Simple Machines Community Forum

Hello all,

Simple Machines Forum project has released SMF 1.1.16 and SMF 2.0.2 security patches for the SMF community.
Critical security issues have been identified and fixed with this patch, therefore it is highly recommended to make sure you update your forums immediately.
A few bug fixes for SMF 2.0.x are also available with the patch.

If you use 2.0.1, you can update your forum to 2.0.2. using package manager. You should see the notification in Admin panel, allowing you to download and install seamlessly. If you don't have a notification about the update, please run the scheduled task "Fetch Simple Machines files".
You can also download the patch for 2.0.1 from the customize site: smf_2.0.2 patch (http://custom.simplemachines.org/mods/downloads/smf_patch_2.0.2.tar.gz), and install it through package manager.

If you use 1.1.15, you can update to 1.1.16 with the smf_1.0.22_1.1.16 patch (http://custom.simplemachines.org/mods/downloads/smf_patch_1.0.22_1.1.16.tar.gz), also using package manager.

If you use older versions of SMF, you can upgrade with the full upgrade packages from the downloads page.

Please find the changelog for the latest release as usual, on the downloads page as well:
http://download.simplemachines.org/

Please do not use this topic for support requests. You will get a much quicker and better response by posting in the relevant support board!

Regards,

Simple Machines Forum project

Thanks!! :D

thanks,

Yes
good work
thank you

Thanks for update.

We need SMF 2.0.2 in the modsite.

Can this be updated through Package Manager?

Thanks

Congrats! :D

Thanks for the content-disposition fix for firefox :)

Could you put 2.0.2 on the mod site?

Quote from: live627 on December 23, 2011, 01:52:52 AM
Could you put 2.0.2 on the mod site?

Yap, its available on download page but not on MOD site so can't update using package manager as of yet !

Hey guys!

Trying to update from 1.1.15 and getting the following message:
The package you are trying to download or install is either corrupt or not compatible with this version of SMF.

Any ideas? :)

I see this on download page

502 Bad Gateway

nginx

Tried to update from 1.1.15 from package manager and get this:

QuoteThe package you are trying to download or install is either corrupt or not compatible with this version of SMF.

Y'all might want to fix that ;)

Cheers!

Thanks!

Update went fine!

Cheers..  ;D

Took a few tries because the servers here were extremely taxed but all is well now. Thanks.

Servers must be still taxed. Unable to download or even connect at times.

Will we be able to do manual update from 2.0.1 to 2.0.2 versions, as i can't see instructions for it here:
http://custom.simplemachines.org/upgrades/

Quote from: AMWebby on December 23, 2011, 05:58:18 AM
Servers must be still taxed. Unable to download or even connect at times.

+1, i wrote this reply few times before it's published.  :-X

Quote from: MarkoKg on December 23, 2011, 05:59:12 AM
Will we be able to do manual update from 2.0.1 to 2.0.2 versions, as i can't see instructions for it here:
http://custom.simplemachines.org/upgrades/

Quote from: AMWebby on December 23, 2011, 05:58:18 AM
Servers must be still taxed. Unable to download or even connect at times.

+1, i wrote this reply few times before it's published.  :-X

Use this in package manager...
http://custom.simplemachines.org/mods/downloads/smf_patch_2.0.2.tar.gz

I would like to manually manage the update, as this is just small update when i update 2.0.1 to 2.0.2 i guess? I have planty of mods installed and many code changes so i want to be sure that everything will be okay, and i want to manually install this patch, if it's possible?

in 1.1.15 I have this one:

An Error Has Occurred!

The package you are trying to download or install is either corrupt or not compatible with this version of SMF.

what's the matter?

cheers

just open the package and read it until it appears on the patch page.

also dont use this thread for support please open a separate thread in the correct support board for support

Thanks, it was very easy to update.

Nevermind, i downloaded update file (after 10 minutes of refreshing page), and used external package parser to see changes.

The file I get, for 1.1.5, is only 2kb in size and package manager refuses to load it as it is corrupt.

Thanks as new versions

the file is only 2KB that is correct

for those that want a parse of the 2.0.1 -> 2.0.2 package http://custom.simplemachines.org/upgrades/index.php?action=upgrade;file=smf_patch_2.0.2.tar.gz;smf_version=2.0.1

Any chance that the Package Manager page can put the 1.1.16 download in the right place, as it may confuse some, being where it is...?

what "package manager page" ? and where is it putting it that it should not be?

http://custom.simplemachines.org/upgrades/

It's at the bottom, out of sequence.

Quote from: AMWebby on December 23, 2011, 06:18:31 AM
The file I get, for 1.1.5, is only 2kb in size and package manager refuses to load it as it is corrupt.

I had the same problem, even uploading the file manually. Try dearchiving it and rearchiving at as a zip.

Worked for me! :)

thx but it doesn't work

Pardon me...I got it to work. 

thx
Kim

Quote from: Illori on December 23, 2011, 06:13:00 AM
also dont use this thread for support please open a separate thread in the correct support board for support

Quote from: K@ on December 23, 2011, 06:54:43 AM
http://custom.simplemachines.org/upgrades/

It's at the bottom, out of sequence.

Quote from: AMWebby on December 23, 2011, 06:18:31 AM
The file I get, for 1.1.5, is only 2kb in size and package manager refuses to load it as it is corrupt.

I had the same problem, even uploading the file manually. Try dearchiving it and rearchiving at as a zip.

Worked for me! :)

Just discovered this method myself. Obviously the package manager doesn't like .gz files.

no the package manager has no issues with .gz files as not everyone has this issue.

There sure is something weird, though.

My forum fails on every install with tar/gz.

No idea why.

I've always had to rearchive them.

It's hardly difficult, though. So, I don't worry about it. :)

Thank you very much no problem with my updates

Thanks...update went without a hitch...except for one issue.  Will post in the appropriate support forum.

Quote from: K@ on December 23, 2011, 08:56:26 AM
My forum fails on every install with tar/gz.

sounds like your server does not have the proper packages for tar/gz archives installed

Quote from: Geek on December 23, 2011, 04:23:14 AM
Tried to update from 1.1.15 from package manager and get this:

QuoteThe package you are trying to download or install is either corrupt or not compatible with this version of SMF.

Y'all might want to fix that ;)

Cheers!

Same here

Quote from: spiros on December 23, 2011, 10:06:50 AM

Quote from: Geek on December 23, 2011, 04:23:14 AM
Tried to update from 1.1.15 from package manager and get this:

QuoteThe package you are trying to download or install is either corrupt or not compatible with this version of SMF.

Y'all might want to fix that ;)

Cheers!

Same here

Me too

Updated to 2.0.2 without out any problems, thanks

The download problems SHOULD be solved now.
My apologies for any inconvenience. Enjoy! :)

Quote from: CoreISP on December 23, 2011, 10:40:52 AM
The download problems SHOULD be solved now.
My apologies for any inconvenience. Enjoy! :)

On SMF 1.1.15

The package you are trying to download or install is either corrupt or not compatible with this version of SMF.

Is there a server-side cache that should be flushed on my end now?

If there's anybody who still has a problem with upgrading to 1.1.16

QuoteAn Error Has Occurred!
The package you are trying to download or install is either corrupt or not compatible with this version of SMF.

Please see this thread:

www.simplemachines.org/community/index.php?topic=463108.0 (Error when trying to upgrade 1.1.15 to 1.1.16)

This is from the package manger, right?
Not from the manual update package that you can find here?

-edit-
Nevermind, reading the thread now.

No . i can not install even manually .

In  reviewing the changes for SMF 1.1.16, and I find myself wondering what this change is supposed to do:


if (isset($GLOBALS[$variable]))
unset($GLOBALS[$variable], $GLOBALS[$variable]);


The changelog for 2.0.2 says this:

Quote
Make sure db_character_set doesn't end up set when it shouldn't be. (index.php)

I do not understand how the double unset will do much of anything. Perhaps this is just a quirk of PHP and unset of $GLOBALS that this code is intended to work around...

Update: Never mind...I found the exploit and the need for this with older PHP installs.

Updated to 2.0.2 without out any problems.
Good work,
Thanks.

updated my 2.0.1 forum to 2.0.2 without any problem.

for my 1.1.15 forum, since its giving error when trying to install through package manager, i did a manual update and everything went through as well.

great thnx

Update for SMF 2.0.1 contains fix for problems with downloading attachments by FF?

and this is fixed in this patch?

Quote from: Tjati on September 19, 2011, 03:37:47 AM
Hi there,

in the Changelog (http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-1_changelog.txt (http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-1_changelog.txt)) is written:

Quote! A sensitive token was sent in the URL, allowing CSRF vulnerability (Subs-Menu.php)

But comparing Subs-Menu.php of version 2.0 and 2.0.1 does not show any differences except the @version-Line.

Was the bug already fixed in 2.0 or have you missed to replace the files correctly?

Thanks for information!

Update: Since 2.0 RC4 is no change (except a comment) done in Sources/Subs-Menu.php

Thanks for update.

Thnx. Upgrade went fine!

Update went smooth and without any problems, but in Admin section I have:

Installed version: 2.0.2
Newest version: 2.0.1

I've installed via package manager because I didn't had notification link about new version.

Quote from: Nolt on December 23, 2011, 03:39:58 PM
Update went smooth and without any problems, but in Admin section I have:

Installed version: 2.0.2
Newest version: 2.0.1

I've installed via package manager because I didn't had notification link about new version.

run the fetch simple machine files from scheduled tasks

Good work team!! Well done. :-)

I get this error: You cannot download or install new packages because the Packages directory or one of the files in it are not writable! 

Yet all of my appropriate folders are set Writable (777).  Any ideas how I can remedy this?

1.1.16 auto update worked perfectly on my board.   8)

Quote from: cerbopoli on December 23, 2011, 03:55:35 PM
I get this error: You cannot download or install new packages because the Packages directory or one of the files in it are not writable! 

Yet all of my appropriate folders are set Writable (777).  Any ideas how I can remedy this?

Set the chmod on that folder properly to 777 using FTP or your hosting control panel's file manager.

For any further questions, please do !NOT! use this topic. It is !NOT! for support.
Please ask your question in the support boards.

Thanks :)

no this patch does not include the fix for downloading attachments in firefox, and PLEASE open separate threads for your issues this thread is not for support.

Thanks CoreISP.  I will ask on the support boards as that is exactly what I have done and it is not working. 

Quote from: live627 on December 23, 2011, 01:52:52 AM
Could you put 2.0.2 on the mod site?

bump. Mods need to say they're compatible.

Updates is ​​successfully. :) Thank you very much for your work! :) Merry Christmas and Happy New Year! :)

Weird. My locally installed forum on my PC sees that the update is available but on my production one, the Administration center does not say an update is available. It also does not show the latest message in the "Live from Simple Machines forum" section about SMF 2.0.2 being available, just the SMF 2.0.1 and earlier messages.  Hmmm..

Well, I uploaded the 2.0.2 patch file manually and installed it via the Package Manager.  I still wonder why my local installation sees the 2.0.2 message in the Admin area and the installation at my webhost does not.  Bizarre.  It's like my server and SMF's server aren't on speaking terms for some reason.

