Dear users,
Simple Machines has released a critical security patch with version numbers: SMF 1.1.18 and SMF 2.0.4.
A few critical security issues have been identified in the two maintained versions and are fixed with this update, therefore it is recommended to make sure you update your forums immediately to ensure your community is safe. For SMF 2.0.x this update includes a few other minor bugs that have been fixed.
If you are running 2.0.3, you can update your forum to 2.0.4 using the package manager. You should see the upgrade notification in the Admin panel and in the package manager, allowing you to download and install seamlessly. If you don't have a notification about the update, please run the scheduled task "Fetch Simple Machines files".
You can also download the update for 2.0.3 from the customize site (http://custom.simplemachines.org/upgrades/) (Upgrades site page): smf_patch_2.0.4.tar.gz, and install it using the package manager.
If you are running 1.1.17, you can update to 1.1.18 from the package manager, following the instructions in the notification in the Admin panel, or downloading the patch from the customize site (http://custom.simplemachines.org/upgrades/) (Upgrades site page): smf_patch_1.1.18.tar.gz, and installing it using the package manager.
If you use older versions of SMF, you can upgrade with the full upgrade packages from the downloads page (http://download.simplemachines.org/).
Please find the changelog for the latest release, as usual, on the downloads page as well:
http://download.simplemachines.org/
Please find more informations on the Online Manual:
* upgrading http://wiki.simplemachines.org/smf/Upgrading
* patching http://wiki.simplemachines.org/smf/Patching
Please do not use this topic for support requests. You will get a much quicker and better response by posting in the relevant support board!
Regards,
Simple Machines Forum
Edit: the language packs are currently broken, in few hours they will be regenerated, we are sorry for the inconvenience.
Nice work :)
Patched. Thanks!
Thanks! :)
Good finds.
Thanks.
nice work :)
So when you upgrade to 2.0.4 do mods that are only 2.0.3 compatible quit working on 2.0.4?
Most if not all mods for 2.0.3 should still work in 2.0.4.
/me copies that text as the same question will arise another 100 times
All I get is an error when clicking the "update your forum " link. ;)
Quote from: Yoshi2889 on February 01, 2013, 05:52:58 PM
Most if not all mods for 2.0.3 should still work in 2.0.4.
/me copies that text as the same question will arise another 100 times
I guess "Custom Copyright" is at least one of the exceptions. ;)
I will look for help in the support thread for that mod.
Thanks :)
I'm running 3 SMF boards, the first 2 went without any problems, but the third says :
1. Execute Modification smf_2-0-4_patch.xml Modification parse error
2. Execute Modification smf_2-0-4_patch.xml Modification parse error
Any suggestions?
Download the package again?
Nice work, many thanks. I just updated four forums without any problems !
Quote from: HunterP on February 01, 2013, 06:21:08 PM
I'm running 3 SMF boards, the first 2 went without any problems, but the third says :
1. Execute Modification smf_2-0-4_patch.xml Modification parse error
2. Execute Modification smf_2-0-4_patch.xml Modification parse error
Any suggestions?
This is not a support board... (like the announcement says)
Thanks!
Thanks. :)
Thanks! :)
Rock on!:D
Patched, thanks! http://custom.simplemachines.org/upgrades/ I want to see what is patched, but here is no SMF 1.1.17 to SMF 1.1.18 patch for download.
Quote from: NO CARRIER on February 01, 2013, 06:57:36 PM
Patched, thanks! http://custom.simplemachines.org/upgrades/ I want to see what is patched, but here is no SMF 1.1.17 to SMF 1.1.18 patch for download.
Yes there is, last in the list:
http://custom.simplemachines.org/upgrades/index.php?action=upgrade;file=smf_patch_1.1.18.tar.gz;smf_version=1.1.17
thanks,
Quote from: Dzonny on February 01, 2013, 06:59:06 PM
Quote from: NO CARRIER on February 01, 2013, 06:57:36 PM
Patched, thanks! http://custom.simplemachines.org/upgrades/ I want to see what is patched, but here is no SMF 1.1.17 to SMF 1.1.18 patch for download.
Yes there is, last in the list:
http://custom.simplemachines.org/upgrades/index.php?action=upgrade;file=smf_patch_1.1.18.tar.gz;smf_version=1.1.17
Yes, they are there. Thanks! :-[
Thanks devs.
