[Compuart]

Simple Machines is happy to release a new update to Simple Machines 1.0 and 1.1. This release addresses an input validation vulnerability of the X-Forwarded-For header. Also two small issues regarding search and polls have been addressed.

Note that the fix for the SMF 1.0.x branch will be released as new version 1.0.7, while the fix for the 1.1 RC2 branch will merely be released as patched version, the version of the forum will remain 1.1 RC2 (therefor, most of the modifications should remain compatible).  It should be noted that we have provided one update package that patches versions 1.0.5, 1.0.6, and 1.1 RC2.

If you currently have installed 1.0.5, 1.0.6 or 1.1 RC2, you can do either of the following to upgrade:
* Use the package manager in your administration center - one click, and you're done.
* Download the update archive file from the download page, and upload all of the files from it.
* Download the modification file, attached to this message, and modify the files manually according to it.

[winrules]

thank you
will install asap
nice to see the security vulnerbilites are fixed fast

[Prasad007]

Wow! Thanks guys for the speedy updating!
and THATS why your the best!


but how am i supposed to install the rc2 patch ?

[vbgamer45]

I did like about 10 boards in like a couple minutes. For SMF 1.1 RC2 just goto your package manager and quick on the link that's the easy way.

[Prasad007]

I did like about 10 boards in like a couple minutes. For SMF 1.1 RC2 just goto your package manager and quick on the link that's the easy way.

Oh thanks!
Got it done!

[HarzeM]

Thanks for the fixes, Compuart and the other team members also.

Don't forget to update news bar above, "News: If you're not yet using the latest version, SMF 1.0.6, please upgrade as soon as possible."

[Thantos]

Thanks Harzem

[aw06]

Noob question .. i applied patch .. it still works even thou im not using the default theme right 

[Prasad007]

Noob question .. i applied patch .. it still works even thou im not using the default theme right 

i believe so, there are no template changes.

[Marcus J]

I click the "update" link in the admin area.  It gives me this response:  "The package you are trying to download or install is either corrupt or not compatible with this version of SMF."  I an running 1.0.6... what is the problem?

-Mookey

[Prasad007]

maybe thats for 1.1 ...

[aw06]

Patch did not fix the subject cache error ... guess have to wait for 1.1final for that fix .. and why is my english language file showing up as 1.0 and higlited in red 

[Marcus J]

You think the auto update through Admin is only for the 1.1?  Okay...

But I am nervous about uploading the files contained in the zip.  Are they going to overwrite my current folders, like attatchments, and the like?  I am very new to this, please help!

-Mookey

[moshi]

My question is would this erase all modifications I made through the source codes including packages I downloaded before?? 

[Die Brett Die]

When you do the update, it will only update the files affected.  Those files are listed in RED when you do a detailed version check from the admin panel.  No template/avatar/image files are modified.  Only the core source is modified/replaced in this update.

It is safe to update this as long as you have not modified the core of SMF (why would anyone do that ? ).  It works with all templates/styles, and doesn't overwrite anything already on your server.

And if you FTP it up to your server, what's on there is only overwritten if you allow it.  If a file is on your server that isn't in the directory being uploaded, it won't be trashed.  It will be ignored.

Hope that helps!!

[max]

I got a message "Session verification failed.  Please try logging out and back in again, and then try again" when trying to update from the admin center. Is this because my forum (SMF 1.1 RC2) is bridged with Joomla! (1.0.8)? I can of course do manual update, but in the future it would be nice if I could run the updates from the admin center... :(
Any workarounds?

[azc]

Hello,

Anyone know when (if?) the updated 1.1 RC2-1 files:

Poll.php,
QueryString.php, and
Search.php

will be included in either 'smf_1-1-rc2_install.zip', or 'smf_1-1-rc2_update.zip', or 'smf_1-1-rc2_upgrade.zip' files in the Download Section?

Thanks

[aw06]

When you do the update, it will only update the files affected.  Those files are listed in RED when you do a detailed version check from the admin panel.

My language files current version is showing up as 1.0 ?

[Bigguy]

I did the update from the admin panel with joomla 1.0.8 and smf1.1rc2 and absolutley no problems here. That I can see. I have logged out and back in again with no problems.

[forumite]

Thanks for the patch.

Minor typo I noticed in SMF_1-0-6_to_1-0-7_patch.mod:

Code: [Select]

<edit file>
$boarddir/changelog.txt
</edit file>

<search for>
SMF 1.0.6                                                        15 January 2006
================================================================================
December 2005:
--------------------------------------------------------------------------------
</search for>

<add before>
SMF 1.0.7                                                          29 March 2006
================================================================================
March 2005:

I assume the last line above should be:

Code: [Select]

March 2006: