Software > FHFS

FHFS: Is there going to be any update on this?

(1/3) > >>

LeoNeeson:
@Raybob: Is there going to be any update on this? Since in the HFS.ini of FHFS v2.1.3, the updates of the internal HFS (server.dll) are not automatic (update-automatically=no), it would be great to have an updated version with the last HFS v2.3i Build #297 running out-of-the-box. There are many users out there who are still using FHFS with a built-in outdated HFS v2.3d Build #292. And since there was a VERY important security update in this last version, many users may be exposed to hackers, like recently happened here. I understand that having the automatic updates disabled is to ensure everything keeps working/compatible with the rest of the FHFS code. I also understand that you may not want (or have the time) to be updating FHFS every time a new version of HFS is out, but this time is critical to have an update (since it fixed a "Remote Command Execution" exploit).

bmartino1:
i agree that it should be "recompiled", but you can replce hfs.exe with the updated one and all will work...

install fhfs, download current hfs, open install directory, replace hfs.exe file....

etc..etc...

Last i knew, raybob was working on another project, he emailed me and i looked into it, but i was not able to program or do much with it.
i forget the projects name....

looking at my old mesage:
Andromeda -fhfs 3.0
http://www.rejetto.com/forum/fhfs/fhfs-is-being-superceded-by-new-software-looking-for-developers/msg1059286/?topicseen#msg1059286

so idk the status of his tiem or other...

i don't think fhfs 2.0 will be geting recomplied...

LeoNeeson:

--- Quote from: bmartino1 on August 29, 2016, 10:48:55 PM ---i agree that it should be "recompiled", but you can replce hfs.exe with the updated one and all will work...
--- End quote ---
Yes, I know that, but every user who downloads FHFS from SourceForge, would be exposed to vulnerabilities, if doesn't know he should update HFS. I was talking for helping those users, not for me. :-\


--- Quote from: bmartino1 on August 29, 2016, 10:48:55 PM ---i don't think fhfs 2.0 will be geting recomplied...
--- End quote ---
It doesn't need to be recompiled. Is just as simple as updating the current ZIP file of FHFS v2.1.3, with the latest version of the HFS.exe file (server.dll). Then, rename and upload the updated ZIP file as a new version (FHFS v2.1.4) to SourceForge.

Well, I'm just saying... If it can't be done, it's OK.
It was only a suggestion, not a request.

raybob:
Correct me if I'm wrong but I was under the impression that the security vulnerabilities in HfS were due to its template and not the executable itself.  If that's the case then FHFS is not affected since it uses its own templates.

LeoNeeson:
I'm afraid not. It's CVE-2014-6287 (you can check this vulnerability report, here). The vulnerability it's related to the internal HFS search function, so, it's not related to templates at all. But Rejetto will have the final word and confirmation on this.

Navigation

[0] Message Index

[#] Next page