Simple Machines Community Forum

Simple Machines => News and Updates => Topic started by: emanuele on February 01, 2013, 05:26:51 PM

Title: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: emanuele on February 01, 2013, 05:26:51 PM
Dear users,

Simple Machines has released a critical security patch with version numbers: SMF 1.1.18 and SMF 2.0.4.
A few critical security issues have been identified in the two maintained versions and are fixed with this update, therefore it is recommended to make sure you update your forums immediately to ensure your community is safe. For SMF 2.0.x this update includes a few other minor bugs that have been fixed.

If you are running 2.0.3, you can update your forum to 2.0.4 using the package manager. You should see the upgrade notification in the Admin panel and in the package manager, allowing you to download and install seamlessly. If you don't have a notification about the update, please run the scheduled task "Fetch Simple Machines files".
You can also download the update for 2.0.3 from the customize site (http://custom.simplemachines.org/upgrades/) (Upgrades site page): smf_patch_2.0.4.tar.gz, and install it using the package manager.

If you are running 1.1.17, you can update to 1.1.18 from the package manager, following the instructions in the notification in the Admin panel, or downloading the patch from the customize site (http://custom.simplemachines.org/upgrades/) (Upgrades site page): smf_patch_1.1.18.tar.gz, and installing it using the package manager.

If you use older versions of SMF, you can upgrade with the full upgrade packages from the downloads page (http://download.simplemachines.org/).
Please find the changelog for the latest release, as usual, on the downloads page as well:
http://download.simplemachines.org/

Please find more informations on the Online Manual:
* upgrading http://wiki.simplemachines.org/smf/Upgrading
* patching http://wiki.simplemachines.org/smf/Patching

Please do not use this topic for support requests. You will get a much quicker and better response by posting in the relevant support board!

Regards,
Simple Machines Forum

Edit: the language packs are currently broken, in few hours they will be regenerated, we are sorry for the inconvenience.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: NanoSector on February 01, 2013, 05:32:12 PM
Nice work :)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Owdy on February 01, 2013, 05:33:45 PM
Patched. Thanks!
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: CoreISP on February 01, 2013, 05:34:23 PM
Thanks! :)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Looking on February 01, 2013, 05:35:08 PM
Good finds.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Arantor on February 01, 2013, 05:35:23 PM
Thanks.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Alpay on February 01, 2013, 05:50:28 PM
nice work :)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: ApplianceJunk on February 01, 2013, 05:52:02 PM
So when you upgrade to 2.0.4 do mods that are only 2.0.3 compatible quit working on 2.0.4?
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: NanoSector on February 01, 2013, 05:52:58 PM
Most if not all mods for 2.0.3 should still work in 2.0.4.

/me copies that text as the same question will arise another 100 times
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: ARG01 on February 01, 2013, 05:54:18 PM
All I get is an error when clicking the "update your forum " link.  ;)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: ApplianceJunk on February 01, 2013, 05:56:41 PM
Most if not all mods for 2.0.3 should still work in 2.0.4.

/me copies that text as the same question will arise another 100 times

I guess "Custom Copyright" is at least one of the exceptions. ;)

I will look for help in the support thread for that mod.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Antes on February 01, 2013, 05:59:04 PM
Thanks :)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: HunterP on February 01, 2013, 06:21:08 PM

I'm running 3 SMF boards, the first 2 went without any problems, but the third says :

1.   Execute Modification   smf_2-0-4_patch.xml   Modification parse error
2.   Execute Modification   smf_2-0-4_patch.xml   Modification parse error

Any suggestions?
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: emanuele on February 01, 2013, 06:25:00 PM
Download the package again?
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Boxerforum on February 01, 2013, 06:28:18 PM
Nice work, many thanks. I just updated four forums without any problems !
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Arantor on February 01, 2013, 06:28:38 PM

I'm running 3 SMF boards, the first 2 went without any problems, but the third says :

1.   Execute Modification   smf_2-0-4_patch.xml   Modification parse error
2.   Execute Modification   smf_2-0-4_patch.xml   Modification parse error

Any suggestions?

