Simple Machines announces the release of SMF 1.1.14, addressing a vulnerability found in SMF 1.1.13 allowing display name spoofing as well as fixing a MySQL 5.5 compatibility issue. We strongly recommend that all users upgrade as soon as possible.
Upgrade automatically by visiting your Administration Center, where a notice will be displayed prompting you to upgrade. Click the link, confirm the changes and your forum will be up to date again. Additionally, you can upgrade using the package manager by downloading the SMF 1.1.13 to SMF 1.1.14
upgrade package from Package Manger Updates
section, uploading it to the Package Manager, and applying it as prompted. For help with this refer to the Package Manager
section of the Online Manual
If you cannot upgrade using the package manager, please follow the instructions posted in the Online Manual
It may be necessary to apply the upgrade manually if mod conflicts mean that you cannot install the patch through the package manager. Instructions for doing this can be found on manual upgrades
page for SMF 1.1.13.
SMF 1.0.x branch is not affected by this issue. So, for those still using the SMF 1.0.x branch, no change is necessary.
As of today, 1.1.14 is no longer the stable branch of SMF
, as SMF 2.0 is being released as we speak. 1.1.14 will remain in maintenance stage, and it will continue to be supported for security and major/critical functionality fixes, only it will not receive new features, nor minor bug fixes or improvements.
Finally - please do not use this topic for any support requests. You will get a much more prompt response by visiting the relevant support board!
Simple Machines Forum Team