Simple Machines Community Forum

Simple Machines => News and Updates => Topic started by: Norv on September 18, 2011, 06:24:43 PM

Title: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Norv on September 18, 2011, 06:24:43 PM
Hello all,

Simple Machines Forum project has released SMF 1.1.15 and SMF 2.0.1 security patches for the SMF community.
Critical security issues have been identified and fixed with this patch, therefore it is highly recommended to make sure you update your forums immediately.

Please find the changelog as usual, on the downloads page: http://download.simplemachines.org/

Please do not use this topic for support requests. You will get a much quicker and better response by posting in the relevant support board!

Regards,

Simple Machines Forum project
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Aaron on September 18, 2011, 06:25:48 PM
Glad to see this one released. Congrats. :)
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: -=[Vyorel]=- on September 18, 2011, 06:27:23 PM
Wow. Congratulations SMF Team!
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Akyhne on September 18, 2011, 06:29:17 PM
Werll done team
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: catfished on September 18, 2011, 06:30:33 PM
Yeah, I already upgraded when I went into my admin cp earlier and found that 1.1.15 (http://www.simplemachines.org/community/../) was ready with a one click upgrade so I upgraded both of my forums in seconds! Great work guys and gals. ;D
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Looking on September 18, 2011, 06:36:02 PM
Thanks for the update but the 1.1.15 changelog (http://download.simplemachines.org/index.php?thanks;filename=smf_1-1-15_changelog.txt) is missing?
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Oldiesmann on September 18, 2011, 07:11:24 PM
Note to SMF 2.0 users...

If this isn't showing up in your admin center, you have a couple of options:
Download it from the Upgrades Site (http://custom.simplemachines.org/upgrades) and install it through the package manager
Run the "Fetch Simple Machines Files" scheduled task as follows:
Admin -> Maintenance -> Scheduled Tasks
Check the box in the "Run Now" column next to "Fetch Simple Machines Files"
Click the "Run Now" button
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Adish - (F.L.A.M.E.R) on September 18, 2011, 07:15:46 PM
Congratz Team :)
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: sonficyus on September 18, 2011, 08:37:29 PM
Thanks a lot...

We are looking forward to SMF 2 which seo entegrated...
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: rickmastfan67 on September 18, 2011, 08:41:41 PM
Quote from: Looking on September 18, 2011, 06:36:02 PM
Thanks for the update but the 1.1.15 changelog (http://download.simplemachines.org/index.php?thanks;filename=smf_1-1-15_changelog.txt) is missing?

I'll second this.  Would like to see the changelog for 1.1.15.

That and what changes are made to the files and if any changes are made to the "theme" files so I can see if I need to do any manual changes for the custom themes that are run at a forum I admin.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: vagrant on September 18, 2011, 09:12:47 PM
Thanks for all the hard work team to keep us safe.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: tragidy on September 18, 2011, 09:38:18 PM
Thanks for the update, Would love to see the change log as this breaks a few things like portals and aeva...


Since the update I cannot even view server settings...
Session verification failed. Please try logging out and back in again, and then try again.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: MLM on September 18, 2011, 09:44:02 PM
How long does it take to get the notification in your admin control panel. I was editing my private board when I saw it and it installed just like a mod which is amaaaazzing compared to upgrades I have done before. For some reason my public forum does not have this notification thing yet. And the downloads section does not have the mod type upgrade with individual edits.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Oldiesmann on September 18, 2011, 09:53:23 PM
If it's on 2.0, see my post above...

Quote from: Oldiesmann on September 18, 2011, 07:11:24 PM
Note to SMF 2.0 users...

If this isn't showing up in your admin center, you have a couple of options:
Download it from the Upgrades Site (http://custom.simplemachines.org/upgrades) and install it through the package manager

Run the "Fetch Simple Machines Files" scheduled task as follows:
Admin -> Maintenance -> Scheduled Tasks
Check the box in the "Run Now" column next to "Fetch Simple Machines Files"
Click the "Run Now" button
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: MLM on September 18, 2011, 09:57:22 PM
Quote from: Oldiesmann on September 18, 2011, 09:53:23 PM
If it's on 2.0, see my post above...

Thanks :) - Did not notice.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: ApplianceJunk on September 18, 2011, 10:54:18 PM
2.0.1 installed... Thanks,
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Norv on September 18, 2011, 11:09:36 PM
live627, tragidy,

There was a problem with the 2.0.1 patch that I fixed, and updated it just about half an hour ago. It should all work normally now.

I don't know where did the changelog disappear. :) Will look into it.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Account Abandoned on September 18, 2011, 11:13:24 PM
Updating #10 of #11 forums powered by SMF :) Thanks folks for the update!!
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: ForumGuy789 on September 19, 2011, 12:15:20 AM
Thanks for this! But one quick question. This Update info is showing up in the Admin center at just one of my two forums. Any reason it's not showing up in the other forum?

Is there some setting that's not right?
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Norv on September 19, 2011, 12:16:47 AM
ForumGuy,
You may need to run the scheduled task to fetch Simple Machines files. Probably on the other forums, it didn't get to run yet (by default it's set at once per 24 hours if I remember correctly.)
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: ForumGuy789 on September 19, 2011, 12:19:25 AM
Thanks a lot Norv
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Oldiesmann on September 19, 2011, 12:20:41 AM
Quote from: live627 on September 19, 2011, 12:17:50 AM
Did you emulate a different version?

That won't have anything to do with it. In 2.0, the files containing that info (and other info, such as the news and the latest themes/packages), are fetched from our servers once every 24 hours and stored in your forum database. This saves bandwidth for us and eliminates the possibility of your forum admin center taking forever to load if our site is down. I posted info on the previous page about how to get it to show up if it isn't already showing up.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: ForumGuy789 on September 19, 2011, 12:27:10 AM
Norv and Oldiesmann were right. I just needed to run that task.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Vincent Volmer on September 19, 2011, 12:59:56 AM
Thanks for the patch!
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: KVL on September 19, 2011, 02:23:14 AM
 SMF 2.0.1 and 1.1.15: updated is successfully!  :)  Thank you very much! :)
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Tjati on September 19, 2011, 03:37:47 AM
Hi there,

in the Changelog (http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-1_changelog.txt (http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-1_changelog.txt)) is written:
Quote! A sensitive token was sent in the URL, allowing CSRF vulnerability (Subs-Menu.php)
But comparing Subs-Menu.php of version 2.0 and 2.0.1 does not show any differences except the @version-Line.

Was the bug already fixed in 2.0 or have you missed to replace the files correctly?

Thanks for information!

Update: Since 2.0 RC4 is no change (except a comment) done in Sources/Subs-Menu.php
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Alpay on September 19, 2011, 04:14:37 AM
Thanks for upg..
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Fisch.666 on September 19, 2011, 05:18:52 AM
Quote from: Tjati on September 19, 2011, 03:37:47 AM
in the Changelog (http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-1_changelog.txt (http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-1_changelog.txt)) is written:
Quote! A sensitive token was sent in the URL, allowing CSRF vulnerability (Subs-Menu.php)
But comparing Subs-Menu.php of version 2.0 and 2.0.1 does not show any differences except the @version-Line.

Was the bug already fixed in 2.0 or have you missed to replace the files correctly?

Good question, any info for this?
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Roph on September 19, 2011, 07:13:54 AM
Updated a couple installations of mine without a hitch. Great work. Happy that us long-time SMF 2 users don't have to go the manual route any more :)
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: N3RVE on September 19, 2011, 07:58:10 AM
Great work Devs :)

-[n3rve]
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Robert. on September 19, 2011, 10:35:10 AM
Congrats team
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Rohan_ on September 19, 2011, 10:40:59 AM
May I have the changelog of 1.1.15 ?
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Rain Forest on September 19, 2011, 11:03:42 AM
Nicely done. Although the language packages for 2.0.1 are corrupt..
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Kindred on September 19, 2011, 11:26:56 AM
Quote from: Rohan_ on September 19, 2011, 10:40:59 AM
May I have the changelog of 1.1.15 ?

try looking? The 1.1.15 changelog is in the list
http://download.simplemachines.org/index.php?thanks;filename=smf_1-1-15_changelog.txt
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Ventic on September 19, 2011, 11:52:49 AM
cause i dont wanna lose the mods i added manual which package should i use
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Oldiesmann on September 19, 2011, 11:55:57 AM
Quote from: Ventic on September 19, 2011, 11:52:49 AM
cause i dont wanna lose the mods i added manual which package should i use

If you're on 1.1.x, you can upgrade through the admin center by following the instructions in the upgrade notice (click to download the patch, then install it through the admin center).

If you're on 2.0 final, you can also upgrade through the admin center.

If you're on 2.0 RC5 or earlier, you will need to use the full upgrade.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Ventic on September 19, 2011, 11:57:17 AM
Quote from: Oldiesmann on September 19, 2011, 11:55:57 AM
Quote from: Ventic on September 19, 2011, 11:52:49 AM
cause i dont wanna lose the mods i added manual which package should i use

If you're on 1.1.x, you can upgrade through the admin center by following the instructions in the upgrade notice (click to download the patch, then install it through the admin center).

If you're on 2.0 final, you can also upgrade through the admin center.

If you're on 2.0 RC5 or earlier, you will need to use the full upgrade.
i use 2.0 final but i dont need to update via the package,but by uploading the files
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Oldiesmann on September 19, 2011, 12:19:28 PM
Quote from: Ventic on September 19, 2011, 11:57:17 AM
Quote from: Oldiesmann on September 19, 2011, 11:55:57 AM
Quote from: Ventic on September 19, 2011, 11:52:49 AM
cause i dont wanna lose the mods i added manual which package should i use

If you're on 1.1.x, you can upgrade through the admin center by following the instructions in the upgrade notice (click to download the patch, then install it through the admin center).

If you're on 2.0 final, you can also upgrade through the admin center.

If you're on 2.0 RC5 or earlier, you will need to use the full upgrade.
i use 2.0 final but i dont need to update via the package,but by uploading the files

You can upload through the admin center then. If you don't see a notice in your admin center about the patch, do the following:

Admin -> Maintenance -> Scheduled Tasks
Check the second box next to "Fetch Simple Machines Files" (the first one should already be checked)
Click the "Run Now" button

Alternately you can download the patch from the Upgrade Site (http://custom.simplemachines.org/upgrades) and upload it through your package manager.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Ventic on September 19, 2011, 12:22:30 PM
i told you i dont wanna do the upgrade via the package manager but by uploading the files normally
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Crime on September 19, 2011, 12:31:07 PM
Thanks a lot for the upgrade. i had upgraded all my web sites
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: a10 on September 19, 2011, 12:32:49 PM
Thanks, feeling safe is feeling good!

From 1.1.14 it triggered a "corrupt or not compatible", got the idea to uninstall Version Emulation mod, and all went well.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Oldiesmann on September 19, 2011, 12:39:50 PM
Quote from: Ventic on September 19, 2011, 12:22:30 PM
i told you i dont wanna do the upgrade via the package manager but by uploading the files normally

Upgrading through the package manager is the only way you can do it without losing existing mods.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Ventic on September 19, 2011, 12:42:45 PM
Quote from: Oldiesmann on September 19, 2011, 12:39:50 PM
Quote from: Ventic on September 19, 2011, 12:22:30 PM
i told you i dont wanna do the upgrade via the package manager but by uploading the files normally

Upgrading through the package manager is the only way you can do it without losing existing mods.
otherwise i will lose my manual packages?
i am talking about the packages i installed manually not the other that i installed via package manager
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Cal O'Shaw on September 19, 2011, 12:45:16 PM
Quote from: Kindred on September 19, 2011, 11:26:56 AM
Quote from: Rohan_ on September 19, 2011, 10:40:59 AM
May I have the changelog of 1.1.15 ?

try looking? The 1.1.15 changelog is in the list
http://download.simplemachines.org/index.php?thanks;filename=smf_1-1-15_changelog.txt (http://download.simplemachines.org/index.php?thanks;filename=smf_1-1-15_changelog.txt)


Hoping that wasn't sarcasm, as I went to the page as stated in the initial post and it wasn't there.  A link to the 2.0.1 changelog was visible, the 1.1.15 was not.  A few others mentioned it as well, so it wasn't just me "not looking".

Thank you for the specific URL.  I admit to being unfamiliar with all the pages and layout here, as I tend to visit that area only when notified of an update.

Regards,

Cal
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Ventic on September 19, 2011, 12:46:48 PM
well i got an idea,since when i was trying to upgrade via the package i saw that i can see the changes that have been made.so i cant change those 5-6 files manually too?
it will work or not
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Kindred on September 19, 2011, 12:53:43 PM
Ventic,

You can either use the upgrade archive file and lose all your mods or use the package manager update and keep all your mods.  Your choice.