This is not a support board... (like the announcement says)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: 4Kstore on February 01, 2013, 06:29:29 PM
Thanks!
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: busterone on February 01, 2013, 06:43:39 PM
Thanks.   :)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Dzonny on February 01, 2013, 06:45:49 PM
Thanks! :)

Rock on!:D
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: NO CARRIER on February 01, 2013, 06:57:36 PM
Patched, thanks! http://custom.simplemachines.org/upgrades/ I want to see what is patched, but here is no SMF 1.1.17 to SMF 1.1.18 patch for download.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Dzonny on February 01, 2013, 06:59:06 PM
Patched, thanks! http://custom.simplemachines.org/upgrades/ I want to see what is patched, but here is no SMF 1.1.17 to SMF 1.1.18 patch for download.
Yes there is, last in the list:
http://custom.simplemachines.org/upgrades/index.php?action=upgrade;file=smf_patch_1.1.18.tar.gz;smf_version=1.1.17
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: ApplianceJunk on February 01, 2013, 07:00:37 PM
thanks,
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: NO CARRIER on February 01, 2013, 07:01:06 PM
Patched, thanks! http://custom.simplemachines.org/upgrades/ I want to see what is patched, but here is no SMF 1.1.17 to SMF 1.1.18 patch for download.
Yes there is, last in the list:
http://custom.simplemachines.org/upgrades/index.php?action=upgrade;file=smf_patch_1.1.18.tar.gz;smf_version=1.1.17

Yes, they are there. Thanks!  :-[
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Colin on February 01, 2013, 07:49:14 PM
Thanks devs.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: charlottezweb on February 01, 2013, 08:54:15 PM
Thanks!  :)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: mashby on February 01, 2013, 08:56:27 PM
Easy as peasy! :) Thanks devs!
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Deaks on February 01, 2013, 09:18:15 PM
well done ladies ... i mean guys ... honestly :D
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: rickmastfan67 on February 01, 2013, 10:13:18 PM
Edit: the language packs are currently broken, in few hours they will be regenerated, we are sorry for the inconvenience.

Hope the auto-update comes back online soon as the forum I help maintain keeps downloading the 2.0.3 update instead of the 2.0.4 one. lol.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Mick. on February 01, 2013, 10:44:57 PM
Awesome y'all! ;)

Thank you.
Mick.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: CoreISP on February 01, 2013, 11:15:41 PM
Hope the auto-update comes back online soon as the forum I help maintain keeps downloading the 2.0.3 update instead of the 2.0.4 one. lol.

That's actually not related to the language packs but a typo on our servers. Fixed that.
Please run the "Fetch Simple Machines files" scheduled task again and then try to do it again. :)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Crozz on February 01, 2013, 11:31:15 PM
Updated like a charm.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: ARG01 on February 01, 2013, 11:34:08 PM
Patched, thanks! http://custom.simplemachines.org/upgrades/ I want to see what is patched, but here is no SMF 1.1.17 to SMF 1.1.18 patch for download.

It's at the bottom of the "SMF 1.1" list. Not sure why neither is in ascending order?  ;)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Arantor on February 01, 2013, 11:34:50 PM
It usually appears at the bottom of the list until it gets manually moved. Pushing out an update is a big, big deal here.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: mashby on February 01, 2013, 11:38:39 PM
It's the Doppler effect. You see it in your own site's admin panel before you see it at the top of the list here. But the whole time, it exists. :)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Arantor on February 01, 2013, 11:48:03 PM
Sort of, yes.

To explain... what happens is that the patch is released, and around that time, the latest-version.js file is updated here. Over the next day or so, everyone phones home, grabs the update etc.

But the upgrades page is less automated and requires a little hand-tuned maintenance, which not everyone can do. It's a massive undertaking to push out an update.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: rickmastfan67 on February 02, 2013, 12:51:56 AM
Hope the auto-update comes back online soon as the forum I help maintain keeps downloading the 2.0.3 update instead of the 2.0.4 one. lol.

That's actually not related to the language packs but a typo on our servers. Fixed that.
Please run the "Fetch Simple Machines files" scheduled task again and then try to do it again. :)

Thanks for fixing that.  It's working correctly now. :)  And I've got our forum patched. :)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: CoreISP on February 02, 2013, 12:54:44 AM
Good to hear that :)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: The Craw on February 02, 2013, 01:26:54 AM
Sort of, yes.

To explain... what happens is that the patch is released, and around that time, the latest-version.js file is updated here. Over the next day or so, everyone phones home, grabs the update etc.

But the upgrades page is less automated and requires a little hand-tuned maintenance, which not everyone can do. It's a massive undertaking to push out an update.

Bob Martin would be in favor of automating those tasks.

