Tagged: ,

Viewing 14 posts - 1 through 14 (of 14 total)
  • Author
    Posts
  • #5619

    Just received a message from my web host about timthumb.php vulnerability. Is there something that Habitat users need to do to patch or update our sites? I am a definite newbie when it comes to messing with the base code, btw.

    #51116

    Hi,

    are you running the latest version of the theme? Kriesi released a timthumb update just a few days ago. The update can be downloaded on themeforest.

    #51117

    I purchased in May 2011; I think I’m running version 1.1.1. To update, do I just download the ‘current’ theme from Themeforest and replace the theme on WordPress? Will I have to rebuild the site again?

    #51118

    When you download the updated version there’s a version.rtf file which tells you what has been updated so you can replace the files in question. However, you can just replace the entire theme without your settings being lost since they’re stored in the database.. which remains untouched.

    #51119

    Will I have to “purchase” the theme again?

    #51120

    No, all updates are free.

    #51121

    Well, for the time-being then, I guess this is an issue for me to figure out with Themeforest, because I don’t see any option on that site to download an ‘update.’ My only options appear to be downloading the old theme or purchasing the theme. There is no ‘update’ indicated anywhere…Can you verify that there is, in fact, an update there?

    When I figure this first step out, I’ll come back. Thanks.

    #51122

    BTW, when I download the ‘previously purchased,’ theme, the files are identical to what I purchased in May…including the .rtf file. So it looks like maybe it hasn’t been updated recently?

    #51123

    Hey,

    sorry about that – I must have mislooked at the dates of all the recently updated files. Recently a timthumb vulnerability has come up and it has been patched, it seems it wasn’t for habitat. I’ll mail Kriesi about the fix.

    Again exuse me for the delay/misinformation.

    #51124

    Hey! Habitat no longer uses the timthumb script, it instead relies on the natural wordpress resizing. I would suggest to simply delete it from the theme folder. I will release an update for the themes that dont rely on it but have a copy of the file in the theme folder next week ;)

    #51125

    hej guys, just to let you know. the timthumb.php is still in the theme version on themeforest and it is definitly the old and hacked version last updated on 17th of march 2011 – before the fix. please update asap.

    #51126

    Thanks for letting us know, I’ll contact Kriesi about it.

    #51127

    Hi,

    Our site has recently been hacked. Can I confirm with you that I can simply delete the timthumb.php file and this wont break anything? I am using Display and Newscast.

    Thanks!

    #51128

    You can delete timthumb.php for Newscast (if you’re using the latest theme version). As fas as I know Display requires timthumb but the latest theme version (v.2.0.3) comes with the updated timthumb script which is secure.

Viewing 14 posts - 1 through 14 (of 14 total)

The topic ‘Timthumb Vulnerability on Habitat’ is closed to new replies.