Dear users,
Simple Machines Forum is pleased to announce the next security update for the SMF 2.0 product line.
To ensure the continued security of your forum it is advised that you update to SMF 2.0.5 without delay. These vulnerabilities do not impact the SMF 1.1.X branch.
If you are running 2.0.4, you can update your forum to 2.0.5 using the built in package manager. You should see the upgrade notification in the admin panel and in the package manager, allowing you to download and install seamlessly. If you don't have a notification about the update, please run the scheduled task "Fetch Simple Machines files" from the administration panel (Admin -> Maintenance -> Scheduled Tasks). You can also download the update for 2.0.4 from the customize site (http://custom.simplemachines.org/upgrades/): smf_patch_2.0.5.tar.gz, and install it using the package manager.
If you use an older version of SMF, you can upgrade it with the full upgrade packages from the downloads page (http://download.simplemachines.org/). Note that this will remove all installed mods! It is recommended to use the patch as described above.
As always you can find more instructions on our wiki:
upgrading (http://wiki.simplemachines.org/smf/Upgrading)
patching (http://wiki.simplemachines.org/smf/Patching)
Support is available to all users for this upgrade, but it will only be provided in the support board: http://www.simplemachines.org/community/index.php?board=147.0
Please do not use this topic for support related inquiries.
Charter Members can file a ticket for any assistance or assisted upgrades through the help desk.
Thank you,
SMF Team
Thanks for the update.
Thanks guys, good work team! :)
well done team :D
Well done !
Time to see how many people think this is related to the recent security breach (http://www.simplemachines.org/community/index.php?topic=508232.0).
Quote from: Liam. on August 12, 2013, 09:04:45 PM
Time to see how many people think this is related to the recent security breach (http://www.simplemachines.org/community/index.php?topic=508232.0).
Not sure if your post was intended as flamebait, but either way: No, it's not related.
That should already become clear the moment you read that announcement. :)
Liam. I predict a few people will think they are related its human nature. But they will be incorrect as we all know.
Quote from: CoreISP on August 12, 2013, 09:11:07 PMNot sure if your post was intended as flamebait, but either way: No, it's not related.
That should already become clear the moment you read that announcement. :)
It wasn't meant to be flame bait, and I know it's not related. It's pretty clear, but there were still people in that thread that didn't manage to understand it regardless of how clear it was!
Quote from: Liam. on August 12, 2013, 09:29:36 PM
It wasn't meant to be flame bait, and I know it's not related. It's pretty clear, but there were still people in that thread that didn't manage to understand it regardless of how clear it was!
Ah, good :)
Yes, there were. And I'm afraid, as Runic points out, there always will be. :(
But... That won't stop SMF from making awesome releases when deemed necessary of course! :)
Thanks for your support!
WOOT WOOT!!
I was just thinking about 2.0.5 today lol. XD
see we read your mind ..... mwahahahahaha
Damn, my site is not even open yet and I already need a patch? ;D
No upgrade notification in the admin panel or the package manager but the downloaded patch installed without a hitch. Thanks peeps. ;)
Quote from: ARG on August 12, 2013, 10:03:10 PM
Damn, my site is not even open yet and I already need a patch? ;D
No upgrade notification in the admin panel or the package manager but the downloaded patch installed without a hitch. Thanks peeps. ;)
As a reminder, please run the "Fetch Simple Machines Files" task if you don't see upgrade notifications:
Admin -> Maintenance -> Scheduled Tasks
Check the box in the "Run Now" column next to "Fetch Simple Machines Files" (3rd from the bottom of the list)
Click the "Run Now" button
Thanks, great work. :)
Quote from: Μπράιαν "Poύνικ" Ντίκεν on August 12, 2013, 10:02:43 PM
see we read your mind ..... mwahahahahaha
You sure do. :) :D XD!!!!!
Thanks all
Well done! Thanks.
Good work guys.
Well done.
well done.
thx ^_^
Upgraded without any problem with below modifications, thank you
1. Simple Image Upload 1.4.0
2. SMFPacks Shoutbox 1.0.4
3. Users Online Today 2.0.3
4. Smiiliis 1.0
5. No Download Attachment 1.0
6. SMF 2.0.5 Update 1.0
Nice work. :)
Quote from: Oldiesmann
...These vulnerabilities do not impact the SMF 1.1.X branch...
