Simple Machines Forum

2.1.4

14 Juni 2023 - 24MB

• Attachments Upload UI enhancements - The UI used for uploading attachments is now easier to use, and a tad more aesthetic also.
  
• Cron enhancements - When running cron as a crontab in unix, it will now check for scheduled tasks and possibly flush the mail queue, in addition to acting on background tasks.
  
• jQuery upgrade - jQuery upgraded to 3.6.3.
  
• Notifications bug - Fixed a bug where certain notifications were not getting delivered if a user subscribed to both a board and a topic within the board.
  
• Editor bug - Fixed a bug where the cursor position may behave erratically when mentions exist in WYSIWYG mode.
  
• Search bug - Fixed a bug caused by some non-backwards compatible behavior in PHP 8.0+ that might result in incomplete results.
  
• Subscriptions bug - Fixed a bug where subscriptions with multi-byte utf8 characters in the description might cause errors.
  
• Subscriptions bug - Fixed an undefined constant CURLOPT_POSTFIELDSIZE bug.
  
• Package Manager bug - Fixed a bug where invalid default value errors were generated.
  
• Custom Fields Search bug - Fixed a bug which prevented custom field searches from working on the member list under some circumstances.
  
• Autolinker bug - Fixed a bug where the autolinker might get a match on partial names.
  
• Upgrader bug - Fixed a bug where certain notification settings were not brought forward properly from 2.0.
  
• Hooks bugs - Fixed bugs where hooks might not be removed properly when mods were deleted, and also where duplicate hooks might be created upon mod reinstall. Also, enabling & disabling of hooks in the admin console works cleanly now.
  
• Fixed a bug where admin-only boards might be visible on the board index.
  
• Fixed a bug where users might get kicked out with erroneous verification question errors.
  
• Fixed a bug where membergroup adds may not get logged properly.
  
• Fixed a bug where you may get cache errors in the logs.
  
• Fixed a bug where long user agents might cause various errors in the SMF error log.
  
• Fixed a bug where MariaDB users might see a "Subject isn't in GROUP BY" error when removing a topic.
  
• Fixed a bug where the SSI Recent Topics call did not show the original topic title.
  
• Numerous minor bug fixes, e.g., to address undefined vars.
  
• Numerous tweaks to enhance the UI.

Läs mer: https://www.simplemachines.org/community/index.php?topic=584230.0

2.1.3

22 November 2022 - 24MB

• Unicode support enhancements - SMF unicode support now matches the latest published standard, Unicode 15, published in Sept 2022 (https://unicode.org/versions/Unicode15.0.0/). Staying current is important for proper capitalization across alphabets, and also with non-printable character detection.
  
• Attachments enhancement - Honor SMF-specified attachment limitations. SMF was restricting attachment uploads based on the underlying php configuration; however, given the .js approach used, this limitation did not apply.
  
• Attachments enhancement - Automatically delete inserted img tags when the corresponding attachments are deleted.
  
• Notification enhancement - Cleanup unread notifications after post approvals, after closing moderation reports, and after unlikes.
  
• Notification enhancement - Cleanup unread orphan alerts, created by message or topic deletions or permission changes.
  
• Notification enhancement - Cleanup unread quote and mention alerts if they were removed during a post edit.
  
• Upgrader enhancements - Issue warnings if attachment or avatar directories are not found. Also, a new option was added to allow the user to rerun the attachment conversion.
  
• Enhanced timezone support - SMF now supports all current timezones (https://www.iana.org/time-zones).
  
• Attachments bug - Fixed a bug where attachments might disappear with a "Not a Valid Attachment ID" message.
  
• Notification bug - Fixed a bug where the alert count displayed was incorrect.
  
• Email bug - Fixed a bug where emails with a mail type of PHP did not work properly in PHP 8.x in linux environments. (SMTP was OK.)
  
• Postgresql support - Fixed numerous issues causing mod installs to behave differently across Postgresql and MySQL. It is much easier now to develop a mod that supports both.
  
