Simple Machines Community Forum

Simple Machines => News and Updates => Topic started by: Grudge on December 16, 2006, 08:55:37 AM

Title: SMF 1.0.10 Release
Post by: Grudge on December 16, 2006, 08:55:37 AM
Following a security report from Jessica Hope/rotwang Simple Machines is happy to release a patch for all users still running SMF 1.0.9. This patch can be installed directly from your admin center by visiting the package manager. We would urge all users of SMF 1.0.9 and below to upgrade to SMF 1.1.1 but we will continue to patch the SMF 1.0 line as required.

Note: This patch is only for users of SMF 1.0.x - any user running any version from the 1.1 line should visit this topic (http://www.simplemachines.org/community/index.php?topic=134971.0)

Users who would like to download the full SMF 1.0.10 package can find it on the archive (http://www.simplemachines.org/download/?archive) page.

Thanks,

Simple Machines
Title: Re: SMF 1.0.10 Release
Post by: Bernak on December 18, 2006, 10:11:35 AM
Thanks for the update!
Because an incompatibility issue I can't upgrade to 1.1 ....  :-\
Thanks for keeping the 1.0 versions with the important security updates! :)
Title: Re: SMF 1.0.10 Release
Post by: Zenigata on December 18, 2006, 11:07:19 AM
It works. Thanks.
Title: Re: SMF 1.0.10 Release
Post by: Ohmer on December 18, 2006, 05:33:11 PM
Thanks for the backport !
Title: Re: SMF 1.0.10 Release
Post by: adamkemp on December 19, 2006, 01:12:15 AM
How can I patch a modded forum safely? I can only find packages which will completely overwrite existing files. Is there a diff I can use?
Title: Re: SMF 1.0.10 Release
Post by: Dannii on December 19, 2006, 02:37:11 AM
You can use the attachment in the first post.
Title: Re: SMF 1.0.10 Release
Post by: Daniel15 on December 19, 2006, 03:49:54 AM
Quote
How can I patch a modded forum safely? I can only find packages which will completely overwrite existing files. Is there a diff I can use?
As eldacar said, you can install it via the Package Manager in your SMF admin panel. I believe it will tell you there's an update, but if it doesn't, upload the file attached to the first post (under 'Upload Package')

EDIT: There's a spelling error in a comment, by the way:
Quote
// Do we have a mime type we can simpy use?
:P
Title: Re: SMF 1.0.10 Release
Post by: Insight on December 19, 2006, 06:30:27 AM
I have downloaded it quite a few times now with av on and off and winrar is telling me the files within it are corrupt.

They look alright when I view them, any ideas?
Title: Re: SMF 1.0.10 Release
Post by: Dannii on December 19, 2006, 06:48:14 AM
What matters isn't whether winrar thinks they're corrupt (and it's a silly program anyways) but whether the server does. Can you install them?
Title: Re: SMF 1.0.10 Release
Post by: Insight on December 19, 2006, 06:49:50 AM
I'll give it a try ...

yup worked, thanks :)
Title: Re: SMF 1.0.10 Release
Post by: adamkemp on December 21, 2006, 02:29:56 AM
I'm sorry, I didn't see the attachment. I'll try it.

Thanks.
Title: Re: SMF 1.0.10 Release
Post by: KGIII on December 21, 2006, 02:47:32 AM
We would urge all users of SMF 1.0.9 and below to upgrade to SMF 1.1.1 but we will continue to patch the SMF 1.0 line as required.

I can't seem to find a clear answer anywhere. I may have missed it or my search terms just might not have matched it to decent content. I have three clients whom, for reasons of their own, simply can't upgrade at this time. As this is a shared server environment and, frankly, one that my employees and myself are ultimately accountable for we have a policy that disallows insecure code on the system - within reason.

I'm not too concerned, and surely not concerned yet, but there's going to come a time when you can't really support old code I suspect. No matter how ideal, no matter how important, it simply seems to be unrealistic to expect you to. (Thanks for doing it for however long you can and do do it.)

Is there a set date or condition as to when support for the older version will expire? I have read everything from "for as long as we can" to "forever" I believe. The first is not very specific and the second is probably impossible.

I don't ask to be a pain... Reall... Well not to be a pain to you guys... Instead I ask so that I can poke and prod them into upgrading their themes to 1.1 and moving along or at least tell them when we'll have to insist that they do. As much as we'd like to be idealists and say, "It is your space, do with it as you will" there are more and more laws coming into play as well as more and more people looking for legal accountability and in a shared server environment vulnerabilities are best squished when found.
Title: Re: SMF 1.0.10 Release
Post by: Daniel15 on December 21, 2006, 04:31:38 AM
Quote
Is there a set date or condition as to when support for the older version will expire?
I'd take a guess and say it will be supported until the next major version of SMF (1.2? 2.0?) comes out. This is only a guess though, don't take my word on it ;)
Title: Re: SMF 1.0.10 Release
Post by: KGIII on December 21, 2006, 04:48:21 AM
Quote
Is there a set date or condition as to when support for the older version will expire?
I'd take a guess and say it will be supported until the next major version of SMF (1.2? 2.0?) comes out. This is only a guess though, don't take my word on it ;)

LOL That's what I'd "guessed" as well but hadn't any hard or fast evidence to support it. 1.0.10 rolling down the pipes didn't help my case much but I think they understand that eventually they WILL have to upgrade for security reasons. I won't delve into it here but, well, why is it people will maintain a car but when it comes to an operating system, security application, or even software that they use for their site that folks are so inclined to say, "I have what I need, I won't go past here?" *sighs*

That's a whole other thread entirely though. One more suited for the chit chat section but thanks for at least confirming that another person thinks the same things I was thinking. Though momentum suggests that next version is going to roll down the pipes faster than 1.1 did. ;)
Title: Re: SMF 1.0.10 Release
Post by: Dannii on December 21, 2006, 06:22:43 AM
Also - we should be supporting 1.0 with security patches indefinetely IMHO. There's no great need not to IMHO.
Title: Re: SMF 1.0.10 Release
Post by: KGIII on December 21, 2006, 07:53:49 AM
Also - we should be supporting 1.0 with security patches indefinetely IMHO. There's no great need not to IMHO.

If SMF does do that and sustains it they'll be the first and only. I'll give kudos where they're due and so my expectation is that, if there is any team capable or willing? It'd be this one. On the other hand, it seems unlikely and unrealistic but what the heck? I'll root for you. :)
Title: Re: SMF 1.0.10 Release
Post by: Vinspire on December 21, 2006, 10:05:57 PM
Is this the patch I need to use for RC 3 ?
Title: Re: SMF 1.0.10 Release
Post by: Dannii on December 21, 2006, 11:24:11 PM
No, this is for 1.0.9 ONLY.
Title: Re: SMF 1.0.10 Release
Post by: Vinspire on December 22, 2006, 12:00:43 AM
No, this is for 1.0.9 ONLY.

Then how do i patch it up if i am using 1.1 RC 3 ? :)
Title: Re: SMF 1.0.10 Release
Post by: Dannii on December 22, 2006, 12:09:53 AM
Go to the download page, and use the 'Large Upgrade' package, or just use the Webinstaller. That will take you to 1.1.1.
Title: Re: SMF 1.0.10 Release
Post by: Vinspire on December 22, 2006, 12:24:36 AM
Go to the download page, and use the 'Large Upgrade' package, or just use the Webinstaller. That will take you to 1.1.1.

means the only way is upgrade it to 1.1.1 right ? no other way of patching it huh ? my mods in custom theme ... sad  :'(
Title: Re: SMF 1.0.10 Release
Post by: Dannii on December 22, 2006, 12:56:23 AM
There's no patch for 1.1 RC3 sorry.
Title: Re: SMF 1.0.10 Release
Post by: 青山 素子 on December 23, 2006, 07:12:28 PM
If SMF does do that and sustains it they'll be the first and only. I'll give kudos where they're due and so my expectation is that, if there is any team capable or willing? It'd be this one. On the other hand, it seems unlikely and unrealistic but what the heck? I'll root for you. :)

The Apache Foundation has managed to do this with their web server product. They are maintaining the 1.3, 2.0, and 2.2 branches just fine.

Since the released SMF versions are feature-locked, it isn't too impossible to continue patching SMF. The only think I could think that would stop it would be if there was a problem with the architecture itself that prevented patching.


I won't delve into it here but, well, why is it people will maintain a car but when it comes to an operating system, security application, or even software that they use for their site that folks are so inclined to say, "I have what I need, I won't go past here?" *sighs*

Because it is the same car, they are just doing the things that keep it running. A better analogue is keeping updated on patches and such. Moving versions would be a different car (or just buying a newer model year).
Title: Re: SMF 1.0.10 Release
Post by: KGIII on December 23, 2006, 09:38:26 PM
Since the released SMF versions are feature-locked, it isn't too impossible to continue patching SMF. The only think I could think that would stop it would be if there was a problem with the architecture itself that prevented patching.

That and time I suspect. I think it is fantastic the way that folks like you dive in, help out, and contribute as much as you do. If it is anything like any of the projects I've been involved with then time is a killer. Lack of time has killed some of the best features, ideas, etc...

Either way, I'll root for you. If anyone can manage it, maybe you folks can, you seem to have one of the more tightly knit communities.
Title: Re: SMF 1.0.10 Release
Post by: CiHaD on March 16, 2007, 08:28:29 AM
thanks
Title: Re: SMF 1.0.10 Release
Post by: Thantos on March 16, 2007, 02:15:46 PM
Ok closing this up.  Please post any support concerns to the support boards.  Thanks.