You haven't listed any vulnerabilities; it would be good to see what's been fixed/improved, as other software providers do.
4 sites with 2 different theme, and a combined total of over 200 mods (But, all 4 use same, so mod count is actually about 50. :P ).
Update installed perfectly.
Had to do the above listed Run Now on 2, but everything worked fine. :)
Ah life is good, updated forum on one site over my mobile (cellphone for the US peeps) all working grand. :)
Thanks for the update.
Thanks to the SMF team. :D
Shambles, we have never listed the corrected vulnerabilities in the announcements. That would just make it easier for anyone who had bad intentions to find a site which has not upgraded and try them out on that site.
well done devs
First THANKS! for the reminder email I got as a member here, as my MEM is not that great anymore and I need these little reminders! ;)
GREAT JOB DEV's 8)
I used the package manager and it was fast and slick as ]-[eLL like always!
Keep up the fantastic support to us, that we have come to expect only the BEST from the BEST!
Quote from: Shambles on August 13, 2013, 04:54:24 AM
Quote from: Oldiesmann
...These vulnerabilities do not impact the SMF 1.1.X branch...
You haven't listed any vulnerabilities; it would be good to see what's been fixed/improved, as other software providers do.
The changelog contains at least some kind of description of what has been fixed. ;)
Quote from: emanuele
The changelog contains at least some kind of description of what has been fixed. ;)
I used the mod parser to see what was in it :)
The pedant within me was simply querying why the phrase
"These vulnerabilities" was used when no such vulnerabilities are actually mentioned.
That was my first thought with the breach not a distant memory. But I don't know that much either. Even so, I'm grateful for the support here. Thanks, team!!
Any language files change? (seems not but...)
First of all, thank you very much for SMF support.
Now, the questions: must I uninstall my mods (10) and reinstall after the upgrade?
My site has got many mods translated in spanish in separate php files with spanish strings. Will I lose translations?
I am worried because I've made a big modification with a customized theme and SMF Gallery Pro.
Thank you.
Quote from: GravuTrad on August 13, 2013, 09:33:28 AM
Any language files change? (seems not but...)
Check yourself:
http://custom.simplemachines.org/upgrades/index.php?action=upgrade;file=smf_patch_2.0.5.tar.gz;smf_version=2.0.4
Quote from: zarachrome on August 13, 2013, 09:41:02 AM
Now, the questions: must I uninstall my mods (10) and reinstall after the upgrade?
No, just go to the admin panel and install the patch as a normal mod.
Yes i checked the xml file, thanks ema.
Quote from: emanuele on August 13, 2013, 09:42:23 AM
Quote from: zarachrome on August 13, 2013, 09:41:02 AM
Now, the questions: must I uninstall my mods (10) and reinstall after the upgrade?
No, just go to the admin panel and install the patch as a normal mod.
Ah, Ok. Good news.
Thank you very much :)
Awesome!!
Nice job on the patch guys.
Please don't suggest that people should re-run the Fetch SM Files task. It's run on an infrequent basis (no less than once a week) to avoid the servers here being hammered...
Great well done..........Also a high five for the translation teams for updating the language packs
Thanks for the update.
[/size]Good Work
That was almost ridiculously easy, smooth and seamless! Thanks guys :)
lol I got the white screen of death.
Serves you right for using 00000webhost :P
Quote from: ChalkCat on August 13, 2013, 03:13:26 PM
Serves you right for using 00000webhost :P
hahaha. I'm on a vps with a diff provider. I'm rollin!
Outstanding as always!
(https://www.simplemachines.org/community/proxy.php?request=http%3A%2F%2Fimg.photobucket.com%2Falbums%2Fv647%2Fvtel57%2FForum%2520Posts%2Ffirst-place-blue-ribbon_zps68d80c84.gif&hash=11d7167b425aa245d5877bfaa5a2c4c90cfb2f35)
Thanks very much to all of you who work so hard to make Simple Machines a first rate product. :)
~Eric
Thank you great job installed it on my test forum and works fine with all my mods then upgraded my main forum and so far so good. :)
thx you very you very much
Read through the parsed install.. simple and clean changes.