I figured it out. The Fetch Simple Machines Files task failed this morning. I saw it in my error log. I manually ran the task and now I see the updated postings about 2.0.2.  I may need to adjust the time of day it does these checks as it seems to correspond with a lot of other server maintenance tasks at my host. At least I know what happened now. :)

Thanks for Simply Machines Forum 2.0.2, Simple Machines Forum 1.1.16, and Simple Machines Forum 1.0.22!

Quote from: phantomm on December 23, 2011, 02:04:15 PM
Update for SMF 2.0.1 contains fix for problems with downloading attachments by FF?

and this is fixed in this patch?

This problem was fix in FF 9.0.1
Update it ;)

Quote from: MarkoKg on December 23, 2011, 06:04:50 AM
I would like to manually manage the update, as this is just small update when i update 2.0.1 to 2.0.2 i guess? I have planty of mods installed and many code changes so i want to be sure that everything will be okay, and i want to manually install this patch, if it's possible?

Quote from: Illori on December 23, 2011, 06:30:02 AM
for those that want a parse of the 2.0.1 -> 2.0.2 package http://custom.simplemachines.org/upgrades/index.php?action=upgrade;file=smf_patch_2.0.2.tar.gz;smf_version=2.0.1

Idem on my forum where I installed some mods manual. So thanks for the parse of the 2.0.1 -> 2.0.2

Thanks for the update :)

Yes, thanks to the Team for the update. I installed 2.02 through Package Manager - so smooth and quick.

Thanks for the update :)

Thank you,

Although I'm very disappointed that this update didn't fix the known "attachments bug" with firefox 8 - since I consider it a major bug, end-user wise.
http://dev.simplemachines.org/mantis/view.php?id=4825 (http://dev.simplemachines.org/mantis/view.php?id=4825)
There's already a patch for it (but weird, because there is no file named "Attachment.php" in the /Sources directory.. It should be Display.php), so why it is not included in the release?

Strangely enough this forum appears still unpatched:

SMF 2.0.1 | SMF © 2011, Simple Machines

we have to wait for the site team to have the time to do the upgrade, they do not use the patches like the rest of us do.

awesome job, thanx

Quote from: Enc0der on December 24, 2011, 09:10:25 AMwhy it is not included in the release?

Pure guess: The bug is with Firefox, not SMF. So, we're going to have to figure a fix that won't screw everything for users of proper browsers.

Oddly enough, Firefox v9 works as it should. :)

Quote from: K@ on December 24, 2011, 11:45:55 AM
Pure guess: The bug is with Firefox, not SMF.

Not true :)

Anyway, it is indeed "fixed" in Firefox 9.

What were some of the changes?

you can find the changelog on the downloads page and in the archives.

Quote from: spiros on December 24, 2011, 09:11:41 AM
Strangely enough this forum appears still unpatched:

SMF 2.0.1 | SMF © 2011, Simple Machines

I think you misread the numbers ;D

Quote from: Enc0der on December 24, 2011, 09:10:25 AM
Although I'm very disappointed that this update didn't fix the known "attachments bug" with firefox 8 - since I consider it a major bug, end-user wise.
http://dev.simplemachines.org/mantis/view.php?id=4825 (http://dev.simplemachines.org/mantis/view.php?id=4825)
There's already a patch for it (but weird, because there is no file named "Attachment.php" in the /Sources directory.. It should be Display.php), so why it is not included in the release?

The Attachment.php is for SMF 2.1, so that is why it is the wrong file.

Norv said he forgot about including that fix when making the release.  Getting this release was critical and he was short on time.  Because of the Holiday times, there wasn't enough time to add in the changes and test them after we realized that.
I am glad to hear reports that FF 9 fixed it on their end.  I read somewhere in a Mozilla article/posting (i think a bug post) that their data shows most users are either on 3.6 or following the 6 week updates.  There was a small chunk of them still resisting on FF 7 though.  So this is good news at least :)

Administration Center tells me there's NO update available...so I go download the upgrade to do it manually.  5th time I've downloaded it and I get the message:

"Package upload failed due to the following error:
"Although the package was downloaded to the server it appears to be empty. Please check the Packages directory, and the "temp" sub-directory are both writable. If you continue to experience this problem you should try extracting the package on your PC and uploading the extracted files into a subdirectory in your Packages directory and try again. For example, if the package was called shout.tar.gz you should:
1) Download the package to your local PC and extract it into files.
2) Using an FTP client create a new directory in your "Packages" folder, in this example you may call it "shout".
3) Upload all the files from the extracted package to this directory.
4) Go back to the package manager browse page and the package will be automatically found by SMF.""


When ADMIN doesn't see an update...and when the zip files from your own site are EMPTY...how the heck can I do an upgrade.  Also...this is a heck of a thing to do on Christmas Eve on 6 production sites!

In 5 years I have never had this much problems with an SMF upgrade.  Ever.

Merry Christmas.

indeed, thx for the update guys.

Thank you so much...

The package you are trying to download or install is either corrupt or not compatible with this version of SMF.

I have 1.1.15

Quote from: Argonaut on December 23, 2011, 10:42:46 AM
If there's anybody who still has a problem with upgrading to 1.1.16

QuoteAn Error Has Occurred!
The package you are trying to download or install is either corrupt or not compatible with this version of SMF.

Please see this thread:

www.simplemachines.org/community/index.php?topic=463108.0 (Error when trying to upgrade 1.1.15 to 1.1.16)

.15 to .16, a 1\2 minute package manager job, all well. Thanks.

Hi there!

Perfect! Tnx for this new update!
How is the road for new features?

Good job guys, another great release!

Hi Coreisp. Zip corrupted for french packs. Regards.

I can confirm that something's weird with the 1.1.16 patch. Although GNU tar and gzip both extract the package fine, SMF itself does not. If I re-create the archive with "tar czvf ../smf_patch_1.0.22_1.1.16-2.tar.gz *" that file will upload and extract just fine.

The 2.0.2 patch seems to work just fine.

You team guys might want to re-create the package.

Motoko-chan,

Any luck with this one?

hi sleepy, still corrupted for smf...

thanks good man...

GravuTrad, do you have 1.1.15 or 2.0.1?
What's your error message?

There's a new language pack available for 2.0.2:
http://download.simplemachines.org/?smflanguages;lang=french

If you are using 1.1.15, try this way:
www.simplemachines.org/community/index.php?topic=463108.msg3234021#msg3234021

or use the small upgrade zip package [SMF 1.1.16 - upgrade]
http://download.simplemachines.org/index.php?archive;version=67

Hi,Argonaut, the solutions offered didn't work on my forum :'(
Please help me :-X

Quote from: Illori on December 23, 2011, 06:13:00 AM
also dont use this thread for support please open a separate thread in the correct support board for support

What were the security issues on this patch? That would be very helpful to know.

there is a change log available, but the details of the issues resolved will not be made public.

The rezip trick has worked well. But tar.gz generation so isn't good for the 1.1.16 actual smf patch.

An Error Has Occurred!
The package you tried to upload either is not a valid package or has become corrupted.

I tried both instal from form link  and also downloaded from here and stil getting same error message.

please help!

Quote from: Illori on December 23, 2011, 06:13:00 AM
also dont use this thread for support please open a separate thread in the correct support board for support

Quote from: mini_one on December 27, 2011, 11:53:00 AM
An Error Has Occurred!
The package you tried to upload either is not a valid package or has become corrupted.

I tried both instal from form link  and also downloaded from here and stil getting same error message.

please help!

answer already given above. dezip and rezip it. and retry with the new pack.

Thank you so much...

Tried to update using the automatic system under admin - fail with an error message:
"The package you are trying to download or install is either corrupt or not compatible with this version of SMF."

Then tried to update by downloading update package manually and then upload and the error message:
"The package you tried to upload is either not a real package, or is defective."

(maybe the text is not 100% correct because I'm using a translated version)

Boldt, please read this thread:

www.simplemachines.org/community/index.php?topic=463108.0 - [Error when trying to upgrade 1.1.15 to 1.1.16]

www.simplemachines.org/community/index.php?topic=463108.msg3234021#msg3234021

I resay the temporary solution until the tar.gz site packing problem is solved, dezip and rezip it.

Thats probably the best idea in the circs.

El paquete que estás intentando subir no es un paquete válido o bien está estropeado.

Quote from: ForoGames.net on December 28, 2011, 08:19:58 PM
El paquete que estás intentando subir no es un paquete válido o bien está estropeado.

There is already a translated announcement to spanish: SMF 2.0.2 y 1.1.16 parches de seguridad critica lanzados (http://www.simplemachines.org/community/index.php?topic=463138.0)

I still get an error message when trying to use Package Manager to update to 1.1.16
??
Ken

Quote from: kenvue on December 28, 2011, 11:09:17 PM
I still get an error message when trying to use Package Manager to update to 1.1.16
??
Ken

I got many of the same. Have a look here (http://www.simplemachines.org/community/index.php?topic=463108.msg3234016#msg3234016). :)

Updated. Manual Edits FTW.

I got a second email announcement today, both it and the first one I recieved just before christmas seem to refer to the same version levels (2.0.2 & 1.1.16)...did I miss something?

Yeah I seem to have got it twice also.

Maybe due to the actual servers upgrade in progress...

Fantastic news. Thank you SMF Team for the beautiful work. :)

A quick question:
I am subscribed to this board (Announcements), but I did not receive the 2.0.2 announcement.
The email address is correct, and I cannot find the announcement in my gmail spam folder.
Is anyone having the same problem?
I would love to hear about new releases right away.

Wishing you all a happy new year.

There are a lot of registered users on this site, so the announcement takes several days to send out. Especially as simplemachines.org doesn't mass-send e-mail often, major providers will often rate-limit the mail causing longer delays for users on those providers. I only got the e-mail announcement yesterday, for example.

QuoteThere are a lot of registered users on this site, so the announcement takes several days to send out

Ah, makes sense. Thank you for explaining! :)

After a lot of tries and effort, I managed to get my patch upgrade installed. At first, I got the message others got about the file being corrupt. I tried several different things as suggested but none worked until ---- I downloaded the file again from a post (http://www.simplemachines.org/community/index.php?topic=463108.msg3234021/) on this forum rather than the file from the upgrade forum. When I unzipped both sets of files and compared them, I noticed there was only one file in the first package whereas the second package I had (that worked at the first attempt) contained three files. I re-zipped the three files, uploaded them and hey presto, they appeared in my admin panel and installed.

Thanks to everyone involved with the patch and thanks to others for trying to solve the issues of installation.

update smf 1.1.15 to 1.1.16
error message: Hiçbir kurulum ve kaldırma eylemi tanımlanmadı!

I'm afraid I don't understand that, Kokoin.

Does this help?

http://www.simplemachines.org/community/index.php?topic=463108.msg3234016#msg3234016

Congrats on the hard work, team! :D

I think I've found a problem with one of the files in the 2.0.2 small-update from the downloads area (alas, I'm using Windows IIS6, and thus package manager is seemingly impossible to get working properly, so I have to do manual updates). This one - http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-2_update.zip

Anyway, the errant file in question is:

Themes/default/PersonalMessage.template.php

and the problem seems to be that it is still reporting as Version 2.0, not version 2.0.2

Is this correct?