Thanks for the update, guys! :D
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: French on February 02, 2013, 01:53:01 AM
Quote from: CoreISP
That's actually not related to the language packs but a typo on our servers. Fixed that.
Please run the "Fetch Simple Machines files" scheduled task again and then try to do it again
Are you´re sure it is  fixed for all the servers ??,still getting this,even after running Fetch Simple Machines Files again
Het is momenteel niet mogelijk een verbinding te maken met de meest recente nieuwsfile op simplemachines.org

Edit; Patch manually installed, however the automatic entry in the Administration screen stays empty, no connection to Simple Machines.org possible


Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Benchapon on February 02, 2013, 03:53:21 AM
Thanks. ;D
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Chalky on February 02, 2013, 04:26:48 AM
Thanks guys!  I ran the "Fetch Files" but my admin panel kept offering me the 2.0.3 update then complaining that it was already installed!  I successfully downloaded and installed it from the upgrades part of the modsite though, quickly, smoothly and cleanly.  Thank you  :)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: engrz on February 02, 2013, 04:55:37 AM
i have updated from 2.0.3 to 2.0.4 but i want to know how to update security patch? or it is installed with 2.0.4?
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Chalky on February 02, 2013, 05:17:27 AM
i have updated from 2.0.3 to 2.0.4 but i want to know how to update security patch? or it is installed with 2.0.4?

The update to 2.0.4 is the security patch  ;)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: JoliePittOnline on February 02, 2013, 06:04:53 AM
Done! No problem whatsoever. Thank you SMF!
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: emanuele on February 02, 2013, 06:21:03 AM
I ran the "Fetch Files" but my admin panel kept offering me the 2.0.3 update then complaining that it was already installed!
Did you use by chance the emulate version for installing something else in the meantime?
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Chalky on February 02, 2013, 06:29:37 AM
I ran the "Fetch Files" but my admin panel kept offering me the 2.0.3 update then complaining that it was already installed!
Did you use by chance the emulate version for installing something else in the meantime?

Don't think so... I've only installed PNG Message Icons (http://custom.simplemachines.org/mods/index.php?mod=2786) and Remove Hot Topic Icons (http://custom.simplemachines.org/mods/index.php?mod=2710) and I don't remember emulating, though it's true I usually forget to revert back after I do emulate  O:)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Shambles on February 02, 2013, 06:33:30 AM
Amazing how quickly an announcement becomes a support topic  ::)


Quote from: emanuele
Please do not use this topic for support requests. You will get a much quicker and better response by posting in the relevant support board!
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Antes on February 02, 2013, 07:07:54 AM
Its not becoming a support topic, its a investigatement for a possible bug. :)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Zelix on February 02, 2013, 07:33:29 AM
I'm running SMF 2.0.3, how can i update my forum to 2.0.4, without errors and without removing any of topics/posts/threads.
Please Explain how, because im not english, like Example, first of all:

AdminCP >> Package Manager >> ...
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Shambles on February 02, 2013, 07:41:28 AM
Its not become a support topic, its a investigatement for a possible bug. :)

R U Sure?


I'm running SMF 2.0.3, how can i update my forum to 2.0.4, without errors and without removing any of topics/posts/threads.
Please Explain how, because im not english, like Example, first of all:

Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: villasg on February 02, 2013, 07:45:29 AM
Thanks auto update from 1.1.17 to 1.1.18 today !
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: ModelBoatMayhem on February 02, 2013, 07:53:29 AM
I'm running SMF 2.0.3, how can i update my forum to 2.0.4, without errors and without removing any of topics/posts/threads.
Please Explain how, because im not english, like Example, first of all:

AdminCP >> Package Manager >> ...

Download patch - http://custom.simplemachines.org/mods/downloads/smf_patch_2.0.4.tar.gz (http://custom.simplemachines.org/mods/downloads/smf_patch_2.0.4.tar.gz)

Install via Admin > main > Package manager > Download New Packages > Upload a Package > Package to upload: > (Browse to your download ) > Upload      :)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Zelix on February 02, 2013, 08:15:04 AM
I'm running SMF 2.0.3, how can i update my forum to 2.0.4, without errors and without removing any of topics/posts/threads.
Please Explain how, because im not english, like Example, first of all:

AdminCP >> Package Manager >> ...

