# SolusVM update - 1.16 - Security and Features!



## MartinD (Aug 4, 2014)

Just released this morning - also includes a security issue so they're advising people update as soon as possible!

http://docs.solusvm.com/release_versions_stable#section11600



> Security
> 
> 
> This release contains security updates as instructed in an external audit conducted by Rack911.
> ...


----------



## setupvps (Aug 4, 2014)

Wow someone there woke up looks that way as Virtualizor start kick there ass


----------



## lbft (Aug 4, 2014)

setupvps said:


> Wow someone there woke up looks that way as Virtualizor start kick there ass


What? 

I'm no fan of Solus or their, er, interesting security track record, but on what planet are Virtualizor "start kick there ass"? Off the top of my head I can think of one Virtualizor-based offer I've seen in recent memory.


----------



## KuJoe (Aug 4, 2014)

Did they add Central Backups and I missed it? I didn't see it in the Change Log.



> Next we have the replacement for Central Backup. As many of you know this was planned for v1.14 but got put on the back burner for a future release. Well it’s time to get back on track
> 
> 
> 
> ...


http://blog.soluslabs.com/2014/04/13/what-to-expect-from-solusvm-v1-16/


----------



## MartinD (Aug 4, 2014)

Could also search for "migrating to solus from virtualizor" because the amount of folk doing it is lol


----------



## SkylarM (Aug 4, 2014)

I like the part where I add the IPv6 subnet and it doesn't actually add it and tries to take me to my most recent block that I added (which was IPv4). Makes me wonder if they tested an upgraded Solus Master, or just did a fresh install and said "YEP IT WORKS" and called it a day. Hoping they fix it quickly.

Edit: Forcing an upcp does appear to resolve this.


----------



## Steven (Aug 4, 2014)

It is very important that you update to this release


----------



## Steven (Aug 4, 2014)

setupvps said:


> Wow someone there woke up looks that way as Virtualizor start kick there ass


Given that the frontend to virtualizor runs php as root I wouldn't say virtualizor is that great to begin with. Any commend injection exploit or sqli could grant root access to the node.


----------



## Hxxx (Aug 4, 2014)

Was this a private audit by Rack911 or the excellent public service and contribution they usually perform?


----------



## George_Fusioned (Aug 4, 2014)

I believe that SolusVM is starting to move in the right direction.


----------



## Francisco (Aug 4, 2014)

Steven said:


> It is very important that you update to this release


Did they pass $_GET to a setuid binary again?

Francisco


----------



## Francisco (Aug 5, 2014)

So after talking to someone that pushed this update out I gotta say the way they handle the

IPV6 subnets is hilariously bad.

I've looked through the screenshots and they don't even make sense.






Why not just have a 'start' and 'finish' field and mark what the bitmask is for the entire thing?

Then just add whatever subnets of X size are between it all.

EDIT - That's not even the biggest issue with what they did. There's some huge, glaring,

issues that I'll not even discuss in here just to see how long it'll take for them to

address it.

Francisco


----------

