donsham58913
donsham58913

Hi,

We found that there is a security update on Build 469 and would like to implement this update on our old CMS projects basic on Build 437 for fixing the security issues. https://octobercms.com/support/article/rn-10

However, the old projects are not using composer and some of the core file is modified. It seems can't update the CMS programmatically. Is it possible to update the below change manually for fixing the security issues of Build 469 https://github.com/octobercms/october/commit/4c650bb775ab849e48202a4923bac93bd74f9982

Thanks.

mjauvin
mjauvin

Of course it's possible, what do you really need to know?

donsham58913
donsham58913

Hi Mjauvin,

Thanks for your reply.

I would like to confirm that change in below is solved the serious vulnerability found in older builds of October CMS prior to 469. https://github.com/octobercms/october/commit/4c650bb775ab849e48202a4923bac93bd74f9982

BennoThommo
BennoThommo

@donsham58913

While you can certainly apply that fix directly, and it will likely work, it's recommended to keep all module files up to date with the latest version of October CMS to take advantage of all security fixes.

You should also not be editing core files. Most modifications can be done via plugins - that is the optimal way of modifying core functionality and still allowing for October CMS updates.

1-4 of 4