Advertisement:

Author Topic: SMF 2.0.1 and 1.1.15 critical security patches released  (Read 2371563 times)

Offline ForumGuy789

  • Jr. Member
  • **
  • Posts: 110
Re: SMF 2.0.1 and 1.1.15 critical security patches released
« Reply #20 on: September 19, 2011, 12:19:25 AM »
Thanks a lot Norv

Offline Oldiesmann

  • Lead Developer
  • SMF Super Hero
  • *
  • Posts: 23,887
  • Gender: Male
  • Ask me about the function DB :)
    • oldiesmann on Facebook
    • http://www.linkedin.com/in/michaeleshom on LinkedIn
    • @oldiesmann on Twitter
    • Archie Comics Fan Forum
Re: SMF 2.0.1 and 1.1.15 critical security patches released
« Reply #21 on: September 19, 2011, 12:20:41 AM »
Did you emulate a different version?

That won't have anything to do with it. In 2.0, the files containing that info (and other info, such as the news and the latest themes/packages), are fetched from our servers once every 24 hours and stored in your forum database. This saves bandwidth for us and eliminates the possibility of your forum admin center taking forever to load if our site is down. I posted info on the previous page about how to get it to show up if it isn't already showing up.

Offline ForumGuy789

  • Jr. Member
  • **
  • Posts: 110
Re: SMF 2.0.1 and 1.1.15 critical security patches released
« Reply #22 on: September 19, 2011, 12:27:10 AM »
Norv and Oldiesmann were right. I just needed to run that task.

Offline Vincent Volmer

  • Jr. Member
  • **
  • Posts: 211
  • Gender: Male
  • SMF2.0.4
    • Digiscrap.nl
Re: SMF 2.0.1 and 1.1.15 critical security patches released
« Reply #23 on: September 19, 2011, 12:59:56 AM »
Thanks for the patch!

Offline KVL

  • Semi-Newbie
  • *
  • Posts: 14
  • Gender: Male
  • SMF: 1.1.19, 2.0.6
Re: SMF 2.0.1 and 1.1.15 critical security patches released
« Reply #24 on: September 19, 2011, 02:23:14 AM »
 SMF 2.0.1 and 1.1.15: updated is successfully!  :)  Thank you very much! :)

Offline Tjati

  • Semi-Newbie
  • *
  • Posts: 88
  • Gender: Male
    • Nirn.de
Re: SMF 2.0.1 and 1.1.15 critical security patches released
« Reply #25 on: September 19, 2011, 03:37:47 AM »
Hi there,

in the Changelog (http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-1_changelog.txt) is written:
Quote
! A sensitive token was sent in the URL, allowing CSRF vulnerability (Subs-Menu.php)
But comparing Subs-Menu.php of version 2.0 and 2.0.1 does not show any differences except the @version-Line.

Was the bug already fixed in 2.0 or have you missed to replace the files correctly?

Thanks for information!

Update: Since 2.0 RC4 is no change (except a comment) done in Sources/Subs-Menu.php
« Last Edit: September 19, 2011, 04:13:15 AM by Tjati »

Offline Alpay

  • Language Moderator
  • SMF Hero
  • *
  • Posts: 3,425
  • Gender: Male
    • Personal Web Page
Re: SMF 2.0.1 and 1.1.15 critical security patches released
« Reply #26 on: September 19, 2011, 04:14:37 AM »
Thanks for upg..

Offline Fisch.666

  • Jr. Member
  • **
  • Posts: 147
Re: SMF 2.0.1 and 1.1.15 critical security patches released
« Reply #27 on: September 19, 2011, 05:18:52 AM »
in the Changelog (http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-1_changelog.txt) is written:
Quote
! A sensitive token was sent in the URL, allowing CSRF vulnerability (Subs-Menu.php)
But comparing Subs-Menu.php of version 2.0 and 2.0.1 does not show any differences except the @version-Line.

Was the bug already fixed in 2.0 or have you missed to replace the files correctly?

Good question, any info for this?

Offline Roph

  • Jr. Member
  • **
  • Posts: 370
  • Gender: Male
Re: SMF 2.0.1 and 1.1.15 critical security patches released
« Reply #28 on: September 19, 2011, 07:13:54 AM »
Updated a couple installations of mine without a hitch. Great work. Happy that us long-time SMF 2 users don't have to go the manual route any more :)

Offline N3RVE

  • SMF Friend
  • SMF Hero
  • *
  • Posts: 8,906
  • Gender: Male
    • N3RVE.COM
Re: SMF 2.0.1 and 1.1.15 critical security patches released
« Reply #29 on: September 19, 2011, 07:58:10 AM »
Great work Devs :)

-[n3rve]
Ralph "[n3rve]" Otowo
Marketing Co-ordinator, Simple Machines.
ralph [at] simplemachines [dot] org                       
Quote
“Somewhere, something incredible is waiting to be known.” - Carl Sagan

Offline Kryzen

  • Localizer
  • SMF Hero
  • *
  • Posts: 3,642
  • Gender: Male
Re: SMF 2.0.1 and 1.1.15 critical security patches released
« Reply #30 on: September 19, 2011, 10:35:10 AM »
Congrats team
Kryzen
Localizer

Offline Rohan_

  • Sophist Member
  • *****
  • Posts: 1,328
  • Gender: Male
  • I Love SMF :)
Re: SMF 2.0.1 and 1.1.15 critical security patches released
« Reply #31 on: September 19, 2011, 10:40:59 AM »
May I have the changelog of 1.1.15 ?
Proud To Be An Indian

Offline Soft Drink

  • Full Member
  • ***
  • Posts: 567
  • Gender: Male
  • Crawl
Re: SMF 2.0.1 and 1.1.15 critical security patches released
« Reply #32 on: September 19, 2011, 11:03:42 AM »
Nicely done. Although the language packages for 2.0.1 are corrupt..

Online Kindred

  • Project Manager
  • SMF Master
  • *
  • Posts: 37,596
  • Gender: Male
  • Red Sox WIN!
    • wagner999 on Facebook
    • www.linkedin.com/in/wdwagner/ on LinkedIn
    • @Kindred_999 on Twitter
Re: SMF 2.0.1 and 1.1.15 critical security patches released
« Reply #33 on: September 19, 2011, 11:26:56 AM »
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support forums.  Thank you.

Offline Ventic

  • Full Member
  • ***
  • Posts: 635
  • Gender: Male
    • vasilis.koukoutis on Facebook
    • @joyspotorg on Twitter
    • JoySpot
Re: SMF 2.0.1 and 1.1.15 critical security patches released
« Reply #34 on: September 19, 2011, 11:52:49 AM »
cause i dont wanna lose the mods i added manual which package should i use

Offline Oldiesmann

  • Lead Developer
  • SMF Super Hero
  • *
  • Posts: 23,887
  • Gender: Male
  • Ask me about the function DB :)
    • oldiesmann on Facebook
    • http://www.linkedin.com/in/michaeleshom on LinkedIn
    • @oldiesmann on Twitter
    • Archie Comics Fan Forum
Re: SMF 2.0.1 and 1.1.15 critical security patches released
« Reply #35 on: September 19, 2011, 11:55:57 AM »
cause i dont wanna lose the mods i added manual which package should i use

If you're on 1.1.x, you can upgrade through the admin center by following the instructions in the upgrade notice (click to download the patch, then install it through the admin center).

If you're on 2.0 final, you can also upgrade through the admin center.

If you're on 2.0 RC5 or earlier, you will need to use the full upgrade.

Offline Ventic

  • Full Member
  • ***
  • Posts: 635
  • Gender: Male
    • vasilis.koukoutis on Facebook
    • @joyspotorg on Twitter
    • JoySpot
Re: SMF 2.0.1 and 1.1.15 critical security patches released
« Reply #36 on: September 19, 2011, 11:57:17 AM »
cause i dont wanna lose the mods i added manual which package should i use

If you're on 1.1.x, you can upgrade through the admin center by following the instructions in the upgrade notice (click to download the patch, then install it through the admin center).

If you're on 2.0 final, you can also upgrade through the admin center.

If you're on 2.0 RC5 or earlier, you will need to use the full upgrade.
i use 2.0 final but i dont need to update via the package,but by uploading the files

Offline Oldiesmann

  • Lead Developer
  • SMF Super Hero
  • *
  • Posts: 23,887
  • Gender: Male
  • Ask me about the function DB :)
    • oldiesmann on Facebook
    • http://www.linkedin.com/in/michaeleshom on LinkedIn
    • @oldiesmann on Twitter
    • Archie Comics Fan Forum
Re: SMF 2.0.1 and 1.1.15 critical security patches released
« Reply #37 on: September 19, 2011, 12:19:28 PM »
cause i dont wanna lose the mods i added manual which package should i use

If you're on 1.1.x, you can upgrade through the admin center by following the instructions in the upgrade notice (click to download the patch, then install it through the admin center).

If you're on 2.0 final, you can also upgrade through the admin center.

If you're on 2.0 RC5 or earlier, you will need to use the full upgrade.
i use 2.0 final but i dont need to update via the package,but by uploading the files

You can upload through the admin center then. If you don't see a notice in your admin center about the patch, do the following:

Admin -> Maintenance -> Scheduled Tasks
Check the second box next to "Fetch Simple Machines Files" (the first one should already be checked)
Click the "Run Now" button

Alternately you can download the patch from the Upgrade Site and upload it through your package manager.

Offline Ventic

  • Full Member
  • ***
  • Posts: 635
  • Gender: Male
    • vasilis.koukoutis on Facebook
    • @joyspotorg on Twitter
    • JoySpot
Re: SMF 2.0.1 and 1.1.15 critical security patches released
« Reply #38 on: September 19, 2011, 12:22:30 PM »
i told you i dont wanna do the upgrade via the package manager but by uploading the files normally

Offline Crime

  • Semi-Newbie
  • *
  • Posts: 98
Re: SMF 2.0.1 and 1.1.15 critical security patches released
« Reply #39 on: September 19, 2011, 12:31:07 PM »
Thanks a lot for the upgrade. i had upgraded all my web sites