WordPress.org

Support

Support » Plugins and Hacks » Jetpack by WordPress.com » Important Jetpack security update

Important Jetpack security update

Viewing 15 replies - 1 through 15 (of 19 total)
  • what are the symptome? because 3 of my site are now blank page 🙁

    Plugin Contributor Richard Archambault

    @richardmtl

    Happiness Engineer

    Jeff, what are your sites? You can contact us via http://jetpack.me/contact-support/ if you want and I’ll take care of your concerns right away.

    To answer your question though, there are no “symptoms” per se. As per our announcement post:

    During an internal security audit, we found a bug that allows an attacker to bypass a site’s access controls and publish posts. This vulnerability could be combined with other attacks to escalate access

    So, contact us and give me your URLs and I’ll take a look.

    Just installed latest version of Jetpack. I assume it’s the latest version because I installed it moments ago. But when I click on “settings” or “edit” I get this error message. I cannot even deactivate it, or navigate anywhere within the WP site. I had to (once again) remove the plugin via cPanel.

    “Warning: require_once(/home/sheffner/public_html/blogs/reading/wp-content/plugins/jetpack-lite/class.jetpack-network.php) [function.require-once]: failed to open stream: No such file or directory in /home/sheffner/public_html/blogs/reading/wp-content/plugins/jetpack/jetpack.php on line 38

    Fatal error: require_once() [function.require]: Failed opening required ‘/home/sheffner/public_html/blogs/reading/wp-content/plugins/jetpack-lite/class.jetpack-network.php’ (include_path=’.:/usr/local/php53/pear’) in /home/sheffner/public_html/blogs/reading/wp-content/plugins/jetpack/jetpack.php on line 38″

    Plugin Contributor Richard Archambault

    @richardmtl

    Happiness Engineer

    Hi shefi, can you try the “Installing via FTP” instructions? Also, it looks like you are using the “Jetpack Lite” plugin, which seems to be causing a conflict. I’d suggest deactivating that plugin if you intend to use Jetpack, to avoid this kind of conflict.

    http://jetpack.me/support/how-to-install-the-security-update/#ftpupdate

    I’ve got Version 2.9.2 of Jetpack installed and I’d happily update to the latest version, but my dashboard does not indicate that an update is available. This makes me concerned. Is there any way to confirm a) why this is happening, and b) if a manual upgrade’s files are verified as authentic?

    Have site stats been eliminated from Jetpack?

    I updated to WP 3.9 this morning and now my Jetpack site stats have disappeared. No access to it in the dashboard, no indicator at the top of the blog page, and when I go to my bookmarked link I get the message “You do not have sufficient permissions to access this page.” It’s not even listed when I click the Jetpack tab.

    I am the owner of the site with “Administrator” privileges. Running Jetpack 2.9.3.

    since I updated the most recent version, NONE of the “publicize” connections(to google+/twitter/etc…) can be access or connected to.
    everytime, it says:

    The webpage cannot be found
    HTTP 404
    Most likely causes:
    •There might be a typing error in the address.
    •If you clicked on a link, it may be out of date.
    What you can try:
    Retype the address.
    Go back to the previous page.
    Go to and look for the information you want.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    PLEASE ADVISE! It is silly that we have to re-post manually to each site. the share buttons connections work just fine-why not the publicize buttons??
    many thanks for your attention & assistance,
    jo-anna
    http://www.conciergejo-anna.com

    Plugin Contributor Richard Archambault

    @richardmtl

    Happiness Engineer

    joshzam: Did you update to 2.9.3 finally?

    Eclectablog: Do you still have this issue? If so, could you post your site URL here, so I can have a look?

    If you want it to remain private, you can also contact us via this contact form:
    http://jetpack.me/contact-support/

    If you contact us through our form, please make sure to include a link to this thread in your message.

    concierge1: Can you try disocnnecting and reconnecting Jetpack to WordPress.com please? Your URL changed (it used to be http://conciergejo-anna.com/concierge/ ) which is why you have this problem. I have fixed it on our end, but you need to disconnect and reconnect to WordPress.com. For my reference, your blog ID is 61001865 on our end, just in case something goes wrong. Try that and let me know once you’ve done that.

    My problem was resolved when the Subscribe2 plugin was updated. That was the cause of the issue.

    The WordPress IP was being blocked by my host and so neither Jetpack nor any of my other plugins nor the WP core install were updating. While troubleshooting the issue I removed the Jetpack plugin, realizing that I really didn’t need it (it was just for narcissistic stats following purposes). Thank you for finally getting back in touch.

    dear richard,
    yes, that was the problem, & thank you, for i would never have thought to go back to wordpress.com, when my blog was there.i switched to wordpress.org months ago!
    all is well & updated & publicize is working-woo-hoo!
    thanks again,
    jo-anna

    I cannot update to the latest version. Trying to update via Dashboard / Plugins fails for the following reason:

    Download failed. SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

    I downloaded the zip file to my computer and tried uploading from there but that failed too because the file was “too big”.

    Any answers, please?

    Plugin Contributor Richard Archambault

    @richardmtl

    Happiness Engineer

    Hi miketoons,

    Please try installing via FTP:

    http://jetpack.me/support/how-to-install-the-security-update/#ftpupdate

    If you still have trouble, please start a new thread, or contact us via our support site: http://jetpack.me/contact-support/

    Thanks for your help, Richard.
    FTP worked (scary region for a non-technical artist)

    Plugin Contributor Richard Archambault

    @richardmtl

    Happiness Engineer

    Glad you got it sorted! I can understand that it *can* be scary if you’re not used to it, but it’s definitely a good tool to have at your disposal!

Viewing 15 replies - 1 through 15 (of 19 total)
  • The topic ‘Important Jetpack security update’ is closed to new replies.
Skip to toolbar