[Plugin: Timthumb Vulnerability Scanner] Not updating to 2.8.4 or 2.8.5

A couple of points:

The script that was keeping the version up to date (which should now have been returning version 2.8.5) had an issue, and wasnt keeping up. That’s been fixed, so you should start seeing 2.8.5 as the latest available version (although, depending on when you lat ran the scanner, it may be a day or so before the latest version value updates. Deactivating/reactivating should force an update).

As for your other issue – that’s trickier – it’s possible that the plugin didn’t download the latest version like it was supposed to. The plugin comes bundled with 2.8.2, but the latest version SHOULD be downloaded as soon as the plugin sees that there’s a new one available. However – that process isn’t foolproof.

Try deactivating and reactivating, and let me know if that makes any difference.

THanks!

Hi Peter,

Thanks for the quick reply! I did deactivate and reactivate and it didn’t grab the latest. I can see it replace the TimThumb.php files with 2.8.2.

I will go ahead and try again on one of the sites I was seeing the issue [it was actually on all of them, but they are hosted on the same server of mine], and see if it grabs 2.8.5.

[a few minutes goes by]

Ok, well, the good news is it does see that 2.8.5 is the current version. But it is still not grabbing it. https://skitch.com/vjl323/gwiud/timthumb-scanner shows the current results [refreshing or rescanning the site shows 2.8.2 still].

Is there a debug mode I can turn on to be able to help figure out why it’s not going out to Google code to grab the latest?

Thanks!

/vjl/ [p/s – come next week, i’m signing up for Locker; very impressed with what it offers and what you have offered free via this plugin]

ditto – I have the same exact problem. I use Woo themes, using their updater, I also was not able to upgrade from 2.8.2

I have the latest version of the plugin and it does say that 2.8.5 is the latest version but it is not updating beyond 2.8.2 either.

Same here

Has someone have the solution?

Same here.
I deactivated, deleted, re-installed the plugin.
Ran the scan.
Detected a ver 2.8.2 timthumb (which is supposed to be safe)
Clicked to upgrade the selected file.
Judging by the date of the file, it looks like it replaced it with a ver new 2.8.2 file.
So, the upgrade to 2.8.5 is not working.

It is the same for me.

Hey Guys –

Really sorry about this – I got wrapped up in some other work and wasn’t able to get back to the plugin. I’ve identified and fixed the problem, along with a couple of other new features, and I’ll be releasing an update by the end of the day.

Thanks for your patience!

Thank you. It is really one of the most useful plugins out there! I can imagine only one feature it could have moreover – it could hook central updating system, so you could update timthumb from blog, plugins and themes updates. This way you would never forget to update…:-)

Alright guys, you should start seeing requests to update the plugin on your sites shortly, as the new version is live. The new version should fix the issue where the timthumb src file would not update (so vulnerable/outdated instances would not update either). This version also includes a daily scanner, which runs by default – you can turn it off on the options panel of the timthumb scanner page.

As always, it would be a huge help to me if you could alert me to any bugs or annoyances you find in the plugin, so I can get them taken care of asap.

Thanks!