• Fixed a bug where PHP 8.1 was being persnickety and did not like implicit float to int conversions.
  
• Fixed a bug where the sql_mode was not being properly set in MySQL 8.x. This would result in slightly different DB query behavior across MySQL 5.x and MySQL 8.x.
  
• Fixed a bug where explicitly "Not Following" a topic resulted in it showing up in your unread list, and not going away...
  
• Improved support for spaces in URLs... Not per any RFC or spec, but SMF supported them in 2.0, so that support should have been carried forward to 2.1...
  
• Fixed a bug where errors appeared in the SMF error log when crawlers attempted to access now-moved avatars. During the 2.1 migration, avatars and attachments may be relocated; external crawlers referencing defunct links should not generate SMF errors.
  
• Fixed a bug in Postgresql syntax when deleting fulltext indexes.
  
• Fixed a bug where "Trying to access array offset on value of type null" showed up in the log.
  
• Fixed a bug where the editor would drop links if copied and pasted.
  
• Fixed a bug where right-to-left languages could not be specified and displayed properly.
  
• Fixed a bug where sorting PMs did not work properly.
  
• Fixed a bug where the BBC url setting erroneously affected signature and topic behavior.
  
• Fixed a bug where hidden members were hidden from admins, too...
  
• Fixed a bug where the wrong icon was used for profile links in PMs.
  
• Fixed a bug where robot_no_index might be set incorrectly, potentially affecting SEO.
  
• Fixed a bug with CORS headers were not being built properly.
  
• Fixed a bug where custom themes might load empty styles.
  
• Fixed a bug where permissions were not properly retained when boards were moved. Moved boards might disappear...
  
• Fixed a bug with using wildcards in IP tracking.
  
• Fixed multiple errors with caching - better reporting of the cache engine not loading, and better handling when not getting a hit on cached info.
  
• Improved edits on profile info, e.g., website urls too long.
  
• Fixed a bug where page numbers in lengthy lists might show decimals...
  
• Improved the message when verification questions were missing.
  
• Enhanced support for passwords for myBB converted users.
  
• Fixed an upgrader bug where 1.1 migrations might fail with Too few arguments to function smf_mysql_insert_id().
  
• Numerous minor enhancements and tweaks to layout.

Läs mer: https://www.simplemachines.org/community/index.php?topic=584230.0

2.1.2

(säkerhetsutgåvan)
9 Maj 2022 - 24MB

• Fixes errors when attempting to view the profile of a non-existent user.
  
• Fixes minor issues with the editor toolbar when certain BBCodes are disabled.
  
• Fixes a bug where the admin panel incorrectly showed the image proxy settings as editable when Settings.php was read-only.
  
• Correctly formats the gender string in profile exports.
  
• Correctly formats the custom profile field names and values in the Buddies list.
  
• Fixes a minor bug when displaying size limits in the attachments restrictions information.
  
• Large image thumbnails now display with the the correct aspect ratio when viewed on small devices.
  
• Video attachments no longer overflow the window on small devices.
  
• Fixes errors about undefined variables when switching between different cache accelerator options.
  
• Fixes an error about invalid dates when a comma was used under certain circumstances while creating a calendar event.
  
• Correctly handles uppercase non-ASCII characters in the answers to verification questions.
  
• Fixes a bug that could allow a topic to be moved into a redirection board under certain circumstances.
  
• Fixes a error that could be generated when sending notifications about guest posts.
  
• Fixes a bug where certain pages could fail to load if the set_time_limit() function was disabled on PHP 8+.
  
• Fixes a bug where attachments might not download correctly if the "Enable compressed output" setting was enabled on PHP 8.0.17+ and 8.1.4+.
  
• Fixes some rare Unicode character handling issues.
  
• Security improvements.

