News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

SMF 2.0.2 and 1.1.16 critical security patches released

Started by Norv, December 22, 2011, 11:43:01 PM

Previous topic - Next topic

oldfruitanting

Hi,

This seems like a really stupid question but if I am on SMF 2.0.2 does the SMF 2.0.2 Update update my security or does it update my forum version to SMF 2.0.2. Which would obviously not work since I am already using SMF 2.0.2.

Basically, I have, all of a sudden received 130 posts in Polish about Viagra. So I thought I'd check out if there were any security updates available and low and behold there is,........'SMF 2.0.2 and 1.1.16 critical security patches released'. On uploading and installing it I get an error message stating it is not compatible with the forum version I am running, 'SMF 2.0.2'

Am I being stupid, and if so any ideas how to deal with my apparent security breach, can I block an IP address for posting, or are there any other patches I can install.

Any advice would be greatly appreciated.

Kindred

the 2.0.2 update is used to update and 2.0.1 forum to 2.0.2. If you are running 2.0.2 then you are at the current security revision.

That ebing said, spam is not usually a security issue, but rather a configuration issue...   you need to configure your registration and/or posting settings to avoid spam. There are dozens of threads discussing what settings and/or mods to add for this.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

headguy

Thanks for the update notification.

My admin section has been rendered useless since you took over my site and any link I click to up date just takes me back to this useless board.

Why do you force us to update and then not have a link to the updated files?


Kindred

Answered in your other thread.

Please don't double post... Plus, we do not do what you are suggesting
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."


danickent




garry383

I just started to use SMF.  Thank you for your continued updates.
Laws aren't meant to be broken, any bent, squashed and shanghai'd.

searchgr

No updates for the last 6 months. This is very disappointing. What's going on?

a10

QuoteNo updates for the last 6 months. This is very disappointing. What's going on?
No need for (security) updates for a long time. This is very positive!
2.0.19, php 8.0.23, MariaDB 10.5.15. Mods: Contact Page, Like Posts, Responsive Curve, Search Focus Dropdown, Add Join Date to Post.

Nodaz

I logged into and loder forum i had up and found the upgrade for 1.1.5 to 1.1.16:
SMF File                   Your Version                 Current Version
SMF Package   SMF 1.1.15                           SMF 1.1.16
Sources                  1.1.11                           1.1.16
Default Templates  1.1.12                           1.1.12
Language Files          1.1.9                                   1.1.15

But when i click on : Update your forum, i get :
The package you are trying to download or install is either corrupt or not compatible with this version of SMF.
What do i need to do here.

kat

Try downloading this:

http://download.simplemachines.org/index.php?thanks;filename=smf_1-1-16_update.zip

Upload it, still archived, into your Packages directory.

Then, go to Package Manager to apply it.

READ MY SIG!

Arantor

Is the 1.1.16 package still broken? I thought it was fixed ages ago >_<

kat


青山 素子

The update download is not a modification package. It is designed to be extracted and the contents uploaded over the top of your existing instalation. Updating in this manner will remove any modification changes to the affected files.

Updates which can be applied through the package manager are located at http://custom.simplemachines.org/upgrades/.

Note that some hosting configurations have weird issues with compressed files. You can either try re-tarring (I've verified that manually using GNU tar 1.26 and gzip 1.4 will work 98% of the time), or wrapping in a zip if you absolutely must.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


Arantor

No, but the 1.1.15 to 1.1.16 patch, the one linked specifically through the admin panel, to be installed like a mod is supposed to be a modification package - except it's been broken since 1.1.16 came out.

青山 素子

Quote from: Arantor on June 20, 2012, 05:23:10 PM
No, but the 1.1.15 to 1.1.16 patch, the one linked specifically through the admin panel, to be installed like a mod is supposed to be a modification package - except it's been broken since 1.1.16 came out.

The first part of my response was concerning K@ directing users to use the update archive as a package manager package, which will not work.

As for the actual update patch, the direct-download functionality has always been hit-or-miss. What about the patch at the link I provided?
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


Nodaz

Quote from: K@ on June 20, 2012, 03:44:00 PM
Try downloading this:

http://download.simplemachines.org/index.php?thanks;filename=smf_1-1-16_update.zip

Upload it, still archived, into your Packages directory.

Then, go to Package Manager to apply it.

READ MY SIG!

When i uploaded it i got the same error:
The package you are trying to download or install is either corrupt or not compatible with this version of SMF.

BUT then i went to browse packagse, it was there, i clicked on it and it installed fine...

sharks

It's been a while since the last SMF updates. I hope 2.1 is coming soon, along with 2.0.3 and 1.1.17? :)

Advertisement: