Simple Machines is happy to annouce the release of SMF 1.1.1. Unfortuately a few bugs crept into the final release of 1.1 which this patch addresses - in addition an issue was reported with both SMF 1.0 and 1.1 which may allow someone to take advantage of a security hole within Internet Explorer to expoit a forum. This release closes this potential hole. Note users who are still running SMF 1.0.9 (Or earlier) and are not ready to upgrade to SMF 1.1 should see this topic
for information on patching the SMF 1.0.x line. A full list of fixes is as follows:
- Fixed potential XSS vulnerability for users of Internet Explorer. (Reported by Jessica Hope and rotwang)
- Changed the way SMF logs IP addresses to make it harder for someone to bypass banning.
- Fixed bug in BBC parsing that could cause an error for people with special characters in their username on certain versions of PHP.
- Fixed apostrophes in smiley location path causing a database error.
- Fixed usage of an array before it was declared causing issues for bridges.
- Fixed Personal Message labels not being properly restricted to the current member.
- Fixed search sometimes returning no results when it should have done.
- The sticky checkbox in prune boards would alternate when it shouldn't have done.
- Send annoucements out in slightly smaller chunks.
For users currently
running SMF 1.1 Final upgrading could not be easier. Simply log into your forum and visit your admin center - a notice should inform you an update is available. Follow the instructions to patch your release - this should not
affect any modifications, language packs or themes you have installed. Alternatively download the attached patch file and upload to your "Packages" directory and visit the package manager to install this fix.
For all other users please follow the instructions posted in the Online Manual about installing
Finally - please do not use this topic for any support requests. You will get a much prompter response by visiting the relevant support board!