Läs mer: https://www.simplemachines.org/community/index.php?topic=582201.0

2.1.1

(större version)
24 Mars 2022 - 24MBNew features for users

• A new WYSIWYG editor, SCEditor
  
• Real-time alerts in addition to email notifications
  
• A new default theme with full support for mobile devices
  
• Draft messages (you can save & resume later)
  
• Mentions using @name syntax
  
• Drag & drop attachments
  
• Attachments can be embedded directly into post text
  

New features for moderators and administrators

• An improved Administrator Control Panel
  
• Support for moderator groups, not just individuals
  
• Many security enhancements, including support for optional Two Factor Authentication
  
• IPv6 support
  
• Designed with GDPR support
  

New features for modification and theme authors

• A massive expansion of the number of integration hooks available
  
• More powerful BBCode possibilities
  
• Background tasks
  
• New capabilities in the Package SDK

Läs mer: https://www.simplemachines.org/community/index.php?topic=580585.0

2.0.19

(säkerhetsutgåvan)
27 December 2021 - 22MB

• Ensures compatibility with PHP 8.1 MySQLi error mode.
  
• Fixes a bug where members could not download their basic profile data if RSS feeds were disabled.
  
• Fixes a bug where double encoded entities could appear in RSS feeds and SSI functions
  
• Fixes bugs related to birthdates in member profiles.
  
• Improves protection against race conditions when saving Settings.php
  
• Avoids an issue with certain versions of Chrome and Edge where viewing one page of a multi-page topic could cause unread posts on the next page to be incorrectly marked as read.
  
• Security improvements.

Läs mer: https://www.simplemachines.org/community/index.php?topic=579982.0

2.0.18

30 Juli 2021 - 22MB

• Policy acceptance missing id_member.
  
• Addresses PHP parse errors when using SMF file cache
  
• Avoids truncating Settings.php until after we have a lock on the file
  
• Tighten up security checks, bring in sync with 2.1
  
• Brought the UTF16-to-UTF8 logic over from 2.1
  
• Always include email address when downloading user's own profile data
  
• Fix missing info affecting logging for new registrations
  
• Fixes bugs with multi-version jumps (via CLI) where settings weren't refreshed
  
• Set utf8 as default going forward

Läs mer: https://www.simplemachines.org/community/index.php?topic=576577.0

2.0.17

2 Januari 2020 - 22MB

• Fixes a bug that could cause SMF 2.0.16 to start consuming significant amounts of CPU-resources when the RSS function was used.
  
• Eliminates some deprecated function warnings when using SSI.php on PHP 7.2+.

Läs mer: https://www.simplemachines.org/community/index.php?topic=571067.0

2.0.16

(säkerhetsutgåvan)
27 December 2019 - 22MBHighlights

• Support for privacy policy in addition to registration agreement
  
• GDPR Compliance toggle in Core Features
  
• Enabling this configures multiple settings and new features to comply with the GDPR, including:
  
• Requiring members to accept the current privacy policy in order to use the forum
  
• Asking during registration whether the new member wants to receive announcements via email
  
• Enabling token-based unsubscribe links in emails so members can unsubscribe without logging in
  
• Allowing members to download a copy of their profile information
  
• Adjusting the behaviour of a number of other features in minor ways as necessary
  
• PHP 7.2 support
  
• Improved security hashes for the image proxy
  
• Improved security for the login cookie
  
• Assorted other security improvements
  
• Various improvements for both the installer and upgrader
  

Changes

• Updated credits.
  
• Revert the fix to search highlighting [topic 550840]
  
• Generates $auth_secret during install, so that the admin can log in immediately.
  
• Improves UI for viewing/accepting changes to registration agreement & privacy policy.
  
• Improves UI for editing registration agreement & privacy policy.
  
• Correctly decides whether to search using a regex when using full text search.
  
• Prevents errors converting HTML entities to 4-byte characters during database maintenance.
  
• Removes old 1.1 themes during upgrade.
  
• Implements a number of fixes for the installer and upgrader.
  
• Removes deprecated ALTER IGNORE statements from upgrade SQL.
  
• Ensures check_mime_type() is defined before calling it in profileSaveAvatarData().
  
• Fixes a bug with regex searching in SQLite.
  
• Removes redundant count() in Poll.php and changes explode for implode.
  