Download patch - http://custom.simplemachines.org/mods/downloads/smf_patch_2.0.4.tar.gz (http://custom.simplemachines.org/mods/downloads/smf_patch_2.0.4.tar.gz)

Install via Admin > main > Package manager > Download New Packages > Upload a Package > Package to upload: > (Browse to your download ) > Upload      :)
Thanks very much!
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: novill on February 02, 2013, 08:59:31 AM
Thanks  :)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: neric on February 02, 2013, 09:13:57 AM
I am trying to register to MadModder and it rejects me say I am a spammer....WTF....that's weird first time for me can you see what is going on
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Kindred on February 02, 2013, 09:21:01 AM
1- this topic is an announcement of a security patch, not support topic
2- smf has nothing at all to do with any other site's configuration or registration
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: CoreISP on February 02, 2013, 09:42:12 AM
Quote from: CoreISP
That's actually not related to the language packs but a typo on our servers. Fixed that.
Please run the "Fetch Simple Machines files" scheduled task again and then try to do it again
Are you´re sure it is  fixed for all the servers ??,still getting this,even after running Fetch Simple Machines Files again
Het is momenteel niet mogelijk een verbinding te maken met de meest recente nieuwsfile op simplemachines.org

Edit; Patch manually installed, however the automatic entry in the Administration screen stays empty, no connection to Simple Machines.org possible

Yes, that would appear to be a problem at your host/server I'm afraid, not ours.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: edjon2000 on February 02, 2013, 10:17:46 AM
Updated 2.0.3 to 2.0.4 fine with no problems thanks :)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: ShastaEXE on February 02, 2013, 10:49:59 AM
I said it on Twitter and I'll say it on here "Good job and keep on doing what you people do best"
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Lord991 on February 02, 2013, 02:27:32 PM
I need "Step by step (http://custom.simplemachines.org/upgrades/)" for 1.1.17 to 1.1.18 . When should I expect that ? Thanks
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: CoreISP on February 02, 2013, 02:29:30 PM
I need "Step by step (http://custom.simplemachines.org/upgrades/)" for 1.1.17 to 1.1.18 . When should I expect that ? Thanks

Did you even bother to:
1.) Read this topic?
2.) Look at the link you gave?

Don't ask to be spoonfed please.
Instructions have been given both here in the topic and you can find the patch + the included changes on that link.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Arantor on February 02, 2013, 02:39:13 PM
It's at the bottom of the list ;)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Dzonny on February 02, 2013, 03:43:16 PM
I need "Step by step (http://custom.simplemachines.org/upgrades/)" for 1.1.17 to 1.1.18 . When should I expect that ? Thanks
http://custom.simplemachines.org/upgrades/index.php?action=upgrade;file=smf_patch_1.1.18.tar.gz;smf_version=1.1.17
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Arantor on February 02, 2013, 04:29:26 PM
It's *already there* ::)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Lord991 on February 02, 2013, 11:53:43 PM
It's at the bottom of the list ;)

That's why I didn't saw it ... thanks and sorry. :-X
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: windu on February 03, 2013, 12:48:27 AM
n1, thanks :)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: rogrog on February 03, 2013, 04:52:41 AM
Thank you.   :)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: InfoStrides on February 03, 2013, 04:59:42 AM
Thanks.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Mr. Jinx on February 03, 2013, 05:07:37 AM
Thank you for everyone who worked on this security update.
Installed without problems.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: JadeCat95 on February 03, 2013, 11:39:11 AM
All I get is an error when clicking the "update your forum " link.  ;)
x2
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: NanoSector on February 03, 2013, 11:44:51 AM
What error do you get?
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Srinib on February 03, 2013, 02:45:10 PM
Let me ask you three questions before i upgrade my forum from 2.0.3 to 2.0.4. Since this is my first upgrade, excuse me if i had come up with any basic queries.


I will take a backup before i go ahead with the upgrade.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: CoreISP on February 03, 2013, 02:54:31 PM
No need to uninstall mods, you can install it just like that and should work fine.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: sharks on February 03, 2013, 03:37:47 PM
Thanks for 1.1.18 although the Bug Tracker on this site still lists the legendary 13 bugs which are still being completely ignored, since several years. It's so sad. :(
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Arantor on February 03, 2013, 03:40:01 PM
Which legendary bugs are these exactly?

The policy has been security or truly ground-shattering bugs only. The bugs you must be referring to aren't earth shattering, or impossible to fix without rewriting hundreds or thousands of lines of code (which won't generate *more* bugs, of course ::))
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: humbleworld on February 03, 2013, 11:03:11 PM
It's still not showing up in my forum admin center:

Version Information:
Forum version: SMF 2.0.3
Current SMF version: SMF 2.0.3
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: CoreISP on February 03, 2013, 11:36:59 PM
It's still not showing up in my forum admin center:

Version Information:
Forum version: SMF 2.0.3
Current SMF version: SMF 2.0.3

So run the scheduled task as suggested ;)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Argonaut on February 04, 2013, 07:39:00 AM
Thanks for the update.
But if I want to split older topics in my forum, the following error occurs:

Quote
Duplicate entry '0-7' for key 'lastMessage'
File: /home1/freigeis/public_html/forum/Sources/SplitTopics.php
Line: 676

Note: It appears that your database may require an upgrade. Your forum's files are currently at version SMF 2.0.4, while your database is at version 2.0.3. The above error might possibly go away if you execute the latest version of upgrade.php.