Thanks! :)
Easy as peasy! :) Thanks devs!
well done ladies ... i mean guys ... honestly :D
Quote from: emanuele on February 01, 2013, 05:26:51 PM
Edit: the language packs are currently broken, in few hours they will be regenerated, we are sorry for the inconvenience.
Hope the auto-update comes back online soon as the forum I help maintain keeps downloading the 2.0.3 update instead of the 2.0.4 one. lol.
Awesome y'all! ;)
Thank you.
Mick.
Quote from: rickmastfan67 on February 01, 2013, 10:13:18 PM
Hope the auto-update comes back online soon as the forum I help maintain keeps downloading the 2.0.3 update instead of the 2.0.4 one. lol.
That's actually not related to the language packs but a typo on our servers. Fixed that.
Please run the "Fetch Simple Machines files" scheduled task again and then try to do it again. :)
Updated like a charm.
Quote from: NO CARRIER on February 01, 2013, 06:57:36 PM
Patched, thanks! http://custom.simplemachines.org/upgrades/ I want to see what is patched, but here is no SMF 1.1.17 to SMF 1.1.18 patch for download.
It's at the bottom of the "SMF 1.1" list. Not sure why neither is in ascending order? ;)
It usually appears at the bottom of the list until it gets manually moved. Pushing out an update is a big, big deal here.
It's the Doppler effect. You see it in your own site's admin panel before you see it at the top of the list here. But the whole time, it exists. :)
Sort of, yes.
To explain... what happens is that the patch is released, and around that time, the latest-version.js file is updated here. Over the next day or so, everyone phones home, grabs the update etc.
But the upgrades page is less automated and requires a little hand-tuned maintenance, which not everyone can do. It's a massive undertaking to push out an update.
Quote from: CoreISP on February 01, 2013, 11:15:41 PM
Quote from: rickmastfan67 on February 01, 2013, 10:13:18 PM
Hope the auto-update comes back online soon as the forum I help maintain keeps downloading the 2.0.3 update instead of the 2.0.4 one. lol.
That's actually not related to the language packs but a typo on our servers. Fixed that.
Please run the "Fetch Simple Machines files" scheduled task again and then try to do it again. :)
Thanks for fixing that. It's working correctly now. :) And I've got our forum patched. :)
Good to hear that :)
Quote from: Arantor on February 01, 2013, 11:48:03 PM
Sort of, yes.
To explain... what happens is that the patch is released, and around that time, the latest-version.js file is updated here. Over the next day or so, everyone phones home, grabs the update etc.
But the upgrades page is less automated and requires a little hand-tuned maintenance, which not everyone can do. It's a massive undertaking to push out an update.
Bob Martin would be in favor of automating those tasks.
Thanks for the update, guys! :D
Quote from: CoreISPThat's actually not related to the language packs but a typo on our servers. Fixed that.
Please run the "Fetch Simple Machines files" scheduled task again and then try to do it again
Are you´re sure it is fixed for all the servers ??,still getting this,even after running Fetch Simple Machines Files again
Het is momenteel niet mogelijk een verbinding te maken met de meest recente nieuwsfile op simplemachines.orgEdit; Patch manually installed, however the automatic entry in the Administration screen stays empty, no connection to Simple
Machines.org possible
Thanks. ;D
Thanks guys! I ran the "Fetch Files" but my admin panel kept offering me the 2.0.3 update then complaining that it was already installed! I successfully downloaded and installed it from the upgrades part of the modsite though, quickly, smoothly and cleanly. Thank you :)
i have updated from 2.0.3 to 2.0.4 but i want to know how to update security patch? or it is installed with 2.0.4?
Quote from: engrz on February 02, 2013, 04:55:37 AM
i have updated from 2.0.3 to 2.0.4 but i want to know how to update security patch? or it is installed with 2.0.4?
The update to 2.0.4
is the security patch ;)
Done! No problem whatsoever. Thank you SMF!
Quote from: ChalkCat on February 02, 2013, 04:26:48 AM
I ran the "Fetch Files" but my admin panel kept offering me the 2.0.3 update then complaining that it was already installed!
Did you use by chance the emulate version for installing something else in the meantime?
Quote from: emanuele on February 02, 2013, 06:21:03 AM
Quote from: ChalkCat on February 02, 2013, 04:26:48 AM
I ran the "Fetch Files" but my admin panel kept offering me the 2.0.3 update then complaining that it was already installed!
Did you use by chance the emulate version for installing something else in the meantime?
Don't think so... I've only installed PNG Message Icons (http://custom.simplemachines.org/mods/index.php?mod=2786) and Remove Hot Topic Icons (http://custom.simplemachines.org/mods/index.php?mod=2710) and I don't remember emulating, though it's true I usually forget to revert back after I do emulate O:)
Amazing how quickly an announcement becomes a support topic ::)
Quote from: emanuele
Please do not use this topic for support requests. You will get a much quicker and better response by posting in the relevant support board!
Its not becoming a support topic, its a investigatement for a possible bug. :)
I'm running SMF 2.0.3, how can i update my forum to 2.0.4, without errors and without removing any of topics/posts/threads.
Please Explain how, because im not english, like Example, first of all:
AdminCP >> Package Manager >> ...
Quote from: Antes on February 02, 2013, 07:07:54 AM
Its not become a support topic, its a investigatement for a possible bug. :)
R U Sure?
Quote from: Zelix on February 02, 2013, 07:33:29 AM
I'm running SMF 2.0.3, how can i update my forum to 2.0.4, without errors and without removing any of topics/posts/threads.
Please Explain how, because im not english, like Example, first of all:
Thanks auto update from 1.1.17 to 1.1.18 today !
Quote from: Zelix on February 02, 2013, 07:33:29 AM
I'm running SMF 2.0.3, how can i update my forum to 2.0.4, without errors and without removing any of topics/posts/threads.
Please Explain how, because im not english, like Example, first of all:
AdminCP >> Package Manager >> ...
Download patch - http://custom.simplemachines.org/mods/downloads/smf_patch_2.0.4.tar.gz (http://custom.simplemachines.org/mods/downloads/smf_patch_2.0.4.tar.gz)
Install via Admin > main > Package manager > Download New Packages > Upload a Package > Package to upload: > (Browse to your download ) >
Upload :)
Quote from: ModelBoatMayhem on February 02, 2013, 07:53:29 AM
Quote from: Zelix on February 02, 2013, 07:33:29 AM
I'm running SMF 2.0.3, how can i update my forum to 2.0.4, without errors and without removing any of topics/posts/threads.
Please Explain how, because im not english, like Example, first of all:
AdminCP >> Package Manager >> ...
Download patch - http://custom.simplemachines.org/mods/downloads/smf_patch_2.0.4.tar.gz (http://custom.simplemachines.org/mods/downloads/smf_patch_2.0.4.tar.gz)
Install via Admin > main > Package manager > Download New Packages > Upload a Package > Package to upload: > (Browse to your download ) > Upload :)
Thanks very much!
Thanks :)
I am trying to register to MadModder and it rejects me say I am a spammer....WTF....that's weird first time for me can you see what is going on
1- this topic is an announcement of a security patch, not support topic
2- smf has nothing at all to do with any other site's configuration or registration
Quote from: French on February 02, 2013, 01:53:01 AM
Quote from: CoreISPThat's actually not related to the language packs but a typo on our servers. Fixed that.
Please run the "Fetch Simple Machines files" scheduled task again and then try to do it again
Are you´re sure it is fixed for all the servers ??,still getting this,even after running Fetch Simple Machines Files again
Het is momenteel niet mogelijk een verbinding te maken met de meest recente nieuwsfile op simplemachines.org
Edit; Patch manually installed, however the automatic entry in the Administration screen stays empty, no connection to Simple Machines.org possible
Yes, that would appear to be a problem at your host/server I'm afraid, not ours.
Updated 2.0.3 to 2.0.4 fine with no problems thanks :)
I said it on Twitter and I'll say it on here "Good job and keep on doing what you people do best"
I need "Step by step (http://custom.simplemachines.org/upgrades/)" for 1.1.17 to 1.1.18 . When should I expect that ? Thanks
Quote from: Lord991 on February 02, 2013, 02:27:32 PM
I need "Step by step (http://custom.simplemachines.org/upgrades/)" for 1.1.17 to 1.1.18 . When should I expect that ? Thanks
Did you even bother to:
1.) Read this topic?
2.) Look at the link you gave?
Don't ask to be spoonfed please.
Instructions have been given both here in the topic and you can find the patch + the included changes on that link.
It's at the bottom of the list ;)
Quote from: Lord991 on February 02, 2013, 02:27:32 PM
I need "Step by step (http://custom.simplemachines.org/upgrades/)" for 1.1.17 to 1.1.18 . When should I expect that ? Thanks
http://custom.simplemachines.org/upgrades/index.php?action=upgrade;file=smf_patch_1.1.18.tar.gz;smf_version=1.1.17
It's *already there* ::)
Quote from: Arantor on February 02, 2013, 02:39:13 PM
It's at the bottom of the list ;)
That's why I didn't saw it ... thanks and sorry. :-X
n1, thanks :)
Thank you. :)
Thanks.
Thank you for everyone who worked on this security update.
Installed without problems.
Quote from: ARG on February 01, 2013, 05:54:18 PM
All I get is an error when clicking the "update your forum " link. ;)
x2
What error do you get?
Let me ask you three questions before i upgrade my forum from 2.0.3 to 2.0.4. Since this is my
first upgrade, excuse me if i had come up with any basic queries.
- After downloading the patch http://custom.simplemachines.org/mods/downloads/smf_patch_2.0.4.tar.gz, i should upload this file through Package Manager and install it(the way i do for any other MOD). Then my forum will be running on 2.0.4? Right?
- Right now, I have 7 MODs installed including Simple Portal. Do i need to uninstall these MODs before the upgrade or will they work fine in this version also?
- From 2.0.3 to 2.0.4, are they only the internal security patches, or are there any noted changes in features?
I will take a backup before i go ahead with the upgrade.
No need to uninstall mods, you can install it just like that and should work fine.
Thanks for 1.1.18 although the Bug Tracker on this site still lists the legendary 13 bugs which are still being completely ignored, since several years. It's so sad. :(
Which legendary bugs are these exactly?
The policy has been security or truly ground-shattering bugs only. The bugs you must be referring to aren't earth shattering, or impossible to fix without rewriting hundreds or thousands of lines of code (which won't generate *more* bugs, of course ::))
It's still not showing up in my forum admin center:
Version Information:
Forum version: SMF 2.0.3
Current SMF version: SMF 2.0.3
Quote from: humbleworld on February 03, 2013, 11:03:11 PM
It's still not showing up in my forum admin center:
Version Information:
Forum version: SMF 2.0.3
Current SMF version: SMF 2.0.3
So run the scheduled task as suggested ;)
Thanks for the update.
But if I want to split older topics in my forum, the following error occurs:
QuoteDuplicate entry '0-7' for key 'lastMessage'
File: /home1/freigeis/public_html/forum/Sources/SplitTopics.php
Line: 676
Note: It appears that your database may require an upgrade. Your forum's files are currently at version SMF 2.0.4, while your database is at version 2.0.3. The above error might possibly go away if you execute the latest version of upgrade.php.
In the past 7 years I've updated my forum and the database each time from several versions to the newer ones and a few weeks ago finally from 1.1.17 to 2.0.3. The last update took more than 10 hours because the database size is about 1 GB. So it seems to me that now I must switch the forum into maintenance mode again, the users must wait again and I must pray again that no error occurs while the next 10 or more hours of running the latest "upgrade.php" again.
That really annoys me a lot.
Well, this is not a support question, it's only a statement.
(And maybe you'll find a way to avoid these long and wearying upgrade-sessions.)
this topic is not for support. Please raise your issues in a topic in the support board.
(I will note, however, that you are doing the upgrade incorrectly - if you are going from 2.0.3 to 2.0.4, there is no need to run upgrade.php. 2.0.3->2.0.4 is a simple patch applied through the package manager. Additionally, the time required for a major version upgrade (1.1.x to 2.0.x) is very different and requires modifications to the database, while a point upgrade like x.x.y to x.x.z usually does not)
nice work thanks
Is possible to update from 2.0.1 to 2.0.4?
Quote from: jafonseca on February 04, 2013, 11:28:27 AM
Is possible to update from 2.0.1 to 2.0.4?
Yes, with the large upgrade package that you can find on our download page.
I've updated to from 2.0.3 to 2.0.4 Do I now have to uninstall 2.0.3?
;D
jafonseca, you can do it in one swoop with the large upgrade... but that will require a rienstallation of mods, etc. Or you can do it provgressively 2.0.1 -> 2.0.2 -> 2.0.3 -> 2.0.4 using the patch packages in the package manager.
beast44, no.
