Advertisement:

Author Topic: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released  (Read 2881156 times)

Offline ehr_aaron

  • Semi-Newbie
  • *
  • Posts: 12
  • Gender: Male
    • @EHR_Aaron on Twitter
    • EffortlessHR
Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
« Reply #40 on: December 17, 2012, 03:16:46 PM »
Ahah.. I have some other custom sites that use PayPal and it would explain why there is a flurry of issues with them. I bet it's that HTTP 1.1 thing with those. Thanks for the security + feature update  :)
Aaron @ Effortless HR Blog [nofollow]

Offline Mstcool

  • Sr. Member
  • ****
  • Posts: 911
Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
« Reply #41 on: December 17, 2012, 04:29:42 PM »
I never thought we'd seen another update in 2012. Things just became so incredibly quiet around here for so many months... But this is great and i'm glad to be proven wrong! :D I look forward to a more fruitful 2013 for the SMF community.
Well, I really liked a years without security issues and I hope I'll never have to make another patch available! O:)

There are still 13 bugs which have never been fixed for SMF 1.1.x since several releases! :(
Is there any security issue within those bugs?
Since historically SMF has always fixed only security issues with patches, is not very likely a patch to fix bugs in 1.1.
Anyway, since a patch is a mod, anyone is free to fix those issues and provide the patch somewhere.

I don't know if it's worth updating my forums at this point. Why not fix that small bunch of remaining bugs and release the ultimate Gold/Platinum version of SMF 1.1.x?
Do you mean you are not sure if it is worth updating to 1.1.17?
I now don't know if all the work involved in doing a release is worth if people think bugs are more important than security fixes...

Also, i'm trying to download the changelog:
http://download.simplemachines.org/index.php?thanks;filename=smf_1-1-17_changelog.txt
But i get the error: Sorry but you can not directly download an archived file without first going through the Simple Machines website.
I am using the latest Firefox 17.0.1
Changelog download seems broken...

Wait I'm confused. Is this a new release or what because I just updated my forum to 2.0.3. Successfully I believe.
Isn't the subject line explicative enough?
SMF 2.0.3, 1.1.17 and 1.0.23 security patches released

Thanks and sorry because i was sleepy at that time so i didn't understand it properly. :p thanks anyways! :)

Offline Storman™

  • SMF Friend
  • SMF Hero
  • *
  • Posts: 2,027
Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
« Reply #42 on: December 17, 2012, 04:44:35 PM »
Painless update, all seems good, congrats  :D
Any Backup method is bettter than no Backup method....

Offline Simple Site Designs

  • Jr. Member
  • **
  • Posts: 100
  • Gender: Male
    • Simple Site Designs
Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
« Reply #43 on: December 17, 2012, 08:21:17 PM »
Great work!

Just wanted to say the update applied without any trouble on our crazy custom forum.

Offline InfoStrides

  • Full Member
  • ***
  • Posts: 497
  • www.TheInfoStrides.com
    • InfoStrides on Facebook
    • @TheInfoStrides on Twitter
    • TheInfoStrides.com
Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
« Reply #44 on: December 18, 2012, 03:35:50 AM »
Thanks.

Offline emanuele

  • SMF Super Hero
  • *******
  • Posts: 14,156
  • Gender: Male
  • THERE'S JUST ME
Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
« Reply #45 on: December 18, 2012, 04:42:47 AM »
Update: 18/12/2012: now everything should be fixed!


Take a peek at what I'm doing! ;D



Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

Offline Colin

  • Lead Developer
  • SMF Hero
  • *
  • Posts: 7,791
  • Gender: Male
  • SMF Developer
    • colinschoen on GitHub
Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
« Reply #46 on: December 18, 2012, 04:45:38 AM »
Thanks Emanuele.
"If everybody is thinking alike, then somebody is not thinking." - Gen. George S. Patton Jr.

Colin

Offline inter

  • Jr. Member
  • **
  • Posts: 276
  • Gender: Male
    • interlab on GitHub
Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
« Reply #47 on: December 18, 2012, 05:32:58 AM »
Why would immediately and a new pair of hooks is not to add?
Sorry for my English

Offline emanuele

  • SMF Super Hero
  • *******
  • Posts: 14,156
  • Gender: Male
  • THERE'S JUST ME
Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
« Reply #48 on: December 18, 2012, 05:47:37 AM »
Because micro releases (2.0.x etc.) are only for security fixes (and in that case very few required fixes to features that are badly "broken").
Minor and major releases are for features. And "a couple" of hooks are a feature, not a security fix. ;)


Take a peek at what I'm doing! ;D



Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

Offline FrizzleFried

  • Drama-Monger
  • Sr. Member
  • ****
  • Posts: 754
Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
« Reply #49 on: December 18, 2012, 10:53:02 AM »
Odd that this forum still hasn't upgraded.  :o

Offline novill

  • Jr. Member
  • **
  • Posts: 174
  • Gender: Male
    • Hungarian electrician forum
Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
« Reply #50 on: December 18, 2012, 11:18:36 AM »
Thanks emanuele.  :)

Offline Road Rash Jr.

  • Sr. Member
  • ****
  • Posts: 765
Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
« Reply #51 on: December 18, 2012, 12:20:57 PM »
Odd that this forum still hasn't upgraded.  :o
Even odder is that this so called fixed security issue has been around since the release of 2.0.2 and it has taken a year to find and fix. What has been done in the past year to fix the known bugs? I realize security is priority for you people but what good is a secure program that is broken? Seems to me fixing the bugs would be a priority also. :o
Never argue with an Idiot like myself, they just drag you down to their level then beat you with experience.

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 55,280
  • Gender: Male
    • Kindred-999 on GitHub
Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
« Reply #52 on: December 18, 2012, 01:20:42 PM »
nope... that's not how releases work, Road Rash.

Once a gold release is done, anyone can release patches to fix minor things which may or may not be actual bugs.
The only thing that we release, after a final is security updates or fixes for major issues.

And I would hardly say that anything in 2.0 is currently "broken".

What's been done in the last year?   Lots of work on 2.1, which is in Alpha and will be the next release towards which we are working.
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline David111567

  • Semi-Newbie
  • *
  • Posts: 91
Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
« Reply #53 on: December 18, 2012, 02:57:36 PM »
I would really like it if, after the security patch is applied.... my forums on all my sites wouldn't read "Copyright 2011".

It makes my sites look like there's been nothing done to the software since then. At least the LAST patch (before this one) said 2012!! 

Just a minor gripe.   Nothing big.  Just sayin.  Perhaps SMF could actually get something... as simple as the copyright year... correct?  Would be nice.

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 55,280
  • Gender: Male
    • Kindred-999 on GitHub
Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
« Reply #54 on: December 18, 2012, 03:01:57 PM »
ummm.... no it didn't.   2.0.2 (patch) reads (c) 2011.
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline Road Rash Jr.

  • Sr. Member
  • ****
  • Posts: 765
Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
« Reply #55 on: December 18, 2012, 03:48:29 PM »
ummm.... no it didn't.   2.0.2 (patch) reads (c) 2011.

My 2.0.2 (patch) reads (c) 2012
Never argue with an Idiot like myself, they just drag you down to their level then beat you with experience.

kat

  • Guest
Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
« Reply #56 on: December 18, 2012, 03:50:57 PM »
All mine say 2011, for what it's worth.

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 55,280
  • Gender: Male
    • Kindred-999 on GitHub
Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
« Reply #57 on: December 18, 2012, 03:51:08 PM »
then you edited it yourself.
See the footer of this site... (at least until we do the upgrade here)

2.0.2 was released in December 2011
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline emanuele

  • SMF Super Hero
  • *******
  • Posts: 14,156
  • Gender: Male
  • THERE'S JUST ME
Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
« Reply #58 on: December 18, 2012, 05:37:38 PM »
Mine reads (c) 2112. ::)

I'm impressed how important this BS (a stupid year declared in the footer of a page) could be to some of you...really.
Next patch will just be to increase the year in the copyright string, so that you will be happy.


Take a peek at what I'm doing! ;D



Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

Offline br360

  • Lead Support Specialist
  • SMF Hero
  • *
  • Posts: 2,085
    • GenXcommunity
Re: SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
« Reply #59 on: December 18, 2012, 05:43:40 PM »
Uploaded to 2.0.3 with no issues, thanks for the patch. I'm sure it wouldn't be very wise to publicly announce exactly what the security issues were in the earlier versions, but I am curious to know. Can someone possibly pm me with what the security issue was, and what this patch updates? (besides the aforementioned paypal issue)

Thanks.