If you want to manually apply the updates, then download the package manager update, extract the XML and read through that for instructions on what files and code to manually update.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: squad on September 19, 2011, 02:44:41 PM

I'm a litle tired at the moment, and will revisit this later today.....

I do have a problem, that may have been covered in this post I may
have missed, but when I try & upgrade from 1.1.14 to 1.1.15 I get the
following.....

'The package you are trying to download or install is either corrupt or not compatible with this version of SMF.'

Please don't yell at me if this has been covered.....I sadly almost single handly
run my forum, without mush assistance from my mods & members....
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Illori on September 19, 2011, 02:46:28 PM
please start a thread in the proper support board, this thread is not for support.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: squad on September 19, 2011, 02:59:28 PM
Sorry :(
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: klra on September 19, 2011, 03:06:30 PM
Installed without issues on 3 forums, 1.1.14   ->   1.1.15

:D
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Account Abandoned on September 19, 2011, 03:30:57 PM
Quote from: Oldiesmann on September 19, 2011, 12:39:50 PM
Quote from: Ventic on September 19, 2011, 12:22:30 PM
i told you i dont wanna do the upgrade via the package manager but by uploading the files normally

Upgrading through the package manager is the only way you can do it without losing existing mods.

Well I wish I would of done this instead lol, what I get for nor asking or looking lol. I have to emulate all 11 of my forums to get the modifications to work correctly, lol. Nice to see there is an easier way...for the next time :D
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Ventic on September 19, 2011, 04:05:25 PM
Quote from: Shawn Gossman on September 19, 2011, 03:30:57 PM
Quote from: Oldiesmann on September 19, 2011, 12:39:50 PM
Quote from: Ventic on September 19, 2011, 12:22:30 PM
i told you i dont wanna do the upgrade via the package manager but by uploading the files normally

Upgrading through the package manager is the only way you can do it without losing existing mods.

Well I wish I would of done this instead lol, what I get for nor asking or looking lol. I have to emulate all 11 of my forums to get the modifications to work correctly, lol. Nice to see there is an easier way...for the next time :D
i know dude :D
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: ormuz on September 19, 2011, 04:51:27 PM
Update to new version 1.1.15 and users start to report strange images appearing in my forum... Anyone else?

http://i55.tinypic.com/65pft0.png
http://postimage.org/image/2ll1mrp7o/

Any ideas?
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Illori on September 19, 2011, 04:52:43 PM
Quote from: Illori on September 19, 2011, 02:46:28 PM
please start a thread in the proper support board, this thread is not for support.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Storman™ on September 19, 2011, 05:51:14 PM
QuoteBut comparing Subs-Menu.php of version 2.0 and 2.0.1 does not show any differences except the @version-Line.

Was the bug already fixed in 2.0 or have you missed to replace the files correctly?

They are identical except for the version line.

Any update on this ?

Basically trying to ensure that Subs-Menu.php is the correct file in 2.0.1 and not one that's been accidently omited from the package ?
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Norv on September 19, 2011, 06:30:32 PM
Quote from: Storman on September 19, 2011, 05:51:14 PM
QuoteBut comparing Subs-Menu.php of version 2.0 and 2.0.1 does not show any differences except the @version-Line.

Was the bug already fixed in 2.0 or have you missed to replace the files correctly?

They are identical except for the version line.

Any update on this ?

Basically trying to ensure that Subs-Menu.php is the correct file in 2.0.1 and not one that's been accidently omited from the package ?

They are the correct files. It shouldn't have had only a version change, but this was due to a mistake made in the process, and since forums were already receiving the versioning (as you can see in the admin panel, detailed versioning link), I didn't change that. Sorry about that.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: cebu on September 19, 2011, 07:04:40 PM
i did a manual edit. everything looks fine.  its great.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: aw06 on September 19, 2011, 08:16:37 PM
I'm using English utf8 .. will i have to update index.english-utf8.php manually ?
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: mashby on September 19, 2011, 08:49:08 PM
Quote from: aw06 on September 19, 2011, 08:16:37 PM
I'm using English utf8 .. will i have to update index.english-utf8.php manually ?
Probably (http://custom.simplemachines.org/upgrades/index.php?action=upgrade;file=smf_patch_1.1.15.tar.gz;smf_version=1.1.14). Shouldn't too intensive though. :) Two edits only (see last two operations)
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: hcfwesker on September 19, 2011, 09:55:34 PM
Thank goodness it's just a patch, not a full upgrade.   Great work SMF team!
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: aw06 on September 20, 2011, 12:34:03 AM
Quote from: mashby on September 19, 2011, 08:49:08 PM
Quote from: aw06 on September 19, 2011, 08:16:37 PM
I'm using English utf8 .. will i have to update index.english-utf8.php manually ?
Probably (http://custom.simplemachines.org/upgrades/index.php?action=upgrade;file=smf_patch_1.1.15.tar.gz;smf_version=1.1.14). Shouldn't too intensive though. :) Two edits only (see last two operations)

Thanks,.. and I think the installer should also install in utf8 files ..
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: InfoStrides on September 20, 2011, 02:28:00 AM
Good job. Thanks.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: impreza on September 20, 2011, 07:54:33 AM
Good work, congratulations
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Buneduggy on September 20, 2011, 05:20:06 PM
Easy upgrade, thanks for all your efforts.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: alexx-1 on September 21, 2011, 05:21:31 AM
install done, thanks
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Burridge on September 21, 2011, 06:38:09 AM
Good work, thank you.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Fisch.666 on September 21, 2011, 06:53:42 AM
Quote from: Norv on September 19, 2011, 06:30:32 PM
They are the correct files. It shouldn't have had only a version change, but this was due to a mistake made in the process, and since forums were already receiving the versioning (as you can see in the admin panel, detailed versioning link), I didn't change that. Sorry about that.

Thanks for this info. Ah, and i see that the changelog was updated too.  :)
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: sharks on September 21, 2011, 08:10:40 AM
I'm very surprised! Seriously, i thought 2.0 Gold was the end of the journey for this site, especially with the upcoming release of forked versions, like Wedge. But i am very happy to see the team is still drudging to keep this project alive. One step at a time. I couldn't agree more.

BTW, for SMF 1.1.15, i noticed that the IE bug previously released as a separate patch right after 1.1.14 was released, has not been included in the 1.1.15 release changelog.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Robert. on September 21, 2011, 08:16:12 AM
Sharks, please check this (http://www.simplemachines.org/community/index.php?board=228.0) and this (http://www.simplemachines.org/community/index.php?topic=453146.0). :)
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Mr. Jinx on September 21, 2011, 10:48:33 AM
Good to see this security update. Installed without any problems.
Thank you!
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: luxsat on September 21, 2011, 10:57:25 AM
Thanks for the update (http://www.luxsat.eu/smileys/zustimm.gif)
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: gisfreak on September 21, 2011, 10:58:08 AM
congrats for DEV team
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Shadow Queen on September 21, 2011, 11:51:51 AM
Good work team.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Apllicmz on September 21, 2011, 12:53:23 PM
Yes
Thank you good work
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Snowy on September 21, 2011, 01:15:00 PM
I did that but my forum still says I'm using 2.0 RC4....?
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Illori on September 21, 2011, 01:17:46 PM
Quote from: Illori on September 19, 2011, 02:46:28 PM
please start a thread in the proper support board, this thread is not for support.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: c23_Mike on September 21, 2011, 01:37:49 PM
Hi there!

Wonderful! Also after golden Release there is progress! Very well done!

Now i should one day upgrade from RC to final ...
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Aaron10 on September 21, 2011, 01:49:15 PM
Where do I find manual edits for 1.1.14 > 1.1.15? I downloaded the upgrade btw.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Illori on September 21, 2011, 01:55:04 PM
http://custom.simplemachines.org/upgrades/index.php?action=upgrade;file=smf_patch_1.1.15.tar.gz;smf_version=1.1.14
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Aaron10 on September 21, 2011, 01:56:46 PM
Thank you.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: maximumrock on September 21, 2011, 02:46:50 PM
i have version SMF 2.0 RC5 .. does this critical security patch apply to my forum?
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Norv on September 21, 2011, 02:57:04 PM
Quote from: maximumrock on September 21, 2011, 02:46:50 PM
i have version SMF 2.0 RC5 .. does this critical security patch apply to my forum?

Yes, it does. I strongly recommend to upgrade to 2.0.1. You will need to make a large upgrade, since from RC5 to 2.0 there is no patch, only from 2.0 to 2.0.1 your forum can be upgraded with the patch. Please note that there are security weaknesses addressed in 2.0 as well, so I really recommend that you upgrade your forum, when possible.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: maximumrock on September 21, 2011, 02:58:59 PM
Quote from: Norv on September 21, 2011, 02:57:04 PM
Quote from: maximumrock on September 21, 2011, 02:46:50 PM
i have version SMF 2.0 RC5 .. does this critical security patch apply to my forum?

Yes, it does. I strongly recommend to upgrade to 2.0.1. You will need to make a large upgrade, since from RC5 to 2.0 there is no patch, only from 2.0 to 2.0.1 your forum can be upgraded with the patch. Please note that there are security weaknesses addressed in 2.0 as well, so I really recommend that you upgrade your forum, when possible.

Thanks! Is there a preferred way of doing this? All i have to do is apply this patch and it is upgrade or do i have to upgrade to new version from download page first.. thx again
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Kindred on September 21, 2011, 03:03:30 PM
There is no patch file for any RC version. If you are running any RC version,,you must use the "large upgrade" pack and replace all of the files.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: maximumrock on September 21, 2011, 03:05:18 PM
Quote from: Kindred on September 21, 2011, 03:03:30 PM
There is no patch file for any RC version. If you are running any RC version,,you must use the "large upgrade" pack and replace all of the files.

ohhhh ok.. thanks...thats what i have --> SMF 2.0 RC5

is there a tutorial on the easiest way to upgrade the forum without messing it up?
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Illori on September 21, 2011, 03:06:36 PM
take a look at Upgrading SMF (http://wiki.simplemachines.org/smf/Upgrading) and if you have further questions please open a separate thread in the proper board.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: maximumrock on September 21, 2011, 03:09:24 PM
Quote from: Illori on September 21, 2011, 03:06:36 PM
take a look at Upgrading SMF (http://wiki.simplemachines.org/smf/Upgrading) and if you have further questions please open a separate thread in the proper board.

will do! thanks! but upgrading for my version is recommended even though the patch isnt for mine?
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Illori on September 21, 2011, 03:12:58 PM
yes you need to upgrade to latest version so you will have the security issues since your version was released patched. once you upgrade to 2.0.1 you do NOT need to install the patch.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Jntg4 on September 21, 2011, 03:33:29 PM
Was the 1.0 branch updated or not this time?  I'm assuming there is no update to apply to it, right?
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Illori on September 21, 2011, 03:36:44 PM
if a version is affected by the security issue a patch will be issued otherwise they are not affected by the issue.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: newtoallthis on September 21, 2011, 03:50:32 PM
Added to main and test forums via Package Manager apparently without a hitch.

Thanks to the SMF developers for their hard work.  8)
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: floridaflatlander on September 21, 2011, 04:44:59 PM
Thanks
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: JeffG1 on September 21, 2011, 05:02:24 PM
Thanks. My forum was upgraded instantaneously (so it seemed) to 2.0.1 with a couple of clicks. I notice you haven't upgraded your own forum yet.  ;D
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: MarkRH on September 21, 2011, 05:06:22 PM
Saw the notice in the 2.0 Admin Center. Backed up database and files, clicked the update link, all is well.

Thanks :)
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: mextremex on September 21, 2011, 06:52:34 PM
thanks for hte updates SMF  best script ever _)
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: ntr2ntr on September 21, 2011, 07:02:34 PM
Thanks a lot SMF, you have been so great u guys rockkk
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Biology Forums on September 21, 2011, 07:54:14 PM
Sorry, what exactly does it change?
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Illori on September 21, 2011, 09:30:21 PM
some security issues are fixed which is stated in the first post of this thread.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Stormfront on September 21, 2011, 09:41:29 PM
Thank you.  :)
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Account Abandoned on September 21, 2011, 09:46:04 PM
LOL I just got the email for this today :P
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: knagl on September 21, 2011, 10:07:05 PM
Thank you for releasing a 1.1.x patch as well.  :)
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Hj Ahmad Rasyid Hj Ismail on September 21, 2011, 10:10:18 PM
If it is just a patch, can we have the patch in form of a mod. It is no point upgrading the version number since it will affect others such as the mod installation as well as removal. I believe we have done this before where back in RC4. Just a point to ponder.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: 青山 素子 on September 21, 2011, 11:16:55 PM
Quote from: ahrasis on September 21, 2011, 10:10:18 PM
If it is just a patch, can we have the patch in form of a mod. It is no point upgrading the version number since it will affect others such as the mod installation as well as removal. I believe we have done this before where back in RC4. Just a point to ponder.

That's already the case for 2.0 to 2.0.1 and 1.1.14 to 1.1.15. There has never been an actual package manager upgrade for pre-release (beta and rc versions). The only package manager items for pre-releases were for critical security issues where a version bump would not be called for.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Hj Ahmad Rasyid Hj Ismail on September 22, 2011, 01:52:35 AM
I don't quite understand. Can you explain why we need to download the whole package again, when the security patches could be just a small mod to patch current 2.0 package without changing its version to 2.0.1?
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Illori on September 22, 2011, 05:52:03 AM
the patch contains the same updated code as the normal upgrade packages, it just depends on any issues you face in the upgrade which will work for you at this point, you do NOT need to use the large upgrade package if you are running 2.0 or 1.1.14.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Gary on September 22, 2011, 07:07:49 AM
Quote from: Illori on September 22, 2011, 05:52:03 AM
you do NOT need to use the large upgrade package if you are running 2.0 or 1.1.14.
Unless of course you're gonna go from 1.1.14 to 2.0.1 :P
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Aleksi "Lex" Kilpinen on September 22, 2011, 07:38:37 AM
Quote from: ahrasis on September 22, 2011, 01:52:35 AM
I don't quite understand. Can you explain why we need to download the whole package again, when the security patches could be just a small mod to patch current 2.0 package without changing its version to 2.0.1?
Like always with 1.1 and 1.0 - you can now update 2.0 through the admin panel, following the link in the notification.

Or, you can grab a package manager update from here http://custom.simplemachines.org/upgrades/
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: espy on September 22, 2011, 12:08:59 PM
Thanks for the released patches.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: rocknroller on September 22, 2011, 02:23:34 PM
thanks for update  :)
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: bayette on September 22, 2011, 03:07:14 PM
Une simplicité enfantine la mise à jour : bravo !! :)
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Akule on September 22, 2011, 05:53:47 PM
Quote from: Kindred on September 19, 2011, 11:26:56 AM
Quote from: Rohan_ on September 19, 2011, 10:40:59 AM
May I have the changelog of 1.1.15 ?

try looking? The 1.1.15 changelog is in the list
http://download.simplemachines.org/index.php?thanks;filename=smf_1-1-15_changelog.txt

Wow. You're abrasive to new users. Customer service refresher seems to be needed for the marketing guy? Oh, and It's not.

(http://img26.imageshack.us/img26/8153/smfdownloads13167271363.th.png)
img26.imageshack.us/img26/8153/smfdownloads13167271363.png/
(I would have it automatically link to an image proving such, but...add http:// )

Basically, from the link provided in the beginning of the thread to download.simplemachines.org/, the only changelog that is listed for us, mere end users, is SMF 2.0.1. For that matter, the only download listed on that page is 2.0.1. There isn't a link at all at the beginning of this thread to SMF 1.1.15's update.

Now, if I go to Package Manager Updates -> SMF 1.1.14 to SMF 1.1.15, then I can see what the file edits are, but not the changelog. For the changelog, I have to go to Archived Releases, where I can see every update since the beginning, which is not new user friendly.

For new users, I would recommend: download.simplemachines.org/?archive;version=64 (add http:// ), where you can see everything for SMF 1.1.15.

Is there a way we can get a link for the SMF 1.1.15 files on the first post in this thread? I imagine you'll get tired of constantly telling some people where to go when they skip to the end of the thread to post their request for the files and the changelog.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: lelynx on September 23, 2011, 12:12:59 AM
after upgraded to 1.1.15, i'm getting this message at the bottom of my page

Sorry, the copyright must be in the template.
Please notify this forum's administrator that this site is missing the copyright message for SMF so they can rectify the situation. Display of copyright is a legal requirement. For more information on this please visit the Simple Machines website.

any idea how/where to add in the copyright?
thanks
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Ricky. on September 23, 2011, 12:27:07 AM
Somehow your template got messed,

Add theme_copyright() somewhere in your index.template.php  and you should be fine.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: lelynx on September 23, 2011, 02:14:06 AM
The theme_copyright() is there at my code before the upgrade.
Extracted from my index.template.php.
Any idea what's wrong here? Syntax error?

// Show the "Powered by" and "Valid" logos, as well as the copyright. Remember, the copyright must be somewhere!
   echo '<div style="white-space: nowrap; padding: 10px; text-align: center;" class="smalltext">
                                        ', theme_copyright(), ' <br />
               <a href="http://validator.w3.org/check/referer" target="_blank">XHTML</a> |
               <a href="http://jigsaw.w3.org/css-validator/check/referer" target="_blank">CSS</a> |
               <b>', $context['mycolor']=='_terra' ? 'Terra97' : 'Aero79' ,'</b> design by <a href="http://www.tinyportal.net" target="_blank">Bloc</a>';

Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Aleksi "Lex" Kilpinen on September 23, 2011, 02:17:23 AM
If you are using an alternative language, make sure to test with english - and see if the error goes away.
If it does, then the problem is with your language pack.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: lelynx on September 23, 2011, 02:40:45 AM
i'm using normal english as the language pack
anymore idea?
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Illori on September 23, 2011, 05:40:28 AM
Quote from: Illori on September 19, 2011, 02:46:28 PM
please start a thread in the proper support board, this thread is not for support.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: MotRude on September 23, 2011, 02:55:28 PM
Is this an easy install to the 2.0? I Do not wan't to have to install all my mods over again.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Ventic on September 23, 2011, 03:01:05 PM
Quote from: motleyrude on September 23, 2011, 02:55:28 PM
Is this an easy install to the 2.0? I Do not wan't to have to install all my mods over again.
Quote from: Ventic on September 19, 2011, 12:46:48 PM
well i got an idea,since when i was trying to upgrade via the package i saw that i can see the changes that have been made.so i cant change those 5-6 files manually too?
it will work or not
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Kindred on September 23, 2011, 03:10:02 PM
Quote from: Kindred on September 19, 2011, 12:53:43 PM
Ventic,

You can either use the upgrade archive file and lose all your mods or use the package manager update and keep all your mods.  Your choice.

If you want to manually apply the updates, then download the package manager update, extract the XML and read through that for instructions on what files and code to manually update.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: jpiek on September 23, 2011, 06:41:15 PM
Installed on testforum and liveforum without any problem.
Thanks guys !!!
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Seo-luntan on September 24, 2011, 03:36:19 AM
 :) OK
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Masterd on September 24, 2011, 06:20:13 AM
Great work, team! Congratulations! :D
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Biology Forums on September 24, 2011, 01:06:49 PM
After installing this patch, it ruined my theme! Can someone tell me how to unparse it so that I can correct this problem?!

It's the 1.x version :-\
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Oldiesmann on September 24, 2011, 01:18:02 PM
Quote from: shuban on September 24, 2011, 01:06:49 PM
After installing this patch, it ruined my theme! Can someone tell me how to unparse it so that I can correct this problem?!

It's the 1.x version :-\

Please start a topic in the appropriate support board.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Biology Forums on September 24, 2011, 02:02:37 PM
Quote from: Oldiesmann on September 24, 2011, 01:18:02 PM
Quote from: shuban on September 24, 2011, 01:06:49 PM
After installing this patch, it ruined my theme! Can someone tell me how to unparse it so that I can correct this problem?!

It's the 1.x version :-\

Please start a topic in the appropriate support board.

I just uninstalled the 1.1.15 and my website is fine now. Thanks anyway.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Oldiesmann on September 24, 2011, 02:03:52 PM
Quote from: shuban on September 24, 2011, 02:02:37 PM
Quote from: Oldiesmann on September 24, 2011, 01:18:02 PM
Quote from: shuban on September 24, 2011, 01:06:49 PM
After installing this patch, it ruined my theme! Can someone tell me how to unparse it so that I can correct this problem?!

It's the 1.x version :-\

Please start a topic in the appropriate support board.

I just uninstalled the 1.1.15 and my website is fine now. Thanks anyway.

You are putting yourself and your forum at risk by not updating. Please note that we cannot help you if your forum gets hacked due to not installing the latest security patch.

I am not sure how the update can "screw up" your theme, as the only theme-related file it touches is Themes/default/index.english.php.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Biology Forums on September 24, 2011, 02:05:07 PM
Quote from: Oldiesmann on September 24, 2011, 02:03:52 PM
Quote from: shuban on September 24, 2011, 02:02:37 PM
Quote from: Oldiesmann on September 24, 2011, 01:18:02 PM
Quote from: shuban on September 24, 2011, 01:06:49 PM
After installing this patch, it ruined my theme! Can someone tell me how to unparse it so that I can correct this problem?!

It's the 1.x version :-\

Please start a topic in the appropriate support board.

I just uninstalled the 1.1.15 and my website is fine now. Thanks anyway.

You are putting yourself and your forum at risk by not updating. Please note that we cannot help you if your forum gets hacked due to not installing the latest security patch.

I am not sure how the update can "screw up" your theme, as the only theme-related file it touches is Themes/default/index.english.php.

I guess announcing it on here doesn't help either eh? Well, do you know the parsing code for this update?
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Oldiesmann on September 24, 2011, 02:06:23 PM
Quote from: shuban on September 24, 2011, 02:05:07 PM
Quote from: Oldiesmann on September 24, 2011, 02:03:52 PM
Quote from: shuban on September 24, 2011, 02:02:37 PM
Quote from: Oldiesmann on September 24, 2011, 01:18:02 PM
Quote from: shuban on September 24, 2011, 01:06:49 PM
After installing this patch, it ruined my theme! Can someone tell me how to unparse it so that I can correct this problem?!

It's the 1.x version :-\

Please start a topic in the appropriate support board.

I just uninstalled the 1.1.15 and my website is fine now. Thanks anyway.

You are putting yourself and your forum at risk by not updating. Please note that we cannot help you if your forum gets hacked due to not installing the latest security patch.

I am not sure how the update can "screw up" your theme, as the only theme-related file it touches is Themes/default/index.english.php.

I guess announcing it on here doesn't help either eh? Well, do you know the parsing code for this update?

http://custom.simplemachines.org/upgrades/index.php?action=upgrade;file=smf_patch_1.1.15.tar.gz;smf_version=1.1.14
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Biology Forums on September 24, 2011, 02:07:03 PM
Oldiesmann, I just visited your Archie website and it has version SMF 2.0 RC5 lol (you should be doing some updating too haha)
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Oldiesmann on September 24, 2011, 02:17:03 PM
Quote from: shuban on September 24, 2011, 02:07:03 PM
Oldiesmann, I just visited your Archie website and it has version SMF 2.0 RC5 lol (you should be doing some updating too haha)

I will likely be upgrading it soon. I just haven't had time yet (it's not an easy upgrade because I have a lot of mods installed).
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Pattaya_web on September 25, 2011, 06:24:24 AM
Thanks very much. One click upgrade of SMF 2.0 worked perfectly.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: moguns on September 25, 2011, 12:15:53 PM
With all do respect. Seriously? First the copyright has 3 sections now an update to Gold.. on security in that matter..


Thank you but.. one word

WOW!
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Gary on September 25, 2011, 12:18:02 PM
Did you really expect it to be bug free?
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Kindred on September 25, 2011, 01:35:15 PM
I fail to understand the issue....  Would you prefer us to leave security holes just because we recently released 2.0?
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: 青山 素子 on September 25, 2011, 03:20:02 PM
Heck, I'm surprised it took this long for there to be a point release. Especially when updates to release branches are a simple package manager patch, there should be somewhat-regular point releases fixing minor bugs and potential security holes.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Account Abandoned on September 26, 2011, 11:17:33 AM
Quote from: moguns on September 25, 2011, 12:15:53 PM
With all do respect. Seriously? First the copyright has 3 sections now an update to Gold.. on security in that matter..


Thank you but.. one word

WOW!

What forum software doesn't have updates from time to time?

One acronym...

LOL
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: moguns on September 26, 2011, 12:02:49 PM
QuoteWhat forum software doesn't have updates from time to time?

One acronym...

LOL

QuoteMr Redneck
... No question there
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Account Abandoned on September 26, 2011, 09:14:09 PM
LOL easy. You live in MO and you like guns, haha. I been to MO, yalls is a bunch of hillbillies there :D Not to offend though :P Hill Billies are awesome!
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: wyckliffe on September 29, 2011, 07:05:37 AM
Hello All,

Please help.

Im using smf on my host resellerspanel.com

1st, it seems they have the old version and whenever i try upgrading it gives me an error that the package is corrupted.

2nd, there is a lot of porn posts at the clients site now.

How do i prevent this?

I have deleted most of these posts/users but i know they will register and post again.

Actually the forum is free to guest.

Is there a way that anyone can view but have to register and activate before posting? How do i set that up?

Thanks.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Illori on September 29, 2011, 07:07:18 AM
Quote from: Illori on September 19, 2011, 02:46:28 PM
please start a thread in the proper support board, this thread is not for support.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Gary on September 29, 2011, 09:49:47 AM
Quote from: wyckliffe on September 29, 2011, 07:05:37 AM
Im using smf on my host resellerspanel.com

The forum I found on there: http://forum.resellerspanel.com is running vBulletin. We can't help you there. But I'll assume you're one of their customers.

In which case, create a separate topic, linking to your own site, listing which version of SMF you're going to and from. If you're going from 1.1 to 2.0 you need to use the LARGE upgrade package which can not be run in the package manager.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Weatherservice on October 05, 2011, 10:32:26 AM
Thanks for the update!

Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: cicero costa on October 07, 2011, 05:55:38 PM
Great work, team! Congratulations!
Thank You !!!
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Clara Listensprechen on October 10, 2011, 11:20:14 AM
Quote from: Oldiesmann on September 18, 2011, 07:11:24 PM
Note to SMF 2.0 users...

If this isn't showing up in your admin center, you have a couple of options:
Download it from the Upgrades Site (http://custom.simplemachines.org/upgrades) and install it through the package manager...
...and get beyond the error message that the file is corrupt or empty how, exactly? (the usual method has been to unpack the zip on own computer and then copy over the old files, so if there's a different method I'd like to hear it)
Quote
Run the "Fetch Simple Machines Files" scheduled task as follows:
Admin -> Maintenance -> Scheduled Tasks
Check the box in the "Run Now" column next to "Fetch Simple Machines Files"
Click the "Run Now" button
I did that and it didn't. Hmmmm.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Illori on October 10, 2011, 11:21:21 AM
Quote from: Illori on September 19, 2011, 02:46:28 PM
please start a thread in the proper support board, this thread is not for support.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Clara Listensprechen on October 10, 2011, 11:29:42 AM
Quote from: Oldiesmann on September 19, 2011, 12:39:50 PM
Quote from: Ventic on September 19, 2011, 12:22:30 PM
i told you i dont wanna do the upgrade via the package manager but by uploading the files normally

Upgrading through the package manager is the only way you can do it without losing existing mods.
Well, then, I'm up the creek without a paddle because my Package Manager claims that the package is either empty or corrupt. Help?
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Illori on October 10, 2011, 11:30:47 AM
Quote from: Illori on October 10, 2011, 11:21:21 AM
Quote from: Illori on September 19, 2011, 02:46:28 PM
please start a thread in the proper support board, this thread is not for support.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Clara Listensprechen on October 10, 2011, 11:36:21 AM
Directions given in this thread are faulty and that needs to be pointed out to whomever else may be misled by them. Correcting the faulty information in this thread is in order.  Thank you.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Illori on October 10, 2011, 11:38:45 AM
it is not faulty it works just fine, and has been tested by many users that have upgraded their forums with no problems.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Aleksi "Lex" Kilpinen on October 10, 2011, 12:25:11 PM
Quote from: Clara Listensprechen on October 10, 2011, 11:29:42 AM
Quote from: Oldiesmann on September 19, 2011, 12:39:50 PM
Quote from: Ventic on September 19, 2011, 12:22:30 PM
i told you i dont wanna do the upgrade via the package manager but by uploading the files normally

Upgrading through the package manager is the only way you can do it without losing existing mods.
Well, then, I'm up the creek without a paddle because my Package Manager claims that the package is either empty or corrupt. Help?

Package manager update for 2.0 -> 2.0.1 http://custom.simplemachines.org/mods/downloads/smf_patch_2.0.1.tar.gz
Package manager update for 1.1.14 -> 1.1.15 http://custom.simplemachines.org/mods/downloads/smf_patch_1.1.15.tar.gz

Manual update instructions and the Package manager update patches are found at http://custom.simplemachines.org/upgrades/
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: kat on October 10, 2011, 12:29:16 PM
Ahem...

Clara, I had the same problem that you had.

I know not why, nor do I know how to fix it.

BUT (And I think this should go in the documentation, too. I'm about to attempt to do that.), there's an easy way around it, you'll be pleased to know.

Get the upgrade archive/package and upload it, STILL ARCHIVED, into your Packages directory, using your FTP client.

Then, go to Package manager, to apply it.

Naturally, before you attempt this, you really ought to read my sig. ;)

EDIT: It's now on the wiki.

http://wiki.simplemachines.org/smf/Patching

In the section marked "Obtaining the patch". :)
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Clara Listensprechen on October 10, 2011, 03:43:50 PM
Quote from: K@ on October 10, 2011, 12:29:16 PM
Ahem...

Clara, I had the same problem that you had.

I know not why, nor do I know how to fix it.

BUT (And I think this should go in the documentation, too. I'm about to attempt to do that.), there's an easy way around it, you'll be pleased to know.

Get the upgrade archive/package and upload it, STILL ARCHIVED, into your Packages directory, using your FTP client.

Then, go to Package manager, to apply it.

Naturally, before you attempt this, you really ought to read my sig. ;)

EDIT: It's now on the wiki.

http://wiki.simplemachines.org/smf/Patching

In the section marked "Obtaining the patch". :)
Thanks k@. Other responses to this difficulty amount to "I pity da foo who don't know which section of this large board to go to to find stuff when time is of the essence".  Just navigation of this board alone is a time consuming research project, let alone figuring that Wiki is yet another place to spend quality research wheelspinning time on.  Many thanks.

=========================

By golly, what I needed to know  is in this one single line:

QuoteIn some cases, the upload to Packages may be corrupted, when you attempt this. In this case, you can upload the file (Still archived) to your Packages directory, using your FTP client. Then, go to Package Manager, to apply it.
Now how hard is it to just post THAT. Gee. And now anybody else coming to this thread FIRST (like I did) for that piece of information won't have to spend all friggin day looking through all the boards just to get rerouted to Wiki to spend the rest of the day over there. K@, lotsa smooches, you're a lifesaver!!

This deal with upgrading via the Package Manager has always been an issue, and it's always been the case in the past that manually unpacking an upgrade and then overwriting files (modifications be damned) the way it was done. Nobody should be surprised when the Package Manager does what it's been doing as usual...least of all support people.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: IchBin™ on October 10, 2011, 04:10:52 PM
Clara,

Part of the problem is that the suggestion that fixed it for you is one of 20 suggestions that could have been said. And even then, I've seen many hosts still not work after such suggestions. Depending on server configuration many things could be the problem for this. I'm glad you found what worked for you, and it's always useful when someone types what fixed it for them so thank you.

-IchBin
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: kat on October 10, 2011, 04:41:29 PM
Quote from: Clara Listensprechen on October 10, 2011, 03:43:50 PM
By golly, what I needed to know  is in this one single line:

QuoteIn some cases, the upload to Packages may be corrupted, when you attempt this. In this case, you can upload the file (Still archived) to your Packages directory, using your FTP client. Then, go to Package Manager, to apply it.

That's part of what I just added, there. :)
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Ashley S on October 12, 2011, 01:00:06 PM
Great release guys.
Keep it up.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Jim_Di on October 14, 2011, 06:04:20 AM
in Display.php line 1380 and 1381

if ($context['browser']['is_firefox'])
header('Content-Disposition: ' . $disposition . '; filename*="UTF-8\'\'' . preg_replace('~&#(\d{3,8});~e', '$fixchar(\'$1\')', $utf8name) . '"');



strange «*» at the left side of «=» is a reason for FF 8 glitches - when u try download attachment name of file index.php insted of normal attach name.

we're change line 1381 to

header('Content-Disposition: ' . $disposition . '; filename="' . preg_replace('~&#(\d{3,8});~e', '$fixchar(\'$1\')', $utf8name) . '"');

and it's work normally
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Angelina Belle on October 18, 2011, 04:25:16 PM
Hello Jim_Di,

Thanks for the bug report.
I think this is the issue tracked as http://dev.simplemachines.org/mantis/view.php?id=4825

If you find any more bugs, please post them to the bug reports board (http://www.simplemachines.org/community/index.php?board=137.0)
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Illori on October 22, 2011, 06:14:51 AM
Quote from: Illori on September 19, 2011, 02:46:28 PM
please start a thread in the proper support board, this thread is not for support.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Alex' Manson on November 05, 2011, 11:31:40 AM
Thank you for the patch.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: eroncone on November 09, 2011, 05:13:34 PM
Hi there,

...and thanx for making my first experience of Forum creation so easy.

If I am running 2.0.1, am I already patched relative to your Security Patch announce Sept. 18, 2011?

I would think yes, but prefer to ask rather than find myself wishing that I had...

Thanx in advance.

Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Kindred on November 09, 2011, 05:17:14 PM
yes
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Angelina Belle on November 10, 2011, 10:50:03 AM
And, eroncame, on behalf of the SMF project team, you are welcome.
Our devs have tried to find that balance between simple and powerful. So it means a lot to hear that this has worked out well for you.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: admirable on November 10, 2011, 01:37:54 PM
Waaaaoooo....
Great work....
Keep it up dearz.................................................... GOOD JOB..

Where can i get it.?
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: IchBin™ on November 10, 2011, 03:02:00 PM
Quote from: admirable on November 10, 2011, 01:37:54 PM
Waaaaoooo....
Great work....
Keep it up dearz.................................................... GOOD JOB..

Where can i get it.?

Umm... maybe the downloads page linked at the top menu where it says "Download".  :)
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Birdhouse919 on November 10, 2011, 10:28:39 PM
Thanks staff :p
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: webgold on November 11, 2011, 05:44:47 AM
Hi Guys

I am using smf 2.0, but I am having problems trying to upgrade.

I am getting this error:

QuoteAlthough the package was downloaded to the server it appears to be empty. Please check the Packages directory, and the "temp" sub-directory are both writable. If you continue to experience this problem you should try extracting the package on your PC and uploading the extracted files into a subdirectory in your Packages directory and try again. For example, if the package was called shout.tar.gz you should:
1) Download the package to your local PC and extract it into files.
2) Using an FTP client create a new directory in your "Packages" folder, in this example you may call it "shout".
3) Upload all the files from the extracted package to this directory.
4) Go back to the package manager browse page and the package will be automatically found by SMF.

Any ideas?
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Illori on November 11, 2011, 05:46:26 AM
Quote from: Illori on September 19, 2011, 02:46:28 PM
please start a thread in the proper support board, this thread is not for support.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Angelina Belle on November 11, 2011, 09:39:08 AM
webgold, if I could, I'd move your question to the proper support board.  I'm sorry I cannot help in this way.
Your problem is a common one, and you will get plenty of help over there.

I don't want to "clog up" this topic with the discussion of your issue. I apologize.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: Biology Forums on November 12, 2011, 08:05:57 PM
Quote from: webgold on November 11, 2011, 05:44:47 AM
Hi Guys

I am using smf 2.0, but I am having problems trying to upgrade.

I am getting this error:

QuoteAlthough the package was downloaded to the server it appears to be empty. Please check the Packages directory, and the "temp" sub-directory are both writable. If you continue to experience this problem you should try extracting the package on your PC and uploading the extracted files into a subdirectory in your Packages directory and try again. For example, if the package was called shout.tar.gz you should:
1) Download the package to your local PC and extract it into files.
2) Using an FTP client create a new directory in your "Packages" folder, in this example you may call it "shout".
3) Upload all the files from the extracted package to this directory.
4) Go back to the package manager browse page and the package will be automatically found by SMF.

Any ideas?

What mods have you installed since the upgrade?
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: lalomii on November 16, 2011, 04:42:09 PM
thank you... ;D ;D ;D
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: MrCole on November 21, 2011, 12:11:03 AM
Nice.
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: wilowterra on December 07, 2011, 02:30:54 AM
 ;D ;D ;D ;D ;D
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: CookieParker1 on December 31, 2011, 03:58:16 PM
Quote from: KVL on September 19, 2011, 02:23:14 AM
SMF 2.0.1 and 1.1.15: updated is successfully!  :)  Thank you very much! :)

Where did you find the 1.1.15 security upgrade?
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: CookieParker1 on December 31, 2011, 04:00:30 PM
Quote from: Looking on September 18, 2011, 06:36:02 PM
Thanks for the update but the 1.1.15 changelog (http://download.simplemachines.org/index.php?thanks;filename=smf_1-1-15_changelog.txt) is missing?

I can't find the 1.1.15 security upgrade either... :-\
Title: Re: SMF 2.0.1 and 1.1.15 critical security patches released
Post by: kat on December 31, 2011, 04:02:46 PM
Look at this post:

http://www.simplemachines.org/community/index.php?topic=463108.msg3234016#msg3234016