News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

SMF 1.0.9 and patch for 1.1 RC3 released

Started by Compuart, October 29, 2006, 05:57:14 AM

Previous topic - Next topic

Compuart

Simple Machines is happy to release a new update to Simple Machines Forum 1.0 and 1.1. This release addresses a cross-site scripting vulnerability in the search function. Also a few smaller issues have been addressed.

Note that the fix for the SMF 1.0.x branch will be released as new version 1.0.9, while the fix for the 1.1 RC3 branch will merely be released as patched version, the version of the forum will remain 1.1 RC3 (therefore, most of the modifications should remain compatible).

If you currently have installed 1.0.8 or 1.1 RC3, you can do either of the following to upgrade:
* Use the package manager in your administration center - one click, and you're done.
* Download the update archive file from the download page, and upload all of the files from it.
* Download the modification file, attached to this message, and modify the files manually according to it.
Hendrik Jan Visser
Former Lead Developer & Co-founder www.simplemachines.org
Personal Signature:
Realitynet.nl -> ExpeditieRobinson.net / PekingExpress.org / WieIsDeMol.Com

anonim

and for the others who are still using 1.1 RC2?

Compuart

Since most modifications have been made compatible for 1.1 RC3 by now, those still running 1.1 RC2 are advised to upgrade to 1.1 RC3 or to apply the changes manually.
Hendrik Jan Visser
Former Lead Developer & Co-founder www.simplemachines.org
Personal Signature:
Realitynet.nl -> ExpeditieRobinson.net / PekingExpress.org / WieIsDeMol.Com

Harzem

Thanks for the update.

When I tried to post this into the board I moderate, I got a fatal error on Post.php file. In case you might want to know.

FunPika4

Nice guys! I am going to update my RC3 now. Well I don't think you will be able to make any other patches for 1.0. :P There is no room in those decimals. :P  Also, shouldn't put the 1.0.8 into the archive now.

Harzem

Quote from: funpika on October 29, 2006, 10:10:13 AM
Nice guys! I am going to update my RC3 now. Well I don't think you will be able to make any other patches for 1.0. :P There is no room in those decimals. :P

1.0.10 ;)

FunPika4

Quote from: HarzeM on October 29, 2006, 10:10:55 AM
Quote from: funpika on October 29, 2006, 10:10:13 AM
Nice guys! I am going to update my RC3 now. Well I don't think you will be able to make any other patches for 1.0. :P There is no room in those decimals. :P

1.0.10 ;)
Lol. I have never seen version decimals used in such a way. Hopefully we won't need 1.0.10 though.

SeiTaN

Recent.php, it is marked as 1.1RC3, not as 1.1RC3-1. I edited it and forum mantenience marked it perfect.

Thanks a lot for all.
No contesto dudas de soporte por MP, a menos que lo haya pedido yo antes.
"Más vale parecer un idiota con la boca cerrada, que abrir la boca y disipar toda duda."

klumy


G6™

Upgrade from the package manager link in SMF 1.1rc3 went with out any complications and works great.
Thank you Staff for your work done :)

Compuart

Quote from: SeiTaN on October 29, 2006, 10:22:31 AM
Recent.php, it is marked as 1.1RC3, not as 1.1RC3-1. I edited it and forum mantenience marked it perfect.
Indeed, the version of Recent.php should be changed by the patch. I've re-attached the patch to the first message and updated the patch in the package manager. Thanks for noticing!
Hendrik Jan Visser
Former Lead Developer & Co-founder www.simplemachines.org
Personal Signature:
Realitynet.nl -> ExpeditieRobinson.net / PekingExpress.org / WieIsDeMol.Com

Gary

Quote from: funpika on October 29, 2006, 10:11:57 AM
Lol. I have never seen version decimals used in such a way. Hopefully we won't need 1.0.10 though.

phpBB do it all the time. Which explains their 2.0.21 or whatever it is. :P

-AwwLilMaggie
Gary M. Gadsdon
Do NOT PM me unless I say so
War of the Simpsons
Bongo Comics Fan Forum
Youtube Let's Plays

^ YT is changing monetisation policy, help reach 1000 sub threshold.

rockinaway

Have I helped you? Then please join AdminFuel - The forum for forum administrators.

If you need help managing your forum, or maybe launching it, then visit us and view the quality articles, downloads and posts.

anonim

Quote from: Compuart on October 29, 2006, 09:29:56 AM
Since most modifications have been made compatible for 1.1 RC3 by now, those still running 1.1 RC2 are advised to upgrade to 1.1 RC3 or to apply the changes manually.

there are still modifications not updated. and for a site heavy modded is not so easy
btw, I modified this patch to work to RC2-2 and it works just fine. tks anyway.

CountryLady


Stuart

Thanks for this update. Now running SMF 1.0.9.  :D

anonim

a little error found when I tried to post a new topics on chit-chat board

action was: http://www.simplemachines.org/community/index.php?action=post2;start=0;board=5

result was:

Fatal error: Argument 1 passed to notifyMembersBoard() must be an object of class �)&/8n)��5H�3��2�շ�շ�շ�շ�շ�շ �շ �շ(�շ(�շ0�շ0�շ8�շ8�շ@�շ@�շH�շH�շP�շP�շX�շX�շȱ)ȱ)h�շh�շp�շp�շx�շx�շ��շ��շ��շ��շ��շ��շ��շ��շ��շ��շ��շ��շ��շ��շ��շ��շ��շ��շ��շ��շ��շ��շ��շ��շ��շ��շ��շ��շ��շ��շ��շ��շ, called in /home/simple/security/Sources/Post.php on line 1782 and defined in /home/simple/security/Sources/Post.php on line 1996

but, the topics is right there, so maybe you want to check to this

SleePy

Oohh.. Finally..

I have known about the search exploit for almost a week.. good thing its finally fixed.. ;D

What is with all the bugs? 1.1 RC2 had to have 2 patches and RC3 has had 1 so far..  :-[ makes me feel like phpbb... >:(
Jeremy D ~ Site Team / SMF Developer ~ GitHub Profile ~ Join us on IRC @ Libera.chat/#smf ~ Support the SMF Support team!

Harzem

Quote from: SleePy on October 29, 2006, 11:37:26 AM
What is with all the bugs? 1.1 RC2 had to have 2 patches and RC3 has had 1 so far..  :-[ makes me feel like phpbb... >:(

This is why they are called "release candidates". They still have minor bugs.

FunPika4

Quote from: HarzeM on October 29, 2006, 11:40:21 AM
Quote from: SleePy on October 29, 2006, 11:37:26 AM
What is with all the bugs? 1.1 RC2 had to have 2 patches and RC3 has had 1 so far..  :-[ makes me feel like phpbb... >:(

This is why they are called "release candidates". They still have minor bugs.
Yep, BUT all 3 RC2/RC3 patches I have noticed are the same fixes from the 1.0.x series.

Advertisement: