September 3, 2014 at 4:51 pm #97920
December 23, 2014: We have updated this post to reflect the latest round of news related to Revolution Slider from emails that hosting companies were sending out in December, 2014. Please read below.
It’s unfortunate as there is a lot of misinformation floating around out there about this issue as it’s been patched in Revolution Slider for approximately 8 months now (however the hosting company(ies) that indiscriminately sent out that message showed they have not taken the time to properly investigate the issue and are making false assumptions when they really should just be telling people to make sure to have that patched version – which has been out since April – not necessarily the 4.6.5 version that just came out).
Having said all that, we will have the latest version of Revolution Slider (4.6.5) out in our next update which is
due out within 24 hoursnow available, and it is always advisable to keep things on their latest available version.
With automatic updates enabled, you should be able to quickly update to 3.1.1 (latest version as of December 23, 2014), at which point you will see an update notice in your dashboard for Revolution Slider 4.6.5. Alternatively you can update the theme/plugins manually by following the instructions in our KB.
Below is the original post on Revolution Slider that was made back in September. We have left it here for archival purposes, however the latest information is at the top of this page.
It’s come to our attention that older versions of Revolution Slider are vulnerable to a local file inclusion exploit.
We want to assure everyone that the latest version of Revolution Slider bundled with X is NOT susceptible to this exploit. ThemePunch (makers of Revolution Slider) confirmed that this exploit was fixed back in February (Version 4.2). More details can be found here.
If you’re on a version of X older than v1.8.1, (April 2014) we would recommend updating the theme. This will give you access to a patched version of Revolution Slider. Again, this has been patched for nearly 6 months now and the only reason it is getting attention now is because of a blog post on a security website.
Just download X from ThemeForest again, and you can find Revolution Slider under: /framework/plugins
For instructions on updating X and the bundled plugins, you can review this guide: http://theme.co/x/member/kb/updating-your-theme-and-plugins/
The topic ‘Regarding Old Verisons of Revolution Slider’ is closed to new replies.