Advertisement:

Author Topic: SMF 1.1.19 and 2.0.6 critical security patches released  (Read 1189594 times)

Offline Illori

  • Doc Coordinator
  • SMF Master
  • *
  • Posts: 37,132
SMF 1.1.19 and 2.0.6 critical security patches released
« on: October 21, 2013, 10:18:01 AM »
Dear users,

Simple Machines Forum has released security patches to both the 1.1.x and the 2.0.x release lines. This brings our released versions to SMF 1.1.19 and SMF 2.0.6.

Several security issues were identified in both release lines and have been addressed with this patch.  It is, therefore, recommended that you update your forums immediately to ensure that your community is safe.  In addition to the security patches, a few bug fixes for the SMF 2.0 line have also been included in the 2.0.6 patch.

If you are running version 2.0.5, you can update your forum to version 2.0.6 using the package manager. As usual, you should see the upgrade notification in the Admin panel and in the package manager, which will allow you to download and install the patch seamlessly.  If you don't see the notification about the update, please run the scheduled task "Fetch Simple Machines files".  You can also download the patch for 2.0.6 from the customize site by downloading the : smf_patch_1.1.19_2.0.6.tar.gz patch file, and then installing it from the package manager, like any other mod package.

If you are running 1.1.18, you can update to 1.1.19 by using the smf_patch_1.1.19_2.0.6.tar.gz patch file and installing it via the package manager as well.  If you are still using 1.1.x branch, please be aware this may be one of the last patches released for this version, so you are strongly urged to upgrade to 2.0.6, in order to be able to continue to receive security upgrades to your forum.

If you use older versions of SMF, you can upgrade by using the full upgrade archive for version 2.0.6 from the downloads page. Be aware that using this upgrade method will require you to reinstall your mods with ones designed for the 2.0.x line

You can also view the change log for the latest release, as usual, on the downloads page.

If you are having problems downloading the patch from the admin panel, you can download the package from the upgrade patches page and install it like a mod, as instructed above.

Please refer to the Online Manual for more details about:
* upgrading
* patching

Please do not use this topic for support requests.  You will receive a much quicker and better response by posting in the relevant support board!

Thank you for using SMF! :)


Regards,
Simple Machines Forum
« Last Edit: October 22, 2013, 09:45:26 PM by CoreISP »

Offline CoreISP

  • Server Admin
  • Server Team
  • SMF Super Hero
  • *
  • Posts: 13,547
  • Gender: Male
  • CoreISP.net
    • coreisp on Facebook
    • liroyvh on LinkedIn
    • @liroyvh on Twitter
    • CoreISP Corporation :: WebHosting, Dedicated Servers, and more!
Re: SMF 1.1.19 and 2.0.6 critical security patches released
« Reply #1 on: October 22, 2013, 06:15:41 PM »
Good work Team :)
Thanks!
- CoreISP.net Corporation -
  WebHosting, Colocation, Domain Registration & Network Services
- DedicatedBox.us Servers -
  Low priced Servers in a high-quality Network, the place for all your (advanced) server needs.
  We specialize in hosting big boards. Contact us!

((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

Offline vbgamer45

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 16,807
    • smfhacks on Facebook
    • VBGAMER45 on GitHub
    • @createaforum on Twitter
    • SMF For Free
Re: SMF 1.1.19 and 2.0.6 critical security patches released
« Reply #2 on: October 22, 2013, 06:28:21 PM »
Congrats on the release!
Community Suite - Take your forum to the next level built for SMF, Gallery,Store,Classfieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Latest Mod:
EzPortal - Portal System for SMF
Newsletter Pro SMF Gallery Pro SMF Classifieds SMF Store

Offline Antechinus

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 23,010
  • Master of BBC Abuse
Re: SMF 1.1.19 and 2.0.6 critical security patches released
« Reply #3 on: October 22, 2013, 06:36:56 PM »
Bit premature on the announcement. The patches aren't actually on those pages yet. :)
Mods - Manky Old Themes - Apocalypse theme (WIP)

Quote
(11:43:45 AM) Antechinus: of course, it's also possible that I'm an arrogant know it all bastard
(11:43:59 AM) Eliana Tamerin: you are :P
(11:44:21 AM) Antechinus: hmmph

Offline ♞ Burke Knight ♞

  • SMF Friend
  • SMF Hero
  • *
  • Posts: 3,190
  • Gender: Male
  • I tell it how I see it...
    • BurkeKnightEnterprises on Facebook
    • BurkeKnight on GitHub
    • @BurkeKnight on Twitter
    • BurkeKnight Enterprises
Re: SMF 1.1.19 and 2.0.6 critical security patches released
« Reply #4 on: October 22, 2013, 06:39:17 PM »
Already being worked on.
I brought this up, and they are working on it, as we speak. :)
Please do not PM me for support issues. - My mods can be found here.
If need support for my mods, please go to my site and register there.



