I do have similar problems since V6 although using actual Versions 6.07 for hosts and viewer and 603 for private server.
The server has its own version numbering. A new server release does not necessarily happen with each RU release. Currently, the latest server version is 188.8.131.52. If that's what you mean, then yes, it's the latest version.
For example the host is online and also online is shown in viewer but if connecting it switches to offline although being physical online. Or it is showing offline but if connecting it jumps to online.
During logging in a connection may briefly show as offline , but that doesn't actually mean that it's offline.
I do have many interruptions while working on hosts, if connecting again it takes 2 or more trials to get connection again. In viewers Log I have many errors like CheckID Connection. After process message. Host "xy:55655". MsgCode: 10 or socket errors like "EIdConnClosedGracefully".
If this happens with all your hosts, then probably it's not a problem with the Hosts. It could be a network issue either on the server side or the Viewer side.
To start with, could you send us logs from a few of your Hosts, especially from those you had connection issues with. We'll see if Hosts had any difficulty connecting to your server.
You can use the email firstname.lastname@example.org to send the logs.
when I launch the viewer my internet id computer is immediately displayed as online. but my local pc's are listed as offline until I click connection/refresh status. why is this? I would expect local pc status to be displayed quicker since they are local and on the same network. this is very annoying. why do I need to click connection refresh status in order to see my local pcs that are online?
This is by design. This limitation is necessary to prevent a situation when hundreds of even thousands of PCs overload the network with requests.
due to this annoying status behavior I have another question if I use internet id for my local computers and connect to them will my connection go direct to the PC (ip) or will it go through your internet ID server?
If the program can automatically determine direct route, the connection will be direct even if it's Internet-ID in the connection properties.
I'm sorry, but this is not how the Viewer is supposed to be used, and such capabilities are not advertised anywhere on the site or in our sales literature. We cannot provide assistance on undocumented capabilities like changing resource files or re-arranging controls or reverse-engineering of the software. Besides, any such use may violate our EULA.
The program is provided as is and the only customization options are those available in Options/Settings for the corresponding modules and our MSI Configurator.
We will not delete the post. If we were afraid of having discussions on our site, we wouldn't have a forum in the first place. As you can see - everyone here can speak. Of course, if they follow our forum rules.
As for the subject:
1. This exploit only appears if you run a custom Host installer with the "Generate ID" function enabled AND if you click the "Tell me more" button.
2. This bug can only potentially be exploited by the remote user himself - to elevate their permissions. Yes, perhaps there might be other far less probably uses, but overall it has a very limited application/scope.
In this specific case marking your post as "BIG SECURITY ISSUE" could be misleading. Someone who visits our forum may think that our software in general has a big security issue that applies to absolutely all cases, which is very far from the truth.
So instead of posting here on the forum you could just send us a ticket or an email, and this bug would have been fixed in a few days without anyone even knowing about it, which is good for security. Security issues are not something that should be immediately disclosed - it is advisable to contact the developers privately first, and see how they respond. And if they don't respond and refuse to deal with the issue it may be time to use public pressure. Unfortunately, you decided to use public pressure right from the start as if we were unresponsive or unwilling to fix issues.
We never said that we didn't like when our customers or users let us know about exploits in our software. Quite the contrary, we can only be thankful for that and we encourage users to send us security bugs - the more the merrier. However, our concern is that making such information public BEFORE the bug is fixed is somewhat imprudent and can diminish security for existing users who use that specific feature. This is certainly not a proper way security bugs should be dealt with.