• Uses hash_hmac to generate much more secure hashes for the image proxy.
  
• Adds `rel="noopener noreferrer"` to links for user supplied URLs. (Reported by Travis Knapp-Prasek)
  
• Increases cookie security by hashing with a secret authentication key. (Reported by Logan Whitmire)
  
• Requires admin password to add/remove admins via group moderation. (Reported by Logan Whitmire)
  
• Checks MIME type of user-supplied avatar images more thoroughly. (Reported by Logan Whitmire)
  
• Adds $force parameter to validateSession()
  
• Improves functionality and security of token-based unsubscribe system.
  
• Adds token-based unsubscribe links to newsletters.
  
• Simplifies language strings and templates for unsubscribe links.
  
• Shows an error message if trying to unsubscribe an invalid member id.
  
• Prevents sending newletters to arbitrary email addresses in GDPR mode.
  
• Fixed create_function for the installer, warn for SQLite deprecation.
  
• Limit PM rules and how many times they can be applied in a time period.
  
• Don't proxy images for bots
  
• Cleanup old proxied images as part of daily maintenance
  
• Only set the old url whenever stats are being logged [topic 459730]
  
• Fix search highlighting to not mangle/expose some HTML [topic 550840]
  
• The code to check for too many PM labels was wrong [topic 559166]
  
• $db_persist needed to be defined as a global in the MySQLi driver [topic 552581]
  
• $smcFunc['db_error'] shouldn't require a database object as a parameter
  
• Add X-Frame-Options to both the installer and the upgrader
  
• Add registration agreement section where users can view and agree to the document, complete with logging
  
• Ensure that count() is called on valid objects when using PM labels in PHP 7.2
  
• Try to inject session tokens into any login form that doesn't already have one (may not work in SSI!)
  
• Implement privacy policy stuff for GDPR
  
• Add link in footer to agreement and privacy policy
  
• In XML profile export, explicitly state the language even when the member uses the forum default
  
• In installer and upgrader, get resource files from simplemachines.org via HTTPS
  
• Avoid generating errors for non-numeric start values when getting recent posts
  
• Add ability to force the browser to download XML feed data as a file (good for GDPR support)
  
• Add a link in profile actions menu to export profile info.
  
• Make cdata_parse() smarter and less aggressive
  
• Add "Allow the administrators to send me important news by email" checkbox to registration form
  
• Invalidate opcode after writing Settings.php (other/install.php)
  
• Use openssl_random_pseudo_bytes (if available) to generate the token_secret for unsubscribe links
  

& Fix a minor grammatical error and adds documentation comment to the email template

• Underline the link to the GDPR official info page
  
• Don't offer the Override Notification Settings option when composing a newsletter if force_gdpr is turned on
  
• Implement GDPR compliance regarding unsubscribe links and options for email notifications
  
• Add a GDPR compliance toggle to Core Features.
  
• Core theme missing login hash [topic 558445]
  
• template_kick_guest() missing login hash
  
• Wireless missing login hash [topic 557843]
  
• Fix code selection in modern browsers (Firefox, Chrome) [topic 553445]
  
• Message previews ate emoji on UTF forums [topic 558414]
  
• Improve logging of exceptions
  
• Don't load the MySQLi driver if on PHP 5.3
  
• Fix bitmask for error reporting
  
• Type mismatch [topics 554723, 556672, 558542]
  
• Undefined index errors if checking permissions too early [topic 558349]
  
• matchPackageVersion() did not extract the beta number correctly [topic 557810]
  
• Must clear the opcode cache on Settings.php when modifying it from within the admin area [topic 560180]
  
• Board theme should not be overridden by user theme [topic 558121]
  
• sendmail() should send the current server's name [topic 552893]
  
• smf_categories lost ordering on InnoDB tables in MySQL [topic 552922]
  
• Silence deprecation notices because we use deprecated functions everywhere
  
• Remove leftover code while porting from 2.1 [topic 555723]
  
