News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

SMF 2.0.3, 1.1.17 and 1.0.23 security patches released

Started by emanuele, December 16, 2012, 05:05:30 PM

Previous topic - Next topic

ehr_aaron

Ahah.. I have some other custom sites that use PayPal and it would explain why there is a flurry of issues with them. I bet it's that HTTP 1.1 thing with those. Thanks for the security + feature update  :)
Aaron @ Effortless HR Blog [nofollow]

Mstcool

Quote from: emanuele on December 17, 2012, 04:03:30 AM
Quote from: sharks on December 17, 2012, 02:56:33 AM
I never thought we'd seen another update in 2012. Things just became so incredibly quiet around here for so many months... But this is great and i'm glad to be proven wrong! :D I look forward to a more fruitful 2013 for the SMF community.
Well, I really liked a years without security issues and I hope I'll never have to make another patch available! O:)

Quote from: sharks on December 17, 2012, 03:06:29 AM
There are still 13 bugs which have never been fixed for SMF 1.1.x since several releases! :(
Is there any security issue within those bugs?
Since historically SMF has always fixed only security issues with patches, is not very likely a patch to fix bugs in 1.1.
Anyway, since a patch is a mod, anyone is free to fix those issues and provide the patch somewhere.

Quote from: sharks on December 17, 2012, 03:06:29 AM
I don't know if it's worth updating my forums at this point. Why not fix that small bunch of remaining bugs and release the ultimate Gold/Platinum version of SMF 1.1.x?
Do you mean you are not sure if it is worth updating to 1.1.17?
I now don't know if all the work involved in doing a release is worth if people think bugs are more important than security fixes...

Quote from: sharks on December 17, 2012, 03:06:29 AM
Also, i'm trying to download the changelog:
http://download.simplemachines.org/index.php?thanks;filename=smf_1-1-17_changelog.txt
But i get the error: Sorry but you can not directly download an archived file without first going through the Simple Machines website.
I am using the latest Firefox 17.0.1
Changelog download seems broken...

Quote from: Mstcool on December 17, 2012, 03:14:03 AM
Wait I'm confused. Is this a new release or what because I just updated my forum to 2.0.3. Successfully I believe.
Isn't the subject line explicative enough?
SMF 2.0.3, 1.1.17 and 1.0.23 security patches released

Thanks and sorry because i was sleepy at that time so i didn't understand it properly. :p thanks anyways! :)

Storman™


Simple Site Designs

Great work!

Just wanted to say the update applied without any trouble on our crazy custom forum.


emanuele



Take a peek at what I'm doing! ;D




Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

Colin

"If everybody is thinking alike, then somebody is not thinking." - Gen. George S. Patton Jr.

Colin

inter

Why would immediately and a new pair of hooks is not to add?
Sorry for my English

emanuele

Because micro releases (2.0.x etc.) are only for security fixes (and in that case very few required fixes to features that are badly "broken").
Minor and major releases are for features. And "a couple" of hooks are a feature, not a security fix. ;)


Take a peek at what I'm doing! ;D




Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

FrizzleFried


novill


Road Rash Jr.

Quote from: FrizzleFried on December 18, 2012, 10:53:02 AM
Odd that this forum still hasn't upgraded.  :o
Even odder is that this so called fixed security issue has been around since the release of 2.0.2 and it has taken a year to find and fix. What has been done in the past year to fix the known bugs? I realize security is priority for you people but what good is a secure program that is broken? Seems to me fixing the bugs would be a priority also. :o
Never argue with an Idiot like myself, they just drag you down to their level then beat you with experience.

Kindred

nope... that's not how releases work, Road Rash.

Once a gold release is done, anyone can release patches to fix minor things which may or may not be actual bugs.
The only thing that we release, after a final is security updates or fixes for major issues.

And I would hardly say that anything in 2.0 is currently "broken".

What's been done in the last year?   Lots of work on 2.1, which is in Alpha and will be the next release towards which we are working.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

David111567

I would really like it if, after the security patch is applied.... my forums on all my sites wouldn't read "Copyright 2011".

It makes my sites look like there's been nothing done to the software since then. At least the LAST patch (before this one) said 2012!! 

Just a minor gripe.   Nothing big.  Just sayin.  Perhaps SMF could actually get something... as simple as the copyright year... correct?  Would be nice.

Kindred

ummm.... no it didn't.   2.0.2 (patch) reads (c) 2011.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Road Rash Jr.

Quote from: Kindred on December 18, 2012, 03:01:57 PM
ummm.... no it didn't.   2.0.2 (patch) reads (c) 2011.

My 2.0.2 (patch) reads (c) 2012
Never argue with an Idiot like myself, they just drag you down to their level then beat you with experience.

kat


Kindred

then you edited it yourself.
See the footer of this site... (at least until we do the upgrade here)

2.0.2 was released in December 2011
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

emanuele

Mine reads (c) 2112. ::)

I'm impressed how important this BS (a stupid year declared in the footer of a page) could be to some of you...really.
Next patch will just be to increase the year in the copyright string, so that you will be happy.


Take a peek at what I'm doing! ;D




Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

br360

Uploaded to 2.0.3 with no issues, thanks for the patch. I'm sure it wouldn't be very wise to publicly announce exactly what the security issues were in the earlier versions, but I am curious to know. Can someone possibly pm me with what the security issue was, and what this patch updates? (besides the aforementioned paypal issue)

Thanks.

Advertisement: