Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
+7 votes
542 views
in Q2A Core by
edited by

I still use version 1.7.5 and was wondering if it is less secure than the more up to date 1.8.6

by
Considering how simple it is to upgrade, this question should be irrelevant. Have you tried my suggested process to upgrade from a potentially broken installation?

https://www.question2answer.org/qa/95112/database-error-whilst-trying-to-upgrade-q2a-from-version-to?show=95384#a95384
by
Yes, but now appears

Database query error 1062
Duplicate entry 'Mo\xF5\x0A-V' for key 'ip'

UPDATE qa_iplimits SET ip = UNHEX(HEX(CAST(ip AS UNSIGNED)))
by
The error you are facing is happening BEFORE the error you asked help for in the other question. 10 months ago, when I added the answer, it would have worked. Now you need to comment other lines of code as well
by
In the same install.php file? I searched for it and didn't find it.

1 Answer

+1 vote
by

Generally speaking: yes. It's practically always advisable to keep software up to date, because new versions fix known (potentially exploitable) bugs in older versions.

For more information you can review the version history. From a quick glance notable security improvements appear to be:

  • Security fix: prevent use of <embed> and <object> tags. (v1.8.4)
  • Reworked file cache to securely allow cache inside web root. (v1.8.0 beta 2)
  • Password security has been upgraded from sha1 to use PHP's password_hash function where available. (v1.8.0 beta 2)

You should also keep PHP, your webserver and your database updated, since those are part of the system's attack surface as well.

...