• Several fixes for the proxy

Läs mer: https://www.simplemachines.org/community/index.php?topic=570986.0

2.0.15

(säkerhetsutgåvan)
16 Juni 2018 - 22MBHighlights

• A security issue reported by Daniel Le Gall from SCRT SA
  
• Various bug fix with Proxy handler
  
• Login fixes for SSI and Maintenance mode
  
• Various Search fixes
  
• Email handling issue fixed when using SendTopic
  
• Fixed SM Stat collection and added opt in/out functionality to the Admin Panel

Läs mer: https://www.simplemachines.org/community/index.php?topic=557176.0

2.0.14

(säkerhetsutgåvan)
23 Juni 2017 - 22MBThis patch adds both security and general maintenance fixes to your forum, so it is imperative that you install this patch quickly.

SMF 2.0.14

• Updating session handlers
  
• Adding HTTPS
  
• fetch_web_data now uses cURL, falling back to sockets
  
• Ported image proxy support from SMF 2.1
  
• Also added HTTPS for avatars
  
• Added a simple exception handler
  
• Check session while logging in
  
• Sanitize some fields to help guard against XSS
  
• Validate email addresses with PHP’s filter method
  
• Fix search highlighting to not mangle/expose some HTML
  
• Fix password acceptance when special characters were used in UTF-8;
  
• Correct some random logic errors in the profile area
  
• Use ampersands instead of semi-colons for PayPal’s return link
  
• Fix sending multiple MIME-Version headers in notification mail
  
• Fix sending multipel Content-Type headers in all requests
  

SMF 2.0.13

• Some file versions didn't get modified in the 2.0.12 patch
  
• Added check and sanitization for $_REQUEST['u'] in LogInOut.php and Reminder.php
  
• Added check and sanitization for $_REQUEST['uid'] in Reminder.php
  
• Properly sanitize author's website for packages
  
• Added session check when uploading packages
  
• Added session check when copying template files from one theme to another
  
• The code to remove empty BBCode was sometimes breaking things (reported by @rjen; fix provided by Sesquipedalian)
  
• Remove hardcoded limits for safe_unserialize as it was causing cache problems
  
• Update the cal_max_year setting to 2030
  

SMF 2.0.12

• Fixed word censor injection by disallowing an empty 'proper word'
  
• Fixed vulnerable unserialize() code by converting all instances to safe_unserialize()
  
• Added a more thorough safe_unserialize() function to prevent object injection
  
• Fixed a bug where leaving a custom profile field blank on registration that has an email mask would throw an error
  
• Fixed PayPal integration to comply with the new forced SSL
  
• Fixed a bug where notifications were sent for messages in inaccessible boards
  
• Fixed editor to make the editor work with Microsoft Edge
  
• Fixed issue where smiley popup is blank on iOS 9 devices
  
• Fixed WYSIWYG editor in mobile devices
  
• Fixed an undefined $_POST['icon'] in Sources/Post.php
  
• Fixed a minor bug in Login2()
  
• Fixed an issue where SMF doesn't recognize new domain names and considers these as invalid
  
• Fixed an issue where SMF would allow empty BBC
  
• Fixed an issue where theme variants could not be selected
  
• Fixed an issue where the file version of Subs-Post.php could have been 2.0.8 or 2.0.11. It will be updated to 2.0.12 in either case.
  
• Updated copyright year to 2016

Läs mer: https://www.simplemachines.org/community/index.php?topic=553855.0

2.0.11

(säkerhetsutgåvan)
23 September 2015 - 22MBThis patch is a security release, which focuses on fixing a minor security vulnerability reported in the software, therefore, it is important that you install this patch in a timely manner.
Läs mer: http://www.simplemachines.org/community/index.php?topic=539888.0

2.0.10

(tillägg 1)
29 April 2015 - 22MBInstallatron:

• Update: Fixed an issue which could prevent the update process from completing successfully. Updates affected by this issue can be re-started from the UI.

