Bored? Looking to kill some time? Want to chat with other SMF users? Join us in IRC chat or Discord
Started by Peter Duggan, December 21, 2004, 07:57:30 PM
Quote from: rvforumite on March 02, 2005, 05:09:04 PMWhat should the permissions be set to for the two patch files? In the patch they're set to 644, but the existing two files on my server are set to 777.
Quote from: Peter Duggan on December 21, 2004, 07:57:30 PMA number of vulnerabilities have been reported in PHP (the language in which SMF is written) which may allow attackers to compromise your site and/or server. While this is not SMF's fault, and indeed affects a huge number of respected PHP programs, patching it by upgrading PHP (the preferred method) or applying our own SMF patch is regarded as a critical update.To patch these vulnerabilities in PHP completely, you should upgrade (or ask your host to upgrade) PHP to version 4.3.10 or 5.0.3. However, be aware of a problem some people have encountered after upgrading PHP.If this is not possible for some reason (or cannot be done immediately), you should download and apply the security patch available in the package manager, or extract and upload the attached zip file (for RC2 - a separate file is available for Charter Members.) The files on the downloads page have already been updated so, if you downloaded them after this post was made, you're fine already. This patch is not required if your PHP version has been upgraded, although it will not cause any problems if installed.We're still looking into the repercussions of some of the security holes found, but are committed to dealing with problems of this nature promptly, whatever the cause.Regards,Simple Machines
Quote from: AwwLilMaggie on January 12, 2007, 10:50:15 AMThis topic hasnt been posted in for nearly two years...This patch was for 1.0 RC2. It is included by default..-AwwLilMaggie