Quote from: Kindred on February 04, 2013, 07:51:28 AMthis topic is not for support. Please raise your issues in a topic in the support board.
...
Yes, I know.
Quote from: Argonaut on February 04, 2013, 07:39:00 AM
...
Well, this is not a support question, it's only a statement.
...
I've started a new thread
www.simplemachines.org/community/index.php?topic=496641.0
I thank you very much. As always, all of you do a very good job
;D
That was pretty fast. I never even noticed. I saw the "alert box" mod and it says compatible with 2.0.4. And I'm just like what the heck? And then a couple of other mods had the same thing. LAWL!!! LOL!!! XD!!!
Quote from: Mstcool on February 04, 2013, 11:29:36 PM
That was pretty fast. I never even noticed. I saw the "alert box" mod and it says compatible with 2.0.4. And I'm just like what the heck? And then a couple of other mods had the same thing. LAWL!!! LOL!!! XD!!!
Indeed it was. Did the upgrade go alright for you?
Strangest thing ever ... on a 1.1.17 server I clicked through the update link in admin, the patch said it tested fine, clicked to apply ... and although it said it applied fine it didn't. The only reason I noticed was that the version number in the footer did not update so I investigated further. When I manually looked at the files to verify if it applied or not it indeed did NOT apply, the changes were not made to any of the files listed in the .mod or the .xml file. The system did say that the mod was already applied (and it wasn't possible to back it out because it had no uninstaller) when I checked to see if it showed up as installed.
I applied all the edits by hand and it seems to be working fine, but this is a bit concerning. Is it possible that a previous update somehow broke the ability to properly run these patches in an automated way? If I can provide more information to test this hypothesis please let me know and I'll do what I can. This is the first time in a looooooong time that I've had to apply a patch by hand for SMF!
The package manager has never worked for me. I always get an incorrect URL/file not found error on the link in the admin area, trying to download the file from the package manager gives me an error saying their was an error and the file was empty.
Why doesn't this work; it works in many other programs without a hitch.
alchemyst, this topic is not for support.
Since it has bene installed (both through the package manager or admin link) and through the "downloaded patch" package on several thousand sites, it would seem that there is some odd configuration with your server.
Nice job. Thank you :)
Aha! Colin yes it did. :) thank you for asking. :)
Updated from 2.0.3 to 2.0.4 - no issues, all mods working.
Thanks for all of your great work! :)
Quote from: Mstcool on February 05, 2013, 03:11:54 PM
Aha! Colin yes it did. :) thank you for asking. :)
Good stuff.
i have this error:
Error retrieving information on step: Converting "log_online" (Item 4)
i update from version 2.0.2 to 2.0.4
How did you do the update? It seems you are using the upgrade, you may have applied the packages (patches or whatever) from the package manager instead: fir the 2.0.3 and then the 2.0.4.
ETA: also, it would be better if you open a topic in the support board and not use this topic for support. ;)
Quote from: emanuele on February 01, 2013, 05:26:51 PM
Dear users,
Simple Machines has released a critical security patch with version numbers: SMF 1.1.18 and SMF 2.0.4.
A few critical security issues have been identified in the two maintained versions and are fixed with this update, therefore it is recommended to make sure you update your forums immediately to ensure your community is safe. For SMF 2.0.x this update includes a few other minor bugs that have been fixed.
If you are running 2.0.3, you can update your forum to 2.0.4 using the package manager. You should see the upgrade notification in the Admin panel and in the package manager, allowing you to download and install seamlessly. If you don't have a notification about the update, please run the scheduled task "Fetch Simple Machines files".
You can also download the update for 2.0.3 from the customize site (http://custom.simplemachines.org/upgrades/) (Upgrades site page): smf_patch_2.0.4.tar.gz, and install it using the package manager.
If you are running 1.1.17, you can update to 1.1.18 from the package manager, following the instructions in the notification in the Admin panel, or downloading the patch from the customize site (http://custom.simplemachines.org/upgrades/) (Upgrades site page): smf_patch_1.1.18.tar.gz, and installing it using the package manager.
If you use older versions of SMF, you can upgrade with the full upgrade packages from the downloads page (http://download.simplemachines.org/).
Please find the changelog for the latest release, as usual, on the downloads page as well:
http://download.simplemachines.org/
Please find more informations on the Online Manual:
* upgrading http://wiki.simplemachines.org/smf/Upgrading
* patching http://wiki.simplemachines.org/smf/Patching
Please do not use this topic for support requests. You will get a much quicker and better response by posting in the relevant support board!
Regards,
Simple Machines Forum
Edit: the language packs are currently broken, in few hours they will be regenerated, we are sorry for the inconvenience.
How do I know what version I have? My SMF stopped working a couple of days ago. I haven't touched a thing and I keep getting:Connection Problems
Sorry, SMF was unable to connect to the database. This may be caused by the server being busy. Please try again later.
What do I do at this point? I haven't had to mess with this software in so long. Everything has been running smooth.
link removed - Kindred
Hmm...not sure of course either. I would contact your host and ask about the status of your database server.
Do you mean my web hosting service?
link removed - Kindred
You need to contact the people you pay each month to store the files of your website.
Update 2.0.3 to 2.0.4 quick and easy as last time.
Must say - same procedure as usual. 8)
Quote from: rentner on February 14, 2013, 03:11:55 AM
Update 2.0.3 to 2.0.4 quick and easy as last time.
Must say - same procedure as usual. 8)
We like to keep it routine :). I am glad you didn't have any issues.
Nice, Thank you, I'm using this version.
Thanks for the patches. :)
Nice work......Thanks
download server is broken => http://mirror.ord.simplemachines.org/index.php/smf_2-0-4_install.tar.gz no response
Quote from: mkress on March 23, 2013, 07:32:12 AM
download server is broken => http://mirror.ord.simplemachines.org/index.php/smf_2-0-4_install.tar.gz no response
I normally downloaded file ;)
Well its working now. Did not work earlier - either way no issues at this time.
~redone
I have no idea what I'm doing. I'm trying to revive on older forum that is still:
Version Information:
Forum version: SMF 1.1.15
Current SMF version: SMF 1.1.18
I downloaded the update but have no idea where to go from there. Any suggestions? Totally appreciate any help. :)
You can follow the instructions given in your admin panel
or
If you have older version (I mean older than 1.1.17) you have to download other patches as well
1.1.15 to 1.1.16
1.1.16 to 1.1.17
then 1.1.17 to 1.1.18
You can get all patches from here : http://custom.simplemachines.org/upgrades/
To install simply go your package manager and install those patches like modification.
Okay, even that is beyond me. I'm so afraid I'll wipe out the whole program. How do you update? Is there anyone that can be paid to do this for me? Is there some type of service here?
So, I tried to install the updates and got this message:
Extracting
Extracting Package
The package you are trying to download or install is either corrupt or not compatible with this version of SMF.
Okay, so I think I got it some how. Thanks :)
Where to change the theme of the forum on the version 2.0.4 or it can not be ?
I am sorry, your question makes no sense....
Also, this thread is not for support.
Quote from: Smule on April 16, 2013, 07:59:42 PM
Where to change the theme of the forum on the version 2.0.4 or it can not be ?
Admin: Themes And Layout (http://wiki.simplemachines.org/smf/Themes_and_Layout)
User: Look And Layout (http://wiki.simplemachines.org/smf/Profile_Features#Look_and_Layout)
just wanted to make a comment on how great 2.0.4 is..
Thank you.
Nice, thanks for the updates!
Question: is it safe to remove the 2.0.3 patch from the package manager after the 2.0.4 patch is installed?
Quote from: JonezJeA on May 02, 2013, 06:15:19 AM
Question: is it safe to remove the 2.0.3 patch from the package manager after the 2.0.4 patch is installed?
Yes. :)
NO IT IS NOT.
You can *delete* the patch provided you do NOT uninstall it. (Deleting the package will just remove the uninstall instructions. If you uninstall it, the vulnerabilities will be returned, regardless of whether the 2.0.4 patch is installed or not)
Quote from: Arantor on May 02, 2013, 06:55:38 AM
NO IT IS NOT.
You can *delete* the patch provided you do NOT uninstall it. (Deleting the package will just remove the uninstall instructions. If you uninstall it, the vulnerabilities will be returned, regardless of whether the 2.0.4 patch is installed or not)
I won't uninstall it :P
I'm not one of those idiots x)
Remove=delete
:)
We should not be blasé about this.
How often do we tell people not to delete things but to uninstall them first? This happens... what... once a week that we have to deal with someone who's deleted a mod without uninstalling.
Yes, for that I am sorry. Wasn't clear enough. At least JonezJeA understood remove wasn't uninstall.
I am new to managing a website forum. I am using version SMF 2.0.4 and I am trying to down load and install the patches... I have gone to the down load area but can not find where the security patches are and how to down load and install... I only see third party updates... Is there a button I can press that will simply down load and install my security patches...
All so I am getting the "Unable to verify referring url. Please go back and try again." error message and I have search your community and have been told about the url values have to match exactly... How do I check this information and how do I correct it... I have been through all of the options in the admin area... I would like to apologize for the newbie requests, but I am at the end of my rope.
You're running 2.0.4, you do not need to update.
is this really work?
http://allsoftwarefreeworld.blogspot.com/2013/04/smf-204-php-code-injection-vulnerability.html
*yawn* Not this one AGAIN.
Quoteto successfully exploit smf 2.0.4 we need correct admin's cookie
As in, if they already have your admin details, shock horror they can break things. If they don't have your admin details, nothing can be done to cause any damage.
what you mean "have your admin details" & how he can get?
In order for this to be exploited, the hacker must either 1) have managed to grab your session details or 2) have figured out your password.
Having obtained session or password, he can log in as you, and do whatever he was going to do anyway, like install mods, install themes, modify theme code... all things that carry the exact same 'risk' as that vulnerability.
The dev team are aware of this and are well aware of the low risk of it.
Quote from: Arantor on May 26, 2013, 06:28:04 PM
2) have figured out your password.
That is why you should always use at least 8 characters in your passwords. Also, you should use a mixture of characters, as well as making it a habit to change your password every now and then. That should be more than enough to prevent something like that from happening.
http://www.simplemachines.org/community/index.php?topic=503927.0
Very nice!!
Thanks
Thanks for the nice words. I am glad everything is working for both of you.
i am using smf 2.0.4
can any1 tll me from where can i download this
if you are using 2.0.4, you do not need to download anything.
Hello,
Thank you in advance for any assistance you may be able to provide.
The admin panel identifies my current version as 1.1.17
I have always listened to the reminders about updates in my admin panel, but just recently my board started to function badly and at the same time I recieved a reminder about "Updating my forum". This has never been a problem in the past, but this time, when I click on the link to ["Update your forum" it only takes a few minutes!"] it will not update, but instad always displays this error -
2: unlink(C:\Inetpub\vhosts\damselstruction.ieasysite.com\httpdocs\Belly_Punching_and_Navel_Love/Packages/temp/$auto_0.txt) [<a href='function.unlink'>function.unlink</a>]: Permission denied
File: C:\Inetpub\vhosts\damselstruction.ieasysite.com\httpdocs\Belly_Punching_and_Navel_Love\Sources\Subs-Package.php
Line: 1174
The way the problem originally presented itself was that my "Stop Spammer" stop forum spam feature stopped working, when you check a list of spam accounts to delete, and try to "Reject" them, the same error appears and the operation will not complete.
Thanks,
Jim
What is the link to your forum?
Hello,
Here's the link to the forum:
http://www.damselstruction.com/Belly_Punching_and_Navel_Love/index.php
Thanks for your help.
Jim
Hola,
Mucha Gracias Prueba :)
Saludos.
Hello,
Much Thanks Test.
regards.
Did this fix the problem concerning logging in with Windows 8?
I was able to register with this forum, but not any other forum that was created. I know it's not any settings on my computer or browser settings or anything of that sort. A lot of Windows 8 users have problems with SMF forums.
Just wondering if it was fixed with this update.
no... as far as I am aware, there have been no specific bugs reported regarding logins with Windows 8...
so no, this would not address any issues that you have... 2.0.4 is a security release.
Additionally, if you can log in here with Windows 8, you should be able to log into any SMF forum, unless they have some odd configuration, since this site uses a mostly basic installation of SMF. (and the few mods applied here are not related to login)
Quote from: dfrenchy on August 05, 2013, 03:20:38 PM
Did this fix the problem concerning logging in with Windows 8?
I was able to register with this forum, but not any other forum that was created. I know it's not any settings on my computer or browser settings or anything of that sort. A lot of Windows 8 users have problems with SMF forums.
Just wondering if it was fixed with this update.
I tested with Windows8 and Windows8.1 no problem.
thanks