2.0.10

25 April 2015 - 22MB

• The instructions on ManagePaid page need to be updated
• PayPal emails are case insensitive
• Long standing problem with ManageNews and PostgreSQL
• Long standing problem with Smiley sets and PostgreSQL
• Errors show in log when handling certain tar.gz packages
• Forum Maintenance - Topics fails if header is collapsed
• Fix for unsupported UTF8mb4 characters
• SSI.php doesn't handle "hide results until user has voted" properly
• Sanitize package redirects
• Can't use WYSIWYG editor in Pale Moon browser
• Search dialogue can overflow inappropriately
• Excessive line in ManageServer.php in the patch upgrade from 2.0.8
• HTML tag broken in 2.0.9 install package
• Wrong link in ManageAttachments
• Error suppression missing in Subs-Package
• XML post preview was broken in 2.0.9
• Chrome doesn't like opacity for the news fader anymore
• Add additional emails in Paid Subscriptions settings for PayPal business accounts.

Läs mer: http://www.simplemachines.org/community/index.php?topic=535828.0

2.0.9

(säkerhetsutgåvan)
3 Oktober 2014 - 22MB

• SMF tries to stick ORDER BY NULL onto INSERT IGNORE queries containing sub-selects with a GROUP BY statement, causing a database error (Reported by guest)
• "Show Results" button always shown for polls as long as you can vote in them (Reported by Chainy)
• Multi-select boxes for settings were broken when no value had been selected (Reported by Suki)
• Some mail providers screw up the activation link (Reported by NanoSector)
• PHP 5.4 changes default charset to UTF-8, which can cause problems with search results and PM notification emails (Reported by fun4us)
• Make sure opcode cache gets cleared when regular cache does
• Log pruning should only delete closed mod reports, not open ones
• Fix layout issue with manage permissions page (Reported by Antes)
• Adjust image check to not fail on "cellTextIsHtml", unless paranoid... (Reported by Arantor)
• Sanitize all package XML to prevent any XSS attacks (Reported by Arantor)
• Add session check when previewing posts to prevent XSS via [html] from forged forms (Reported by emanuele)
• Sanitize maintenance mode title to prevent XSS attacks if HTML is used in it (Reported by guest)

Läs mer: http://www.simplemachines.org/community/index.php?topic=528448.0

2.0.8

18 Juni 2014 - 22MB

• Nobbc should work across multiple lines
• Package manager shouldn't fail when only 32M of memory is available
• Quoting posts with smileys in, in the WYSIWYG editor, shouldn't spout nonsense into the editor (in the way certain versions of 2.0.7 did)
• Td tags with a colspan should still function and not consume vast amounts of memory
• Using lots of html bbcode tags when not an admin should not consume vast amounts of memory
• Using queryless URLs, and/or when the PHPSESSID is present, should not consume vast amounts of memory
• Breaking long words should function without consuming lots of memory
• Adding posts with many smileys or bbc with specific parameter types (many times especially) should not consume vast amounts of memory, e.g. [acronym=definition]term[/acronym]
• Emails should work without consuming vast amounts of memory
• Time tags should work without consuming vast amounts of memory
• The copyright year should be updated
• Board order should always work correctly (if at a performance hit, a la the mod Arantor prepared)
• The memberlist search feature could, in some cases, throw a database error if no valid fields were specified

Läs mer: http://www.simplemachines.org/community/index.php?topic=524016.0

2.0.7

(tillägg 1)
22 Januari 2014 - 22MBInstallatron:

• Install and Update: Added revisions published by Simple Machines Forum.

2.0.7

21 Januari 2014 - 22MB

• PHP 5.5 compatibility fixes merged in. (Thanks to all who contributed but especially SleePy and Spuds)
• Trim the username if oversized when logging in. (Thanks to TMcomputering for the report)
• Check that group inheritance is actually going to be viable before trying to do further inquiry. (Thanks to tfs for the report)
• Made sure some of the calendar holidays are corrected when previously incorrect.
• Don't let the prune reports function prune open, or for that matter, ignored, reports. (Reported by Kimmie)
• If an uploaded file somehow has an image size but isn't really an image, don't try to treat it as an image.
• Make file cache somewhat less fragile.
• ssi_fetchPosts didn't honour overriding permissions. (Thanks to IchBin for a fix)
• Privacy and original sending time were not kept in the mail queue in the event of sending failure.
• Wrong variable used in the mail queue handling (Thanks to Nao for originally finding the bug)
• Themes with spaces in could break the editor handling. (Thanks to akyhne for the report and akabugeyes for a suggested fix)
• Made the anti-XSS header a little less picky.
• FIND_IN_SET wasn't always properly set up for PostgreSQL use.
• Multiple installed themes with variants wouldn't all be able to be selected properly.
• Fields that are regex-validated couldn't be left empty (thanks HappyBits and emanuele)
• Fixing legacy TYPE=HEAP (thanks heusdens for the report)

Läs mer: http://www.simplemachines.org/community/index.php?topic=517205.0

2.0.6

(säkerhetsutgåvan)
22 Oktober 2013 - 22MBCritical security issues have been identified and are fixed with this update, therefore it is recommended to make sure you update your forums immediately to ensure your community is safe. A few other minor bugs have also been fixed.

• Added some headers to help protect against clickjacking (thanks Jakob Lell for the report)
• Invalid avatars were not always properly cleaned up (thanks chaoztc for the report)
• Added protection against usernames being impersonated with Unicode space characters (thanks Jakob Lell for the report)
• Sessions weren't always cleaned up properly on logout (thanks creepernex for the report)
• Certain fields were accepted during registration even when they shouldn't be (thanks tomreyn for the report)
• Certain errors were unnecessarily shown during a failed registration and some of those were inappropriate anyway (thanks Labradoodle-360 for the report)
• Approving an account from a member's profile was not logged (thanks emanuele for the report)
• Approving an account from a member's profile did not always properly enforce security rules (thanks emanuele for the report)
• The PHPSESSID injector would also add it to the canonical link, breaking it (thanks to all who reported it)
• An invalid character was indicated in legacy attachment handling
• Under some circumstances the admin panel would not accept the number of verification questions you had entered (thanks BurkeKnight for the report)
• The help pages could sometimes accidentally direct users to non-existing pages (thanks AngelinaBelle for the report and Illori for the fix)

Läs mer: http://www.simplemachines.org/community/index.php?topic=509417.0

2.0.5

(säkerhetsutgåvan)
12 Augusti 2013 - 22MBCritical security issues have been identified and are fixed with this update, therefore it is recommended to make sure you update your forums immediately to ensure your community is safe. A few other minor bugs have also been fixed.

• Updated the WHOIS search URL for RIPE (thanks Runic)
• Fixed a problem with upgrade.php that wasn't able to continue after db errors (thanks akc42 for the fix)
• Fixed code injection in manage language pages (thanks HauntIT for the report)
• Fixed XSS in the news page, emails field (thanks HauntIT for the report)
• XSS in personal messages page (thanks HauntIT for the report)

Läs mer: http://www.simplemachines.org/community/index.php?topic=509417.0

2.0.4

(tillägg 1)
5 Augusti 2013 - 22MBInstallatron:

• Added compatibility for CloudLinux CageFS.

2.0.4

1 Februari 2013 - 22MBCritical security issues have been identified and are fixed with this update, therefore it is recommended to make sure you update your forums immediately to ensure your community is safe. A few other minor bugs have also been fixed.

• Joshua's fix for validatePasswordFlood logic error (reported by Raz0r)
• Arantor fix for database error on lost connections
• Quick fix for Admin Password Reset vulnerability reported by Raz0r
• Directory traversal vulnerability in the function ViewFile (thanks yan.uniko.102 for reporting and Arantor for proposing the fix and Spuds for spotting the undefined variable)
• active users cannot change anymore the email from action activate without deactivation/confirmation (thanks BarteX for reporting the issueand suggesting a fix)
• Change language from the admin panel could allow XSS, path disclosure and code injection (thanks Jakub Galczyk for reporting the issue)
• Missing arguments in SSI functions called through ?ssi= generated error messages showing full server file path (thanks yan.uniko.102 for reporting it)
• Directory listing and editing of arbitrary files from the theme editing page in the admin panel