In the past 7 years I've updated my forum and the database each time from several versions to the newer ones and a few weeks ago finally from 1.1.17 to 2.0.3. The last update took more than 10 hours because the database size is about 1 GB. So it seems to me that now I must switch the forum into maintenance mode again, the users must wait again and I must pray again that no error occurs while the next 10 or more hours of running the latest "upgrade.php" again.
That really annoys me a lot.

Well, this is not a support question, it's only a statement.

(And maybe you'll find a way to avoid these long and wearying upgrade-sessions.)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Kindred on February 04, 2013, 07:51:28 AM
this topic is not for support.  Please raise your issues in a topic in the support board.
(I will note, however, that you are doing the upgrade incorrectly - if you are going from 2.0.3 to 2.0.4, there is no need to run upgrade.php. 2.0.3->2.0.4 is a simple patch applied through the package manager. Additionally, the time required for a major version upgrade (1.1.x to 2.0.x) is very different and requires modifications to the database, while a point upgrade like x.x.y to x.x.z usually does not)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: impreza on February 04, 2013, 09:29:45 AM
nice work thanks
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: jafonseca on February 04, 2013, 11:28:27 AM
Is possible to update from 2.0.1 to 2.0.4?
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: CoreISP on February 04, 2013, 11:54:28 AM
Is possible to update from 2.0.1 to 2.0.4?

Yes, with the large upgrade package that you can find on our download page.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: beast44 on February 04, 2013, 12:15:38 PM


  I've updated to from 2.0.3 to 2.0.4 Do I now have to uninstall 2.0.3?

 ;D
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Kindred on February 04, 2013, 12:20:32 PM
jafonseca, you can do it in one swoop with the large upgrade... but that will require a rienstallation of mods, etc. Or you can do it provgressively 2.0.1 -> 2.0.2 -> 2.0.3 -> 2.0.4 using the patch packages in the package manager.

beast44, no.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Argonaut on February 04, 2013, 12:22:43 PM
this topic is not for support.  Please raise your issues in a topic in the support board.
...

Yes, I know.
...
Well, this is not a support question, it's only a statement.
...

I've started a new thread

www.simplemachines.org/community/index.php?topic=496641.0
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: beast44 on February 04, 2013, 12:33:14 PM


  I thank you very much. As always, all of you do a very good job

 ;D
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Mstcool on February 04, 2013, 11:29:36 PM
That was pretty fast. I never even noticed. I saw the "alert box" mod and it says compatible with 2.0.4. And I'm just like what the heck? And then a couple of other mods had the same thing. LAWL!!! LOL!!! XD!!!
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Colin on February 05, 2013, 03:00:43 AM
That was pretty fast. I never even noticed. I saw the "alert box" mod and it says compatible with 2.0.4. And I'm just like what the heck? And then a couple of other mods had the same thing. LAWL!!! LOL!!! XD!!!
Indeed it was. Did the upgrade go alright for you?
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Gerkin on February 05, 2013, 06:41:42 AM
Strangest thing ever ... on a 1.1.17 server I clicked through the update link in admin, the patch said it tested fine, clicked to apply ... and although it said it applied fine it didn't.  The only reason I noticed was that the version number in the footer did not update so I investigated further.  When I manually looked at the files to verify if it applied or not it indeed did NOT apply, the changes were not made to any of the files listed in the .mod or the .xml file.  The system did say that the mod was already applied (and it wasn't possible to back it out because it had no uninstaller) when I checked to see if it showed up as installed.

I applied all the edits by hand and it seems to be working fine, but this is a bit concerning.  Is it possible that a previous update somehow broke the ability to properly run these patches in an automated way?  If I can provide more information to test this hypothesis please let me know and I'll do what I can.  This is the first time in a looooooong time that I've had to apply a patch by hand for SMF!
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: alchemyst on February 05, 2013, 09:33:04 AM
The package manager has never worked for me.  I always get an incorrect URL/file not found error on the link in the admin area, trying to download the file from the package manager gives me an error saying their was an error and the file was empty.

Why doesn't this work; it works in many other programs without a hitch.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Kindred on February 05, 2013, 10:07:25 AM
alchemyst, this topic is not for support.

