News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

SMF 2.0.1 and 1.1.15 critical security patches released

Started by Norv, September 18, 2011, 06:24:43 PM

Previous topic - Next topic

knagl


Hj Ahmad Rasyid Hj Ismail

If it is just a patch, can we have the patch in form of a mod. It is no point upgrading the version number since it will affect others such as the mod installation as well as removal. I believe we have done this before where back in RC4. Just a point to ponder.

青山 素子

Quote from: ahrasis on September 21, 2011, 10:10:18 PM
If it is just a patch, can we have the patch in form of a mod. It is no point upgrading the version number since it will affect others such as the mod installation as well as removal. I believe we have done this before where back in RC4. Just a point to ponder.

That's already the case for 2.0 to 2.0.1 and 1.1.14 to 1.1.15. There has never been an actual package manager upgrade for pre-release (beta and rc versions). The only package manager items for pre-releases were for critical security issues where a version bump would not be called for.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


Hj Ahmad Rasyid Hj Ismail

I don't quite understand. Can you explain why we need to download the whole package again, when the security patches could be just a small mod to patch current 2.0 package without changing its version to 2.0.1?

Illori

the patch contains the same updated code as the normal upgrade packages, it just depends on any issues you face in the upgrade which will work for you at this point, you do NOT need to use the large upgrade package if you are running 2.0 or 1.1.14.

Gary

Quote from: Illori on September 22, 2011, 05:52:03 AM
you do NOT need to use the large upgrade package if you are running 2.0 or 1.1.14.
Unless of course you're gonna go from 1.1.14 to 2.0.1 :P
Gary M. Gadsdon
Do NOT PM me unless I say so
War of the Simpsons
Bongo Comics Fan Forum
Youtube Let's Plays

^ YT is changing monetisation policy, help reach 1000 sub threshold.

Aleksi "Lex" Kilpinen

Quote from: ahrasis on September 22, 2011, 01:52:35 AM
I don't quite understand. Can you explain why we need to download the whole package again, when the security patches could be just a small mod to patch current 2.0 package without changing its version to 2.0.1?
Like always with 1.1 and 1.0 - you can now update 2.0 through the admin panel, following the link in the notification.

Or, you can grab a package manager update from here http://custom.simplemachines.org/upgrades/
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

espy



bayette

Une simplicité enfantine la mise à jour : bravo !! :)

Akule

#110
Quote from: Kindred on September 19, 2011, 11:26:56 AM
Quote from: Rohan_ on September 19, 2011, 10:40:59 AM
May I have the changelog of 1.1.15 ?

try looking? The 1.1.15 changelog is in the list
http://download.simplemachines.org/index.php?thanks;filename=smf_1-1-15_changelog.txt

Wow. You're abrasive to new users. Customer service refresher seems to be needed for the marketing guy? Oh, and It's not.


img26.imageshack.us/img26/8153/smfdownloads13167271363.png/
(I would have it automatically link to an image proving such, but...add http:// )

Basically, from the link provided in the beginning of the thread to download.simplemachines.org/, the only changelog that is listed for us, mere end users, is SMF 2.0.1. For that matter, the only download listed on that page is 2.0.1. There isn't a link at all at the beginning of this thread to SMF 1.1.15's update.

Now, if I go to Package Manager Updates -> SMF 1.1.14 to SMF 1.1.15, then I can see what the file edits are, but not the changelog. For the changelog, I have to go to Archived Releases, where I can see every update since the beginning, which is not new user friendly.

For new users, I would recommend: download.simplemachines.org/?archive;version=64 (add http:// ), where you can see everything for SMF 1.1.15.

Is there a way we can get a link for the SMF 1.1.15 files on the first post in this thread? I imagine you'll get tired of constantly telling some people where to go when they skip to the end of the thread to post their request for the files and the changelog.

lelynx

after upgraded to 1.1.15, i'm getting this message at the bottom of my page

Sorry, the copyright must be in the template.
Please notify this forum's administrator that this site is missing the copyright message for SMF so they can rectify the situation. Display of copyright is a legal requirement. For more information on this please visit the Simple Machines website.

any idea how/where to add in the copyright?
thanks

Ricky.

Somehow your template got messed,

Add theme_copyright() somewhere in your index.template.php  and you should be fine.

lelynx

The theme_copyright() is there at my code before the upgrade.
Extracted from my index.template.php.
Any idea what's wrong here? Syntax error?

// Show the "Powered by" and "Valid" logos, as well as the copyright. Remember, the copyright must be somewhere!
   echo '<div style="white-space: nowrap; padding: 10px; text-align: center;" class="smalltext">
                                        ', theme_copyright(), ' <br />
               <a href="hxxp:validator.w3.org/check/referer [nonactive]" target="_blank">XHTML</a> |
               <a href="hxxp:jigsaw.w3.org/css-validator/check/referer [nonactive]" target="_blank">CSS</a> |
               <b>', $context['mycolor']=='_terra' ? 'Terra97' : 'Aero79' ,'</b> design by <a href="hxxp:www.tinyportal.net [nonactive]" target="_blank">Bloc</a>';


Aleksi "Lex" Kilpinen

If you are using an alternative language, make sure to test with english - and see if the error goes away.
If it does, then the problem is with your language pack.
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

lelynx

i'm using normal english as the language pack
anymore idea?

Illori


MotRude

Is this an easy install to the 2.0? I Do not wan't to have to install all my mods over again.

Ventic

Quote from: motleyrude on September 23, 2011, 02:55:28 PM
Is this an easy install to the 2.0? I Do not wan't to have to install all my mods over again.
Quote from: Ventic on September 19, 2011, 12:46:48 PM
well i got an idea,since when i was trying to upgrade via the package i saw that i can see the changes that have been made.so i cant change those 5-6 files manually too?
it will work or not

Kindred

Quote from: Kindred on September 19, 2011, 12:53:43 PM
Ventic,

You can either use the upgrade archive file and lose all your mods or use the package manager update and keep all your mods.  Your choice.

If you want to manually apply the updates, then download the package manager update, extract the XML and read through that for instructions on what files and code to manually update.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Advertisement: