Security Concern

Comms Group · May 14, 2018, 08:38:11 PM

Sorry if this is on the wrong board but I could not see an obvious place to post it.

We use SMF for a business forum and, as such, are subject to oversight by our IT Dept. I have been advised that they are concerned about possible vulnerabilities that are outlined in the following article - https://www.exploit-db.com/exploits/10274/

We are using 2.0.14. Have the issues raised in this article been addressed?

Thanks
AM

landyvlad · May 14, 2018, 08:59:31 PM

I can't answer that, but I do find it odd that your IT department's concerns are based upon a version of the program dating from 2009 and an article from that time. That's nine years ago !

No doubt one of the project team would be able to address your specific question.

Looking · May 14, 2018, 09:11:28 PM

QuoteWe are using 2.0.14.

You should be at 2.0.15.

vbgamer45 · May 14, 2018, 09:12:27 PM

Yes they have been that was from and old version of SMF.

Comms Group · May 14, 2018, 09:46:17 PM

Thanks all. I understand the article referred to an older version of SMF and I was also surprised that the Analysts were quoting such an old article.

I also agree that we should be on 2.0.15 but I don't think that addresses this issue.

Is there any information on the Siteground website I can use that shows that these issues have been addressed?

Thanks
AM

vbgamer45 · May 14, 2018, 09:49:06 PM

No they have all been fixed. There is no known security issues with the current version of SMF 2.0.15 Otherwise all our sites would be at risk. It was made with a series of patches over the years.

Aleksi "Lex" Kilpinen · May 14, 2018, 11:49:11 PM

SMF has a good record of keeping up with such things, and I can assure you a report that old has been handled and the issues fixed.
That being said, many times patches to 2.0 include security fixes, and keeping up with current releases is just good practise.

Illori · May 15, 2018, 05:08:49 AM

you can always check the changelog on the downloads page which will give you an idea of what has been patched over the years. it may not tell you exactly what security issue was fixed but it will tell you something.

landyvlad · May 15, 2018, 10:41:59 AM

and point your IT people to this thread if they are seeking reassurance.

Or perhaps they just need a cuddle.

aegersz · May 16, 2018, 02:30:34 AM

Quote from: landyvlad on May 15, 2018, 10:41:59 AM
and point your IT people to this thread if they are seeking reassurance.

Or perhaps they just need a cuddle.

here, a BIG FAT ((((((HUG))))) from me might help ... and this reminder:

IF YOU DO WRONG BY THE COMMUNITY then your "security" won't help you.

what do i mean by this ?

News:

Security Concern