I noticed that after I did the manual file-copy followed by running the 'upgrade.php' to sort out my MySQL DB - all of which seemed to work ok - I went back to the Administration Center and confirmed that my board had updated. The Admin Center shows '2.0.2' as the headline version, but when doing the 'more detailed' check, I see Default Templates with a red 2.0 next to it, and when I open that up, I see a red 2.0 next to PersonalMessage.template.php.

I confirmed that I had correctly copied the right files over, so I then looked at the individual files within the 2.0.2 small update distribution file and compared PersonalMessage.template.php from the Core and Default themes in a file-comparison utility. They are vastly different (maybe to be expected? I don't know) - but specifically, the Core instance of the file showed Version 2.0.2 while the Default instance showed 2.0

Is this correct? Did someone forget to include the correct Default Theme file in the small manual upgrade zip?

My forum uses the Default Theme, by default (and I have no idea whether that's a clone of the Core theme, or what) - so will I have a problem at some point when members start using the PM system?

Any help gratefully received - if you need further information or testing please ask away! Thanks.

Neil

take a look at http://www.simplemachines.org/community/index.php?topic=463145.0 also this thread is not for support you should open your own thread for issues related to the upgrade.

Ilori - thanks for the pointer to the other thread. I will continue this discussion there.

However, for the record, I wasn't actually looking for support, and don't consider this a personal support issue. I was merely trying to be helpful, and was reporting an ERROR with the small-update zip's contents (an error which I can see is indeed accepted as such on the other thread).

Thanks anyway.

Thanks !

Goog Job  8)

Quote from: Fantasy-Faction on December 23, 2011, 03:49:45 AM
Hey guys!

Trying to update from 1.1.15 and getting the following message:
The package you are trying to download or install is either corrupt or not compatible with this version of SMF.

Any ideas? :)

Same here...????

Quote from: bassinRN on January 04, 2012, 07:03:17 AM

Quote from: Fantasy-Faction on December 23, 2011, 03:49:45 AM
Hey guys!

Trying to update from 1.1.15 and getting the following message:
The package you are trying to download or install is either corrupt or not compatible with this version of SMF.

Any ideas? :)

Same here...????

http://www.simplemachines.org/community/index.php?topic=463108.msg3234016#msg3234016

Thanks for the updates SMF team, will be sure to update once I have everything else set up but thanks again for all your work

~Shasta

Quote from: K@ on January 01, 2012, 03:57:38 PM
I'm afraid I don't understand that, Kokoin.
Does this help?
http://www.simplemachines.org/community/index.php?topic=463108.msg3234016#msg3234016

ok K@ , your attached file download. I manuel editing;
index.php
sources/packages.php
sources/messagindex.php

Thank you...

Do these security updates address DDOS attack vulnerability?

Nope. You can't solve a DDOS issue at the application level, if you're being hit by a DDOS, talk to your host.

Quote from: arrowtotheknee on January 11, 2012, 02:33:06 PM
Nope. You can't solve a DDOS issue at the application level, if you're being hit by a DDOS, talk to your host.

That's what I thought.  Thanks!

I've used it before, but can't find it now, the step by step instructions on upgrading from an older version? I'm on SMF 2.0 RC4. Thanks!

http://wiki.simplemachines.org/smf/Upgrading

Hello, I have some problem.
How to fix this?

Not Acceptable

An appropriate representation of the requested resource /forum/index.php could not be found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at mcekvidetibugs.net Port 80

What exactly were you trying to do when you got that message?

Please help our forum has gone down and I am on-line now trying to fix but I must admit to not really having a clue what is going on, any advice greatfully received. It is throwing the following message no matter what I try, won't let me into admin panel or owt???

"Table './planetai_smf924/smf_log_online' is marked as crashed and should be repaired
File: /home/planetai/public_html/Sources/Subs.php
Line: 2608

Note: It appears that your database may require an upgrade. Your forum's files are currently at version SMF 2.0.2, while your database is at version 2.0.1. The above error might possibly go away if you execute the latest version of upgrade.php."

Apologies if I have posted in the wrong section, I'm a bit new to all of this and slightly panicked.

Quote from: Illori on December 23, 2011, 06:13:00 AM
also dont use this thread for support please open a separate thread in the correct support board for support

Login to your control panel and phpmyadmin and run this command on your database

REPAIR TABLE smf_log_online;


Quote from: Illori on January 16, 2012, 03:35:58 PM

Quote from: Illori on December 23, 2011, 06:13:00 AM
also dont use this thread for support please open a separate thread in the correct support board for support

My apologies, I panicked.

How to subscribe for SMF critical security patches?

Quote from: flash_os on January 18, 2012, 12:47:35 PM
How to subscribe for SMF critical security patches?

We send email announcements or you can do a notify on the annocuments board as well.

It also gets listed in your SMF admin screen...

I performed the 2.0.1 to 2.0.2 upgrade
Board is working fine
Realized today that the Global Moderators cannot move topics as the move to list does not appear

Scenario:
Click move topic
Move to screen appears
Nothing in the move to box, no down arrow, nothing even if clicking the box

Administrators can move topics as before.

Checked the rights(using default) and all look the same as before.  Since they can get to the move screen I think the rights are OK.  My belief is a template layout design issue?

Anyone else run into this?  Or at least point me in a direction.   

TIA

you have a thread already on this, please dont post in multiple places.

Sorry about that.  Wasn't sure if support or the original update thread was the correct place for the question

Quote from: BlownShovel on January 18, 2012, 08:27:29 PM
Sorry about that.  Wasn't sure if support or the original update thread was the correct place for the question

lets see now, this is a quote from the very first post in this thread:

Quote from: Norv on December 22, 2011, 11:43:01 PM

Please do not use this topic for support requests. You will get a much quicker and better response by posting in the relevant support board!

Regards,

Simple Machines Forum project

Quote from: vbgamer45 on January 18, 2012, 12:48:05 PM

Quote from: flash_os on January 18, 2012, 12:47:35 PM
How to subscribe for SMF critical security patches?

We send email announcements or you can do a notify on the annocuments board as well.

This time I did not receive announcement about "1.1.16 critical security patches released".

Great job SMF!
I just upgraded my 1.1.16 forum to 2.0.2 and everything worked smoothly. Even the integration with Gallery2 went perfect without the need of any modification, at least until this moment. :)
I postponed this upgrade for some months and it took me only a few minutes to perform it!!!
Many thanks for all your work!

I'm unable to upgrade from version 1.1.15 to 1.1.16 due to the previously mentioned error message about corrupted files.  I am not a whiz kid when it comes to forum programming, so I do not feel confident messing around with the suggested methods that involve unzipping and re-zipping, and I am sure I am not on my own here.  My own solution, therefore is that as my forum is not "broken" I prefer not to risk trying to fix it and possibly messing it up completely. Instead I will await the release of version 1.1.17 and hope that is released without any problems.

Apologies if this should have been posted elsewhere, but the other thread referred to is locked.

Quote from: gopher_moi on January 25, 2012, 05:36:18 PM
I'm unable to upgrade from version 1.1.15 to 1.1.16 due to the previously mentioned error message about corrupted files.  I am not a whiz kid when it comes to forum programming, so I do not feel confident messing around with the suggested methods that involve unzipping and re-zipping, and I am sure I am not on my own here.  My own solution, therefore is that as my forum is not "broken" I prefer not to risk trying to fix it and possibly messing it up completely. Instead I will await the release of version 1.1.17 and hope that is released without any problems.

Apologies if this should have been posted elsewhere, but the other thread referred to is locked.

No worries. How about having a look here (http://www.simplemachines.org/community/index.php?topic=463108.msg3234016#msg3234016) and download the zip file K@ posted. Upload it via Package Manager. And then apply the mod. That'll get you up to 1.1.16 pretty quickly. :)

Worked a treat and was uploaded and installed in seconds.  Very many thanks for your help.  :)

Glad it helped, Gopher_You! :)

I am the administrator of the El Portus Forum which is still using SMF 1.1.10 so I need to update it.  Unfortunately the originator of this Forum, Vindinacho, has gone on a worldwide trip and cannot be contacted.  When I click "Update" I am barred from access.  How can I update our Forum, please? We are plagued by spam attacks and need the protection of Verification letters to type into the box and email confirmation.  I assume these are included in the updates we need.

Quote from: Illori on December 23, 2011, 06:13:00 AM
also dont use this thread for support please open a separate thread in the correct support board for support

 :-[ Hi Guys

I'm having a problem with my SMF fourm. I keep getting security errors on IE and when I try install this patch it says its already installed. I'm curently on 1.1.16 and I have tryed to upload this patch but it returns the following message ( You already have this installed. )

The security warning I keep getting on my fourm is ( Virus found JS/Agent ) on IE9

Anybody any thoughts on this.

Quote from: whelanweb on February 06, 2012, 05:02:28 AM
:-[ Hi Guys

I'm having a problem with my SMF fourm. I keep getting security errors on IE and when I try install this patch it says its already installed. I'm curently on 1.1.16 and I have tryed to upload this patch but it returns the following message ( You already have this installed. )

The security warning I keep getting on my fourm is ( Virus found JS/Agent ) on IE9

Anybody any thoughts on this.

Welcome to the site whelanweb.

This isn't the correct place to post for support, try the support boards (http://www.simplemachines.org/community/index.php#c3) as you'll get a quicker response there.

I doubt you need support, for the first thing. If you're on v1.1.16, applying a patch to get you to v... er... 1.1.16 ain't gonna achieve much, now is it?

You might with the js thing, though.

HI,

I started the task
>Fetch Simple Machines Files<
but the notification about  the upgrade to 2.0.2 was not shown.

there is still the hint to run 2.0.1 but i did this already...

Hmm
what can I do ?

"The hint to run 2.0.1"? If that's showing up, then SMF has detected that you aren't on 2.0.1. Make sure you actually installed the 2.0.1 patch.

Hi,

This seems like a really stupid question but if I am on SMF 2.0.2 does the SMF 2.0.2 Update update my security or does it update my forum version to SMF 2.0.2. Which would obviously not work since I am already using SMF 2.0.2.

Basically, I have, all of a sudden received 130 posts in Polish about Viagra. So I thought I'd check out if there were any security updates available and low and behold there is,........'SMF 2.0.2 and 1.1.16 critical security patches released'. On uploading and installing it I get an error message stating it is not compatible with the forum version I am running, 'SMF 2.0.2'

Am I being stupid, and if so any ideas how to deal with my apparent security breach, can I block an IP address for posting, or are there any other patches I can install.

Any advice would be greatly appreciated.

the 2.0.2 update is used to update and 2.0.1 forum to 2.0.2. If you are running 2.0.2 then you are at the current security revision.

That ebing said, spam is not usually a security issue, but rather a configuration issue...   you need to configure your registration and/or posting settings to avoid spam. There are dozens of threads discussing what settings and/or mods to add for this.

Thanks for the update notification.

My admin section has been rendered useless since you took over my site and any link I click to up date just takes me back to this useless board.

Why do you force us to update and then not have a link to the updated files?

Answered in your other thread.

Please don't double post... Plus, we do not do what you are suggesting

Thanks!

Update went fine!

good work and god bless you all the time   :)

Thanks. ;D

Thanks

I just started to use SMF.  Thank you for your continued updates.