Offline CoreISP

  • Server Admin
  • Server Team
  • SMF Super Hero
  • *
  • Posts: 13,547
  • Gender: Male
  • CoreISP.net
    • coreisp on Facebook
    • liroyvh on LinkedIn
    • @liroyvh on Twitter
    • CoreISP Corporation :: WebHosting, Dedicated Servers, and more!
Re: SMF 1.1.19 and 2.0.6 critical security patches released
« Reply #5 on: October 22, 2013, 06:44:10 PM »
Direct link added to announcement.
Our apologies for the inconvenience!
http://custom.simplemachines.org/mods/downloads/smf_patch_1.1.19_2.0.6.tar.gz
- CoreISP.net Corporation -
  WebHosting, Colocation, Domain Registration & Network Services
- DedicatedBox.us Servers -
  Low priced Servers in a high-quality Network, the place for all your (advanced) server needs.
  We specialize in hosting big boards. Contact us!

((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

Offline GravuTrad

  • Senior Translator
  • SMF Hero
  • *
  • Posts: 8,490
  • Gender: Male
  • One of the french SMF translators
Re: SMF 1.1.19 and 2.0.6 critical security patches released
« Reply #6 on: October 22, 2013, 06:44:41 PM »
Bit premature on the announcement. The patches aren't actually on those pages yet. :)

yes it seems. 1.1.18 patched to 1.1.18 and 2.0.5 patched to 2.0.5, normally no matches lol....versioning forgotten again?
On a toujours besoin d'un plus petit que soi! (Petit!Petit!)


Think about Search function before posting.
Pensez à la fonction Recherche avant de poster.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 63,607
Re: SMF 1.1.19 and 2.0.6 critical security patches released
« Reply #7 on: October 22, 2013, 07:15:38 PM »
Doing a release is quite a complex process given the mirrors and everything else in the site architecture that needs updating. We're working on it as I write this :)
And his eyes have all the seeming of a demon's that is dreaming,
And the lamp-light o'er him streaming throws his shadow on the floor

Offline Antes

  • Evil Black Cat
  • Marketing
  • SMF Hero
  • *
  • Posts: 5,664
  • Gender: Male
  • Black cat rulz!
    • Antes on GitHub
    • merta on LinkedIn
    • @antesistan on Twitter
    • MMOBrowser
Re: SMF 1.1.19 and 2.0.6 critical security patches released
« Reply #8 on: October 22, 2013, 07:20:21 PM »
Important thing is the patch and very well done to our developers... they did fantastic job yet again :)

Thanks!
[ MMOBrowser ] # [ Raptr ] # [ Paid Translation Service ]

Quote from: Arantor
That's because cats are powered by sunlight and warmth

Offline ♞ Burke Knight ♞

  • SMF Friend
  • SMF Hero
  • *
  • Posts: 3,190
  • Gender: Male
  • I tell it how I see it...
    • BurkeKnightEnterprises on Facebook
    • BurkeKnight on GitHub
    • @BurkeKnight on Twitter
    • BurkeKnight Enterprises
Re: SMF 1.1.19 and 2.0.6 critical security patches released
« Reply #9 on: October 22, 2013, 07:22:27 PM »
Indeed!
Way to go dev team, and the others that helped out. :)
Please do not PM me for support issues. - My mods can be found here.
If need support for my mods, please go to my site and register there.



Offline GravuTrad

  • Senior Translator
  • SMF Hero
  • *
  • Posts: 8,490
  • Gender: Male
  • One of the french SMF translators
Re: SMF 1.1.19 and 2.0.6 critical security patches released
« Reply #10 on: October 22, 2013, 07:32:28 PM »
Doing a release is quite a complex process given the mirrors and everything else in the site architecture that needs updating. We're working on it as I write this :)

 ;)

Premature annoucement only so.

Thanks for all the great work guys. ;)
On a toujours besoin d'un plus petit que soi! (Petit!Petit!)


Think about Search function before posting.
Pensez à la fonction Recherche avant de poster.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 63,607
Re: SMF 1.1.19 and 2.0.6 critical security patches released
« Reply #11 on: October 22, 2013, 07:34:24 PM »
We thought it was best to get this topic out there - including where one can download the patch immediately - while we got everything else sorted out. Right now it should only be the upgrade site that's in need of work and we're on the case.


EDIT: And it appears to be sorted out now :)
« Last Edit: October 22, 2013, 07:52:32 PM by Arantor »
And his eyes have all the seeming of a demon's that is dreaming,
And the lamp-light o'er him streaming throws his shadow on the floor

Offline GravuTrad

  • Senior Translator
  • SMF Hero
  • *
  • Posts: 8,490
  • Gender: Male
  • One of the french SMF translators
Re: SMF 1.1.19 and 2.0.6 critical security patches released
« Reply #12 on: October 22, 2013, 08:10:19 PM »
Cool! Thanks guys! ;)
On a toujours besoin d'un plus petit que soi! (Petit!Petit!)


Think about Search function before posting.
Pensez à la fonction Recherche avant de poster.

Offline iMiKK

  • Semi-Newbie
  • *
  • Posts: 25
  • Gender: Male
Re: SMF 1.1.19 and 2.0.6 critical security patches released
« Reply #13 on: October 22, 2013, 09:23:41 PM »
Thank for the security updates. ;)

Offline Daniel15

  • SMF Friend
  • SMF Hero
  • *
  • Posts: 4,216
  • Gender: Male
  • http://dan.cx/
    • daaniel on Facebook
    • daniel15 on LinkedIn
    • @Daniel15 on Twitter
    • Daniel15
Re: SMF 1.1.19 and 2.0.6 critical security patches released
« Reply #14 on: October 22, 2013, 11:24:05 PM »
Quote
Several security issues were identified in both release lines and have been addressed with this patch.  It is, therefore, recommended that you update your forums immediately to ensure that your community is safe.  In addition to the security patches, a few bug fixes for the SMF 2.0 line have also been included in the 2.0.6 patch.
Is there a more detailed changelog? It might be worth adding that to the announcement :)
Daniel15, former Customisation team member, resigned due to lack of time. I still love everyone here :D.
Go to smfshop.com for SMFshop support, do NOT email or PM me!

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 63,607
Re: SMF 1.1.19 and 2.0.6 critical security patches released
« Reply #15 on: October 22, 2013, 11:25:04 PM »
We haven't changed how we do anything; we never give the full changelog here - because most people don't care - but the full changelog is on the download page as ever, including the full list of what was changed.
And his eyes have all the seeming of a demon's that is dreaming,
And the lamp-light o'er him streaming throws his shadow on the floor

Offline 青山 素子

  • Server Team
  • SMF Super Hero
  • *
  • Posts: 16,557
  • 戦場ヶ原、蕩れ!
    • motokochan on GitHub
    • @motokochan on Twitter
    • Animeneko Network
Re: SMF 1.1.19 and 2.0.6 critical security patches released
« Reply #16 on: October 22, 2013, 11:35:02 PM »
You might need to fix the files SMF uses to detect the updated version. Even though it's properly indicating a need for update, it's pointing to the 2.0.5 patch, not 2.0.6. Might also want to double-check for 1.1 as well.
Motoko-chan
Director, Simple Machines

Just like... making of enemies / 負ける気しない やめるきない / You are cool but fool - Charisma.com 『HATE』

Note: I am not a member of the Simple Machines Forum project.


Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 63,607
Re: SMF 1.1.19 and 2.0.6 critical security patches released
« Reply #17 on: October 22, 2013, 11:44:17 PM »
Working just fine for me, on two different 2.0.5 installs I haven't yet patched, it's pointing to http://localhost/smf205/index.php?action=admin;area=packages;pgdownload;auto;package=http://custom.simplemachines.org/mods/downloads/smf_patch_1.1.19_2.0.6.tar.gz;session=variables

Seems to me you might need to force it to refresh the SM files?
And his eyes have all the seeming of a demon's that is dreaming,
And the lamp-light o'er him streaming throws his shadow on the floor

Offline ♞ Burke Knight ♞

  • SMF Friend
  • SMF Hero
  • *
  • Posts: 3,190
  • Gender: Male
  • I tell it how I see it...
    • BurkeKnightEnterprises on Facebook
    • BurkeKnight on GitHub
    • @BurkeKnight on Twitter
    • BurkeKnight Enterprises
Re: SMF 1.1.19 and 2.0.6 critical security patches released
« Reply #18 on: October 22, 2013, 11:49:03 PM »
Yet, when click to download, it does say 2.0.5...

This is via the link in package manager.

After the force refresh of files.
Please do not PM me for support issues. - My mods can be found here.
If need support for my mods, please go to my site and register there.



Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 63,607
Re: SMF 1.1.19 and 2.0.6 critical security patches released
« Reply #19 on: October 22, 2013, 11:51:21 PM »
"This patch file will provide security and bug fixes to your SMF 2.0.5 forum."

Well, yeah...
And his eyes have all the seeming of a demon's that is dreaming,
And the lamp-light o'er him streaming throws his shadow on the floor