot.net> for reporting these issues.
All six Flaws have been addressed; The full Supplemental Disclosure report is provided on WHMCS.com (PDF) as well as on SafeOrNot.net. A brief description of the addressed Flaws are as follows:
A) Critical: SQL Injection
B) Important: Input Validation
C) Important: Information Disclosure and Potential XSS
D) Important: Input Validation and Privilege Confusion
E) Important: CSRF
F) Important: XSS
Posted by WHMCS David on Thursday, April 11th, 2013