No updates for the last 6 months. This is very disappointing. What's going on?

QuoteNo updates for the last 6 months. This is very disappointing. What's going on?

No need for (security) updates for a long time. This is very positive!

I logged into and loder forum i had up and found the upgrade for 1.1.5 to 1.1.16:
SMF File                   Your Version                 Current Version
SMF Package   SMF 1.1.15                           SMF 1.1.16
Sources                  1.1.11                           1.1.16
Default Templates  1.1.12                           1.1.12
Language Files          1.1.9                                   1.1.15

But when i click on : Update your forum, i get :
The package you are trying to download or install is either corrupt or not compatible with this version of SMF.
What do i need to do here.

Try downloading this:

http://download.simplemachines.org/index.php?thanks;filename=smf_1-1-16_update.zip

Upload it, still archived, into your Packages directory.

Then, go to Package Manager to apply it.

READ MY SIG!

Is the 1.1.16 package still broken? I thought it was fixed ages ago >_<

It was, supposedly.

Ain't life grand? ;)

The update download is not a modification package. It is designed to be extracted and the contents uploaded over the top of your existing instalation. Updating in this manner will remove any modification changes to the affected files.

Updates which can be applied through the package manager are located at http://custom.simplemachines.org/upgrades/ (http://custom.simplemachines.org/upgrades/).

Note that some hosting configurations have weird issues with compressed files. You can either try re-tarring (I've verified that manually using GNU tar 1.26 and gzip 1.4 will work 98% of the time), or wrapping in a zip if you absolutely must.

No, but the 1.1.15 to 1.1.16 patch, the one linked specifically through the admin panel, to be installed like a mod is supposed to be a modification package - except it's been broken since 1.1.16 came out.

Quote from: Arantor on June 20, 2012, 05:23:10 PM
No, but the 1.1.15 to 1.1.16 patch, the one linked specifically through the admin panel, to be installed like a mod is supposed to be a modification package - except it's been broken since 1.1.16 came out.

The first part of my response was concerning K@ directing users to use the update archive as a package manager package, which will not work.

As for the actual update patch, the direct-download functionality has always been hit-or-miss. What about the patch at the link I provided?

Quote from: K@ on June 20, 2012, 03:44:00 PM
Try downloading this:

http://download.simplemachines.org/index.php?thanks;filename=smf_1-1-16_update.zip

Upload it, still archived, into your Packages directory.

Then, go to Package Manager to apply it.

READ MY SIG!

When i uploaded it i got the same error:
The package you are trying to download or install is either corrupt or not compatible with this version of SMF.

BUT then i went to browse packagse, it was there, i clicked on it and it installed fine...

It's been a while since the last SMF updates. I hope 2.1 is coming soon, along with 2.0.3 and 1.1.17? :)

Quote from: 青山 素子 on June 20, 2012, 05:58:24 PM

The first part of my response was concerning K@ directing users to use the update archive as a package manager package, which will not work.

Actually, updates do (At least, they always have, for me). UpGRADES don't.

Quote from: Nodaz on June 20, 2012, 06:18:34 PMi went to browse packagse, it was there, i clicked on it and it installed fine...

WoOt!

why would there be a 2.0.3 or 1.1.17 if there are no security issues to patch?

Quote from: Kindred on June 21, 2012, 08:53:36 AM
why would there be a 2.0.3 or 1.1.17 if there are no security issues to patch?

So you prefer saying we fixed that glitch/bug whatever but included in next big version? If you fixed some bugs in 2.0.x circle you have to make new release. If I'm not wrong there is already 33 bugs (public) resolved/closed. Its enough to release another update.

That isn't how it works, that's never been how it works in the 9 year history of SMF.

Once a x.y.0 release is made (like 2.0.0), the ONLY things fixed after are security fixes. There have been no security issues fixed, ergo no new release.

It isn't about whether you'd 'prefer' it or not, it's how SMF development operates - keeping life easier for users and admins to manage upgrades.

You see, by that logic, you could release a new patch every single bug fix, which means we'd be up to 2.0.34 by now - and no-one needs that.

Things can be changed nothing stands against it.

I didn't say release new update after every single bug/glitch fix. I said X is a good number to release update.

Living with "bugs" never made users life easier.

Beside all I'm completely happy with no-new release (that means there is no security issue in software)

Quote from: Antes on June 21, 2012, 07:50:03 PM
I didn't say release new update after every single bug/glitch fix. I said X is a good number to release update.

Living with "bugs" never made users life easier.

It depends on the bug and how bad it is. Also, if the fixes have been done in a new branch and a lot of code has changed, it may be difficult to backport the fix. Often, in cases like that, it's better to leave the bug in place. Sometimes the actual fix for the bug requires a re-write of code, which may have side-effects in other parts of SMF, especially older code.

Traditionally, updates in a stable release have only been made for security issues or major bugs.

Quote from: 青山 素子 on June 22, 2012, 01:41:00 AM

Quote from: Antes on June 21, 2012, 07:50:03 PM
I didn't say release new update after every single bug/glitch fix. I said X is a good number to release update.

Living with "bugs" never made users life easier.

It depends on the bug and how bad it is. Also, if the fixes have been done in a new branch and a lot of code has changed, it may be difficult to backport the fix. Often, in cases like that, it's better to leave the bug in place. Sometimes the actual fix for the bug requires a re-write of code, which may have side-effects in other parts of SMF, especially older code.

Traditionally, updates in a stable release have only been made for security issues or major bugs.

Oh now i understand thanks for the info.

Quote from: a10gf on June 20, 2012, 06:18:15 AM

QuoteNo updates for the last 6 months. This is very disappointing. What's going on?

No need for (security) updates for a long time. This is very positive!

Aha! And what about new features?

As has always been the case with SMF, once a stable release (1.0.0, 1.1.0, 2.0.0) is reached, no new features are added until the next one and only security patches get released, which is what 2.0.1 and 2.0.2 were. The next release with new features will be 2.1 and is still under development.

Thank you Arantor.

Quote from: Arantor on July 08, 2012, 04:02:37 PM
As has always been the case with SMF, once a stable release (1.0.0, 1.1.0, 2.0.0) is reached, no new features are added until the next one and only security patches get released, which is what 2.0.1 and 2.0.2 were. The next release with new features will be 2.1 and is still under development.

Bug Fixes are released in small updates like 2.0.2 last time I checked <.< .


I say this because even on the release notes of 2.0.2 it clearly states the version includes bug fixes.


Not trying to start anything just trying to clear things up for myself.


http://www.simplemachines.org/community/index.php?topic=463103.0 (http://www.simplemachines.org/community/index.php?topic=463103.0)

The bulk of the 2.0.2 patch is security. There are non-security bug fixes, but nothing that is more than one-line changes, and in low single digits.

Quote from: Arantor on July 21, 2012, 09:12:24 PM
The bulk of the 2.0.2 patch is security. There are non-security bug fixes, but nothing that is more than one-line changes, and in low single digits.

Okay thanks for clearing that up :).

Thanks a lot man :D

I'm new and taking a spin around. Great software....might replace my bulletin with this,,,

Apologies if some one has already asked this, but is there some kind of mailing list I can subscribe too for alerts of when smf publishes a new release? 

no....   if there is a critical security release or a major release, the team usually sends an announcement to all accounts on this system.
The SMF admin on your own forum also will announce when there is an update.

or, you can just keep an eye on this board....

It's been a while since the last update... Only a couple of bugs have been fixed in the past months. :(

Quote from: sharks on August 28, 2012, 01:23:34 AM
It's been a while since the last update... Only a couple of bugs have been fixed in the past months. :(

https://github.com/SimpleMachines/SMF2.1

Sharks,

Once a release goes to final, only critical/major bugs or security issues get addressed with point releases.
The effort gets put into the next MAJOR release (in this case 2.1) rather than non critical patches to the previous release (2.0.x.)

The request not to be angry with this question:
already passed 8 months, this year there is a new release?
It would be desirable to hear approximate date.
I don't hurry, simply it is interesting to me.

Quote from: Inter on August 31, 2012, 11:22:28 AM
The request not to be angry with this question:
already passed 8 months, this year there is a new release?
It would be desirable to hear approximate date.
I don't hurry, simply it is interesting to me.

Again,  https://github.com/SimpleMachines/SMF2.1

Check that page, if you are interested, you can see the progress right there, is open for everyone to see and to participate.

The answer to the question "when there will be a new release" is *always* the same: when it will be (in our opinion) ready. ;)

maybe it's good - not in a hurry, and a lot of people do not like to update their sites frequently

Quote from: Suki on August 31, 2012, 11:24:55 AM

Quote from: Inter on August 31, 2012, 11:22:28 AM
The request not to be angry with this question:
already passed 8 months, this year there is a new release?
It would be desirable to hear approximate date.
I don't hurry, simply it is interesting to me.

Again,  https://github.com/SimpleMachines/SMF2.1

Check that page, if you are interested, you can see the progress right there, is open for everyone to see and to participate.

COOL!!!

Hi every frd..

Thanks 4 every one sharing information...

Quote from: N. N. on December 22, 2011, 11:43:01 PM
Hello all,

Simple Machines Forum project has released SMF 1.1.16 and SMF 2.0.2 security patches for the SMF community.
Critical security issues have been identified and fixed with this patch, therefore it is highly recommended to make sure you update your forums immediately.
A few bug fixes for SMF 2.0.x are also available with the patch.

If you use 2.0.1, you can update your forum to 2.0.2. using package manager. You should see the notification in Admin panel, allowing you to download and install seamlessly. If you don't have a notification about the update, please run the scheduled task "Fetch Simple Machines files".
You can also download the patch for 2.0.1 from the customize site: smf_2.0.2 patch (http://custom.simplemachines.org/mods/downloads/smf_patch_2.0.2.tar.gz), and install it through package manager.

If you use 1.1.15, you can update to 1.1.16 with the smf_1.0.22_1.1.16 patch (http://custom.simplemachines.org/mods/downloads/smf_patch_1.0.22_1.1.16.tar.gz), also using package manager.

If you use older versions of SMF, you can upgrade with the full upgrade packages from the downloads page.

Please find the changelog for the latest release as usual, on the downloads page as well:
http://download.simplemachines.org/

Please do not use this topic for support requests. You will get a much quicker and better response by posting in the relevant support board!

Regards,

Simple Machines Forum project

I AM A NEW MEMBER HERE, I USE SMF 1.1.16 MY SITE HAS BEEN MARRED BY SPAM. I SAW YOUR POST AND THINK I CAN BE HELPFUL TO ME BUT I DON'T KNOW HOW. CAN YOU PLEASE DIRECT ME ON WHAT TO DO.

1- do not post in all caps.
2- read the bloody message which you quoted: Please do not use this topic for support requests.
3- post in support
4- use search and/or read other messages, since this question has been answered, literally hundreds of times.

and the most important number 5 - do not spam.

please my forum is showing:
Sorry, SMF was unable to connect to the database. This may be caused by the server being busy. Please try again later.

after trying to update.

www.NEWinfoCity.com

@ Jasogbe

Welcome to smf however please consider the following

Post in support
Use search and/or read other messages, since this question has been answered, literally hundreds of times.