Since it has bene installed (both through the package manager or admin link) and through the "downloaded patch" package on several thousand sites, it would seem that there is some odd configuration with your server.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: amko_sa on February 05, 2013, 10:55:15 AM
Nice job. Thank you  :)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Mstcool on February 05, 2013, 03:11:54 PM
Aha! Colin yes it did. :) thank you for asking. :)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: tbplayer on February 09, 2013, 02:22:28 AM
Updated from 2.0.3 to 2.0.4 - no issues, all mods working.

Thanks for all of your great work!   :)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Colin on February 11, 2013, 04:49:10 PM
Aha! Colin yes it did. :) thank you for asking. :)

Good stuff.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Rambaldi on February 13, 2013, 06:30:04 AM
i have this error:
Error retrieving information on step: Converting "log_online" (Item 4)
i update from version 2.0.2 to 2.0.4
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: emanuele on February 13, 2013, 07:42:02 AM
How did you do the update? It seems you are using the upgrade, you may have applied the packages (patches or whatever) from the package manager instead: fir the 2.0.3 and then the 2.0.4.

ETA: also, it would be better if you open a topic in the support board and not use this topic for support. ;)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: HsvHome on February 13, 2013, 10:06:07 PM
Dear users,

Simple Machines has released a critical security patch with version numbers: SMF 1.1.18 and SMF 2.0.4.
A few critical security issues have been identified in the two maintained versions and are fixed with this update, therefore it is recommended to make sure you update your forums immediately to ensure your community is safe. For SMF 2.0.x this update includes a few other minor bugs that have been fixed.

If you are running 2.0.3, you can update your forum to 2.0.4 using the package manager. You should see the upgrade notification in the Admin panel and in the package manager, allowing you to download and install seamlessly. If you don't have a notification about the update, please run the scheduled task "Fetch Simple Machines files".
You can also download the update for 2.0.3 from the customize site (http://custom.simplemachines.org/upgrades/) (Upgrades site page): smf_patch_2.0.4.tar.gz, and install it using the package manager.

If you are running 1.1.17, you can update to 1.1.18 from the package manager, following the instructions in the notification in the Admin panel, or downloading the patch from the customize site (http://custom.simplemachines.org/upgrades/) (Upgrades site page): smf_patch_1.1.18.tar.gz, and installing it using the package manager.

If you use older versions of SMF, you can upgrade with the full upgrade packages from the downloads page (http://download.simplemachines.org/).
Please find the changelog for the latest release, as usual, on the downloads page as well:
http://download.simplemachines.org/

Please find more informations on the Online Manual:
* upgrading http://wiki.simplemachines.org/smf/Upgrading
* patching http://wiki.simplemachines.org/smf/Patching

Please do not use this topic for support requests. You will get a much quicker and better response by posting in the relevant support board!

Regards,
Simple Machines Forum

Edit: the language packs are currently broken, in few hours they will be regenerated, we are sorry for the inconvenience.


How do I know what version I have?  My SMF stopped working a couple of days ago.  I haven't touched a thing and I keep getting:Connection Problems

Sorry, SMF was unable to connect to the database. This may be caused by the server being busy. Please try again later.

What do I do at this point?  I haven't had to mess with this software in so long.  Everything has been running smooth.




link removed - Kindred
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: mashby on February 13, 2013, 10:15:08 PM
Hmm...not sure of course either. I would contact your host and ask about the status of your database server.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: HsvHome on February 13, 2013, 10:27:32 PM
Do you mean my web hosting service?



link removed - Kindred
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Arantor on February 13, 2013, 10:29:43 PM
You need to contact the people you pay each month to store the files of your website.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: rentner on February 14, 2013, 03:11:55 AM
Update 2.0.3 to 2.0.4 quick and easy as last time.

Must say - same procedure as usual.  8)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Colin on February 18, 2013, 01:56:08 AM
Update 2.0.3 to 2.0.4 quick and easy as last time.

Must say - same procedure as usual.  8)
We like to keep it routine :). I am glad you didn't have any issues.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Sam_hero on February 19, 2013, 05:44:33 PM
Nice, Thank you, I'm using this version.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Robert. on February 21, 2013, 06:34:26 AM
Thanks for the patches. :)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Paul Burdett on March 17, 2013, 01:18:50 AM
Nice work......Thanks
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: mkress on March 23, 2013, 07:32:12 AM
download server is broken => http://mirror.ord.simplemachines.org/index.php/smf_2-0-4_install.tar.gz no response
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Sapozhnik on March 23, 2013, 08:53:53 AM
download server is broken => http://mirror.ord.simplemachines.org/index.php/smf_2-0-4_install.tar.gz no response
I normally downloaded file  ;)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: redone on March 23, 2013, 09:37:58 AM
Well its working now. Did not work earlier - either way no issues at this time.