- Backed up database.
- Backed up files.
- Snapshot backup of the file system for quick reversion if something goes wrong.
- Uploaded package.
- Shot of vodka. (This step is critical.)
- Clicked Install.
- Closed eyes... peaked...
Installed perfectly fine. No issues at all. :)
Updated in 10 seconds flat.
I take it, that's a good thing? :P
I'm using he update your forum link from the admin area and I keep getting this.
Not Acceptable
An appropriate representation of the requested resource /index.php could not be found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
---
I normally use IE and was getting a window with no real info in it, so I tried FF and got the above. All my sites are doing it but all are functiong just fine.
Edit: Stricken out since I guess I made one of those SMF snafu's lol
This thread is not for support... Please open a support thread.
Thank you so much - I updated without any problems. You are great :D
Short, quickly, easy. Great as always
Many thanks.
(https://www.simplemachines.org/community/proxy.php?request=http%3A%2F%2Fwww.likeateam.com%2Fwp-content%2Fuploads%2F2012%2F09%2Fdid-you-do-a-good-job-at-work-today.png&hash=3cfe0be3ffd26299977a478c30d32ff681433c27)
Brilliant, thanks!
Great thanks.
thanks for new.
Thanks for the update!
Bueno, gracias
Installed using package manager, still being told that files are out of date and the footer says 2.0.4.
then it did not fully apply the package update patch...
Great announce, thanks!
Thanks for your effort and work!
Thank You.
I get this when I click the link to update to 2.0.5:
Forbidden
You don't have permission to access /forum/index.php on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
please create a new topic in the relevant support section.
Oldiesmann thanks for the upgrade. Keep rocking and make us safe from attackers and spams.
Found the version was not changed to 2.0.5 in my forum after upgrade :-X
Quote from: A.SK on August 15, 2013, 04:54:10 PM
Found the version was not changed to 2.0.5 in my forum after upgrade :-X
Quote from: Kindred on August 15, 2013, 12:57:03 AM
then it did not fully apply the package update patch...
;)
No. The large upgrade will remove any mods you have.
Grab the patch (since that's all it is) from http://custom.simplemachines.org/upgrades/
Quote from: Arantor on August 16, 2013, 04:28:10 PM
No. The large upgrade will remove any mods you have.
Grab the patch (since that's all it is) from http://custom.simplemachines.org/upgrades/
I had deleted my post because I didn't see the link in the first post... But thanks anyway!
EDIT: And I installed it successfully! :)
Upgraded my forum from 2.0.4 to 2.0.5. It was so quick and easy.
Thanks a lot to everyone who has contributed to this upgrade.
thanks ;)
(https://www.simplemachines.org/community/proxy.php?request=http%3A%2F%2Fimg585.imageshack.us%2Fimg585%2F5736%2Fqp17.jpg&hash=ae0b4a2b87faa2e32f1ccc9cc3035e44202f3249)
Thanks for your care. As you know me already as a "bothering" brother with disturbing questions while common satisfaction, I thought I would not be able to lose more reputation and kindly request: what the exact content, issue and effect of this update is.
That would - how ever - not limit any approximate gratitude.
Thanks for enlightenment and public information in advanced!
@Johann B
Quote from: emanuele
Check yourself:
http://custom.simplemachines.org/upgrades/index.php?action=upgrade;file=smf_patch_2.0.5.tar.gz;smf_version=2.0.4
Or if you want a generic idea of what has been fixed go to http://download.simplemachines.org/ and download the changelog.
Quote from: Tony Reid on August 19, 2013, 08:15:13 AM
@Johann B
Quote from: emanuele
Check yourself:
http://custom.simplemachines.org/upgrades/index.php?action=upgrade;file=smf_patch_2.0.5.tar.gz;smf_version=2.0.4
Thanks for your generous share and detail explaining. Even every string and space is visible.
is there any notification mod like one on facebook for smf forum...when i qoute someone or like his post that he get notification not on mail???
(https://www.simplemachines.org/community/proxy.php?request=http%3A%2F%2Fwww.firstpost.com%2Fwp-content%2Fuploads%2F2012%2F06%2FFacebook_notifications_screengrab.jpg&hash=de4a0ad57da2d8691f74f8293a77e14085c026cc) something like that but only for notification...2.0.4. version
I don't believe so.
some forums have maybe you can adjust that with vbulletin?
Maybe but not with SMF at this time, and I doubt anyone here wants to pay $200 for the latest incarnation of vBulletin complete with missing features, like it launching without any way to warn users.
i'm :-\ why they don't make notification mod? is that hard to make one?
There's the ENotify (http://custom.simplemachines.org/mods/index.php?mod=2198)mod but I've never used it. This isn't the place for this discussion though, this is about the security patch.
ummm.... Why the heck are you asking this question in the version release announcement thread? This thread is not for support and your questions and comments have nothing at all to do with the release.
We have upgraded to 2.0.4 and then to 2.0.5 few days ago, I logged in today in the admin page and I see this:
Version Information:
Forum version: SMF 2.0.5
Current SMF version: SMF 1.1.18
Why is the current pointing to 1.1.x ? Is there a way to fix this? May this cause any problems with future upgrades?
Because your SMF had a problem while fetching the latest version from the sm.org servers.
Nothing to worry about, it will clean up by itself.
Thank you for update, you all make a great work !!!!
I want to ask, if i install a new theme, and i already have modified the previsious theme with some plugins and pacakges. Will remain this modifications, on the new theme ?
Thank you again!
there were no changes to template files
as for your question - it is not relevant to the security patch - but no. If you add a new theme, any mods which affect the templates used by that theme would have to be manually applied
Congrats on the new version of SMF!
such long time not going to this forum
I didn't know if SMF is already on 2.0.5 version
Quote from: zainilove on September 24, 2013, 06:58:10 PM
such long time not going to this forum
I didn't know if SMF is already on 2.0.5 version
The fact this topic is out and says that '2.0.5 patch is released'... yes, SMF is on 2.0.5.
Pretty sure something was lost in translation there =p
Quote from: Oldiesmann on August 12, 2013, 08:34:06 PM
Dear users,
Simple Machines Forum is pleased to announce the next security update for the SMF 2.0 product line.
To ensure the continued security of your forum it is advised that you update to SMF 2.0.5 without delay. These vulnerabilities do not impact the SMF 1.1.X branch.
If you are running 2.0.4, you can update your forum to 2.0.5 using the built in package manager. You should see the upgrade notification in the admin panel and in the package manager, allowing you to download and install seamlessly. If you don't have a notification about the update, please run the scheduled task "Fetch Simple Machines files" from the administration panel (Admin -> Maintenance -> Scheduled Tasks). You can also download the update for 2.0.4 from the customize site (http://custom.simplemachines.org/upgrades/): smf_patch_2.0.5.tar.gz, and install it using the package manager.
If you use an older version of SMF, you can upgrade it with the full upgrade packages from the downloads page (http://download.simplemachines.org/). Note that this will remove all installed mods! It is recommended to use the patch as described above.
As always you can find more instructions on our wiki:
upgrading (http://wiki.simplemachines.org/smf/Upgrading)
patching (http://wiki.simplemachines.org/smf/Patching)
Support is available to all users for this upgrade, but it will only be provided in the support board: http://www.simplemachines.org/community/index.php?board=147.0
Please do not use this topic for support related inquiries.
Charter Members can file a ticket for any assistance or assisted upgrades through the help desk.
Thank you,
SMF Team
thank you,,,,,i like this forum...thanks again to smf team
Thanks guys, good work team! :D
Br,
HANIF
Can this package used to upgrade from 2.0.2?
the patch PACKAGE from the package manager? No.
The patches must be applied from version to next version
2.0.2 -> 2.0.3 -> 2.0.4 -> 2.0.5
The large upgrade archive CAN be applied to ANY previous version - but will remove all of your mods in the process.
If I upgrade from
2.0.2 -> 2.0.3 -> 2.0.4 -> 2.0.5, I won't lose mods?
Correct, if you use the patches to go from version to version (and NOT the large upgrade) you will not lose mods.
Thanks for the help with it mate.
if you use the PATCH files in the PACKAGE MANAGER, no, you won't lose mods....
If you use ANY of the "large upgrade" archives, then yes.. you will
ninja'd.....
Also it might be worth locking this; it's been two months since this was announced.