WHMCS 5.3.9
26 August 2014
WHMCS version 5.3.9 is now available (security release).
Upgrading to WHMCS 5.3.9
WHMCS 5.3.9 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply WHMCS updates as new versions are released, or use Installatron's Clone feature to duplicate an existing WHMCS install to test the 5.3.9 upgrade prior to applying it live. Get started managing your WHMCS installations with Installatron
What's New in WHMCS 5.3.9
General
- Version 5.3.9 and later implements a new admin password hashing mechanism. Admin passwords will be automatically rehashed on their next successful login post upgrading. No manual steps are required.
- This update includes significant changes to IP detection logic in conjunction with the use of proxies. If using services such as CloudFlare, or any other similar public or private proxy service, to proxy traffic to your WHMCS installation, you will need to perform additional steps post upgrading in order to keep IP detection functioning correctly.
- The Ensim server module has been deprecated. The Ensim control panel has been End Of Maintenance since July 1st 2007 and End Of Support since December 31st 2007. Active use of this module is likely very limited, but for anyone whose business relies on it, our support team will be able to provide a copy of it but no further maintenance or updates will be made to it.
- E-gold was a digital gold currency which ceased trading in 2009. The module has been deprecated for some time but as of this release it has been removed and is no longer available. Any historic invoices already assigned to the module will be unaffected by this change.
- PayOffline service was terminated as of 31st March 2012. The module has been deprecated and removed as of this release. Any historic invoices already assigned to the module will be unaffected by this change.
- The WHMCS Live Chat Addon which integrates with the WHMCS administrator user list for shared authentication requires an update for compatibility with the admin cryptography changes in 5.3.9. For existing users there is an easy 2 file patch which simply requires uploading - no upgrade process is necessary. This can be downloaded in the usual place for Downloads under your copy of the Live Chat Addon product within our Members Area
Hotfix
- Post-release an issue was identified related to admins who had Two-Factor Authentication enabled prior to upgrading to 5.3.9. A hotfix was issued by WHMCS to correct the problem. This update package from Installatron includes the hotfix.
Security
- Case #2525 - Provide migration path to harden Admin & API cryptographic
- Case #4177 - Mask sensitive passwords in admin interface
- Case #4821 - Redacted
- Case #4822 - Redacted
- Case #4824 - Redacted
- Case #4829 - Redacted
- Case #4830 - Redacted
- Case #4832 - Remove access to version information within server status script
- Case #4886 - Redacted
- Case #4923 - MoipApi Gateway Module: Remove file system log function
- Case #4987 - Add Proxy Trust IP Configuration
- Case #4988 - Redacted
- Case #4989 - Redacted
- Case #4990 - Redacted
- Case #4991 - Hide license key in license error page notifications
Modules
- Case #3144 - CentovaCast: Fix resource usage syncing logic
- Case #3178 - Nominet: Perform status sync for transferred domains
- Case #3651 - RegisterCom: Fix US contact state handling
- Case #3970 - KashFlow: Fix Currency sent on new client creation
- Case #3978 - PayFlow Pro: Always send invoice number parameter
- Case #4086 - InternetBS: Update variable names used in WHOIS update
- Case #4157 - eNom: Do not send nameserver values when Use Defaults enabled
- Case #4428 - Add e-onlinedata payment gateway module
- Case #4442 - Garantibank: Correct API end point URL
- Case #4724 - Project Management Addon: Preserve date format in tasks
- Case #4823 - Drop support for the EOL Ensim Provisioning Module
- Case #4870 - Drop support for the EOL E-Gold and PayOffline gateways
- Case #4889 - OVH Registrar: Use white label option
- Case #4969 - NameCheap: Add support for .UK domain additional fields
- Case #5002 - NetRegistry: Update API end point URL
Maintenance
- Case #2840 - Correct Group Discount calculation with Inclusive Tax type
- Case #3233 - Update Completed Transfer Sync to update expiry date pre email
- Case #3245 - Resolve Kayako Loginshare failing when Two-Factor Auth is enabled
- Case #3330 - Fix addon invoice line item type in pro-rata invoicing
- Case #3886 - Prevent duplicate invoice generation during cron run
- Case #3961 - Add additional hooks to client summary mass actions
- Case #4118 - Fix missing parameter in add funds redirect
- Case #4578 - Reset domain reminder field after due date change or renewal
- Case #4662 - Ensure transaction rate is always a positive number
- Case #4695 - Improve rounding logic with promotion codes
- Case #4731 - Prevent placing upgrade orders when one in progress
- Case #4845 - Fix license error message improperly reading error key
- Case #4848 - Fix new customer report graph labels for current year
- Case #4851 - Resolve fatal error occuring in reCAPTCHA validation routine
- Case #4852 - Fix typo in the label tag of reports
- Case #4880 - Ensure support and updates validity is enforced correctly
- Case #4888 - Add contextual help link to System Cleanup
- Case #4931 - Correct translation in French language file
- Case #4945 - Correct incorrect links in the New Customers report
- Case #4948 - Use Casual version numbering in XML API Response
- Case #4976 - Ensure charts handle special characters appropriately