~redone
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Little Mermaid on April 01, 2013, 07:24:58 PM
I have no idea what I'm doing. I'm trying to revive on older forum that is still:

Version Information:
Forum version: SMF 1.1.15
Current SMF version: SMF 1.1.18

I downloaded the update but have no idea where to go from there. Any suggestions? Totally appreciate any help. :)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Antes on April 01, 2013, 07:35:23 PM
You can follow the instructions given in your admin panel

or

If you have older version (I mean older than 1.1.17) you have to download other patches as well

1.1.15 to 1.1.16
1.1.16 to 1.1.17
then 1.1.17 to 1.1.18

You can get all patches from here : http://custom.simplemachines.org/upgrades/

To install simply go your package manager and install those patches like modification.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Little Mermaid on April 01, 2013, 07:41:54 PM
Okay, even that is beyond me. I'm so afraid I'll wipe out the whole program. How do you update? Is there anyone that can be paid to do this for me? Is there some type of service here?
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Little Mermaid on April 01, 2013, 07:45:59 PM
So, I tried to install the updates and got this message:

Extracting
Extracting Package
The package you are trying to download or install is either corrupt or not compatible with this version of SMF.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Little Mermaid on April 01, 2013, 07:49:38 PM
Okay, so I think I got it some how. Thanks :)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Smule on April 16, 2013, 07:59:42 PM
Where to change the theme of the forum on the version 2.0.4 or it can not be ?
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Kindred on April 16, 2013, 08:06:43 PM
I am sorry, your question makes no sense....

Also, this thread is not for support.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Oldiesmann on April 17, 2013, 03:33:10 PM
Where to change the theme of the forum on the version 2.0.4 or it can not be ?

Admin: Themes And Layout (http://wiki.simplemachines.org/smf/Themes_and_Layout)
User: Look And Layout (http://wiki.simplemachines.org/smf/Profile_Features#Look_and_Layout)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: winniethepooh on April 18, 2013, 04:15:03 AM
just wanted to make a comment on how great 2.0.4 is..
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: -teemu- on April 19, 2013, 06:44:29 AM
Thank you.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: KensonPlays on April 28, 2013, 11:54:32 PM
Nice, thanks for the updates!
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: NekoJonez on May 02, 2013, 06:15:19 AM
Question: is it safe to remove the 2.0.3 patch from the package manager after the 2.0.4 patch is installed?
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: mashby on May 02, 2013, 06:42:40 AM
Question: is it safe to remove the 2.0.3 patch from the package manager after the 2.0.4 patch is installed?
Yes. :)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Arantor on May 02, 2013, 06:55:38 AM
NO IT IS NOT.

You can *delete* the patch provided you do NOT uninstall it. (Deleting the package will just remove the uninstall instructions. If you uninstall it, the vulnerabilities will be returned, regardless of whether the 2.0.4 patch is installed or not)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: NekoJonez on May 02, 2013, 06:59:46 AM
NO IT IS NOT.

You can *delete* the patch provided you do NOT uninstall it. (Deleting the package will just remove the uninstall instructions. If you uninstall it, the vulnerabilities will be returned, regardless of whether the 2.0.4 patch is installed or not)

I won't uninstall it :P
I'm not one of those idiots x)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: mashby on May 02, 2013, 07:07:41 AM
Remove=delete
:)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Arantor on May 02, 2013, 07:09:00 AM
We should not be blasé about this.

How often do we tell people not to delete things but to uninstall them first? This happens... what... once a week that we have to deal with someone who's deleted a mod without uninstalling.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: mashby on May 02, 2013, 07:11:44 AM
Yes, for that I am sorry. Wasn't clear enough. At least JonezJeA understood remove wasn't uninstall.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: pacefalu on May 25, 2013, 01:39:07 AM
I am new to managing a website forum.  I am using version SMF 2.0.4 and I am trying to down load and install the patches...  I have gone to the down load area but can not find where the security patches are and how to down load and install...  I only see third party updates...  Is there a button I can press that will simply down load and install my security patches...

All so I am getting the "Unable to verify referring url. Please go back and try again." error message and I have search your community and have been told about the url values have to match exactly...  How do I check this information and how do I correct it...  I have been through all of the options in the admin area...  I would like to apologize for the newbie requests, but I am at the end of my rope.

Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Gary on May 25, 2013, 03:18:37 AM
You're running 2.0.4, you do not need to update.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: zlotowinfo on May 26, 2013, 03:41:13 PM
is this really work?

http://allsoftwarefreeworld.blogspot.com/2013/04/smf-204-php-code-injection-vulnerability.html
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Arantor on May 26, 2013, 03:43:07 PM
*yawn* Not this one AGAIN.

Quote
to successfully exploit smf 2.0.4 we need correct admin's cookie

As in, if they already have your admin details, shock horror they can break things. If they don't have your admin details, nothing can be done to cause any damage.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: zlotowinfo on May 26, 2013, 06:23:44 PM
what you mean "have your admin details" & how he can get?
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Arantor on May 26, 2013, 06:28:04 PM
In order for this to be exploited, the hacker must either 1) have managed to grab your session details or 2) have figured out your password.

Having obtained session or password, he can log in as you, and do whatever he was going to do anyway, like install mods, install themes, modify theme code... all things that carry the exact same 'risk' as that vulnerability.

The dev team are aware of this and are well aware of the low risk of it.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Burke ♞ Knight on May 26, 2013, 06:43:13 PM
2) have figured out your password.


That is why you should always use at least 8 characters in your passwords. Also, you should use a mixture of characters, as well as making it a habit to change your password every now and then. That should be more than enough to prevent something like that from happening.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: emanuele on May 27, 2013, 02:24:20 AM
http://www.simplemachines.org/community/index.php?topic=503927.0
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Daniellei on May 29, 2013, 01:49:33 PM
Very nice!!
Thanks
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Colin on June 05, 2013, 03:10:00 PM
Thanks for the nice words. I am glad everything is working for both of you.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: krittin98 on June 07, 2013, 07:32:11 AM
i am using smf 2.0.4
can any1 tll me from where can i download this
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Kindred on June 07, 2013, 07:35:37 AM
if you are using 2.0.4, you do not need to download anything.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: DamselStruction on June 11, 2013, 09:32:57 PM
Hello,

Thank you in advance for any assistance you may be able to provide.

The admin panel identifies my current version as 1.1.17

I have always listened to the reminders about updates in my admin panel, but just recently my board started to function badly and at the same time I recieved a reminder about "Updating my forum". This has never been a problem in the past, but this time, when I click on the link to ["Update your forum" it only takes a few minutes!"] it will not update, but instad always displays this error -

2: unlink(C:\Inetpub\vhosts\damselstruction.ieasysite.com\httpdocs\Belly_Punching_and_Navel_Love/Packages/temp/$auto_0.txt) [<a href='function.unlink'>function.unlink</a>]: Permission denied
File: C:\Inetpub\vhosts\damselstruction.ieasysite.com\httpdocs\Belly_Punching_and_Navel_Love\Sources\Subs-Package.php
Line: 1174

The way the problem originally presented itself was that my "Stop Spammer" stop forum spam feature stopped working, when you check a list of spam accounts to delete, and try to "Reject" them, the same error appears and the operation will not complete.

Thanks,

Jim
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: TheListener on June 11, 2013, 09:39:03 PM
What is the link to your forum?
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: DamselStruction on June 12, 2013, 01:45:51 AM
Hello,

Here's the link to the forum:

http://www.damselstruction.com/Belly_Punching_and_Navel_Love/index.php

Thanks for your help.

Jim
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Benzitczo on June 30, 2013, 05:32:30 PM
Hola,
Mucha Gracias Prueba :)

Saludos.
Hello,
Much Thanks Test.

regards.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: dfrenchy on August 05, 2013, 03:20:38 PM
Did this fix the problem concerning logging in with Windows 8?

I was able to register with this forum, but not any other forum that was created. I know it's not any settings on my computer or browser settings or anything of that sort. A lot of Windows 8 users have problems with SMF forums.

Just wondering if it was fixed with this update.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Kindred on August 05, 2013, 03:24:43 PM
no...   as far as I am aware, there have been no specific bugs reported regarding logins with Windows 8... 
so no, this would not address any issues that you have... 2.0.4 is a security release.

Additionally, if you can log in here with Windows 8, you should be able to log into any SMF forum, unless they have some odd configuration, since this site uses a mostly basic installation of SMF. (and the few mods applied here are not related to login)
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: Antes on August 05, 2013, 04:09:59 PM
Did this fix the problem concerning logging in with Windows 8?

I was able to register with this forum, but not any other forum that was created. I know it's not any settings on my computer or browser settings or anything of that sort. A lot of Windows 8 users have problems with SMF forums.

Just wondering if it was fixed with this update.

I tested with Windows8 and Windows8.1 no problem.
Title: Re: SMF 2.0.4 and 1.1.18 critical security patches released
Post by: emmyagi on August 08, 2013, 08:48:41 PM
thanks