Läs mer: http://www.simplemachines.org/community/index.php?topic=496403.0

2.0.3

16 December 2012 - 22MBCritical security issues have been identified and are fixed with this update, therefore it is recommended to make sure you update your forums immediately to ensure your community is safe. A few other minor bugs have also been fixed. The most relevant bug fix is an issue that will arise in few months with PayPal: starting on February 1, 2013 PayPal will only accept headers which comply with the HTTP 1.1 specification.

• SSI showed hidden boards on non-properly configured forums (part 2)
• SSI showed hidden boards on non-properly configured forums
• XSS in moderation log page (thanks kingW3 for the report)
• ManagePaid fails if copies of Subscriptions-Paypal,php are present
• PCRE engine starting at rev 8.3, will not allow you to specify the surrogate range D800–DFFF - From Spuds (similar to commit 10994)
• Fixed lacking of check on referer URL when adminLogin comes into play (1.0, 1.1 and 2.0 versions)
• Fixes for paypal moving to HTTP 1.1 [bug 5009]
• update sandbox to use https, the former address results in a redirect
• curl did not work due to improper check
• subscriptions should also check for approved payment. Cherry-picked from git commit 07d4bc9fba8942fd284d3d0c3c732889a7bc2e6f by Spuds
• Fixed the upgrade.php failing when the Themes directory was in a directory other than $boarddir (thanks iacchi for finding the cause)
• Applied all the changes proposed by rawlogic to fix the intermittent session verification failures

Läs mer: http://www.simplemachines.org/community/index.php?topic=492786.0

2.0.2

23 December 2011 - 22MB

2.0.1

19 September 2011 - 22MB

2.0

(större version)
11 Juni 2011 - 22MB

1.1.21

25 April 2015 - 10MB

• XML post preview was broken in 1.1.20
• XSS possibility if HTML used in maintenance mode title (Reported by guest)
• Various parts of the package system could allow XSS attacks (Reported by Arantor)
• Add session check to post preview to prevent XSS from html tag through forged forms (Reported by emanuele)

Läs mer: http://www.simplemachines.org/community/index.php?topic=535828.0

1.1.19

(säkerhetsutgåvan)
22 Oktober 2013 - 10MBCritical security issues have been identified and are fixed with this update.
Läs mer: http://www.simplemachines.org/community/index.php?topic=512964.0

1.1.18

1 Februari 2013 - 10MBCritical security issues have been identified and are fixed with this update.
Läs mer: http://www.simplemachines.org/community/index.php?topic=496403.0

1.1.17

16 December 2012 - 10MB

1.1.16

23 December 2011 - 10MB

1.1.15

19 September 2011 - 10MB

1.1.14

11 Juni 2011 - 10MB

1.1.13

12 Februari 2011 - 10MB

1.1.12

2 November 2010 - 10MB

1.1.11

4 December 2009 - 10MB

1.1.10

15 Juli 2009 - 10MB

1.1.9

22 Maj 2009 - 10MB

1.1.8

5 Februari 2009 - 10MB

1.1.7

11 November 2008 - 10MB

1.1.6

14 September 2008 - 10MB

1.1.5

2 Maj 2008 - 10MB

1.1.4

2 Oktober 2004 - 10MB

1.1.3

9 Augusti 2007 - 10MB

1.1.2

20 Februari 2007 - 10MB

1.1.1

21 December 2006 - 10MB

1.0.9

31 Oktober 2006 - 4MB

1.0.8

27 Augusti 2006 - 4MB

1.0.7

10 April 2006 - 4MB

1.0.6

7 Februari 2006 - 4MB

1.0.5

30 Juni 2005 - 4MB

1.0.4

22 Juni 2005 - 4MB

1.0.3

2 Maj 2005 - 6MB

1.0

11 Januari 2005 - 2MB