Neuigkeiten:

Kill 'em all, now more than ever! (Farin)

Hauptmenü

[Informationen] Forenupdate

Begonnen von Schnoofy, 02. Februar 2013, 11:38:15

⏪ vorheriges - nächstes ⏩

0 Mitglieder und 1 Gast betrachten dieses Thema.

Schnoofy

2.0.3 -> 2.0.4

Soeben haben wir ein Update auf die Version 2.0.4 durchgefuehrt (Ankuendigung von Simple Machine).

Der Changelog:
Zitat von: SMF 2.0.4SMF 2.0.4                                                      Febuary 1 2013
===============================================================================

January 2013
--------------------------------------------------------------------------------
! Joshua's fix for validatePasswordFlood logic error (reported by Raz0r)
! Arantor fix for database error on lost connections
! Quick fix for Admin Password Reset vulnerability reported by Raz0r
! Directory traversal vulnerability in the function ViewFile (thanks yan.uniko.102 for reporting and Arantor for proposing the fix and Spuds for spotting the undefined variable)
! active users cannot change anymore the email from action activate without deactivation/confirmation (thanks BarteX for reporting the issueand suggesting a fix)
! Change language from the admin panel could allow XSS, path disclosure and code injection (thanks Jakub Galczyk for reporting the issue)
! Missing arguments in SSI functions called through ?ssi= generated error messages showing full server file path (thanks yan.uniko.102 for reporting it)
! Directory listing and editing of arbitrary files from the theme editing page in the admin panel

Schnoofy

2.0.4 -> 2.0.5

Soeben haben wir ein Update auf die Version 2.0.5 durchgefuehrt (Ankuendigung von Simple Machine).

Der Changelog:
Zitat von: SMF 2.0.5SMF 2.0.5                                                      August 12 2013
===============================================================================

August 2013
--------------------------------------------------------------------------------
* Fix unsanitised XSS flaw in language editor
* Fix unsanitised XSS flaw in newsletters system
* Fix unsanitised input in personal messages
* Updated RIPE query address, as the old URL is no longer valid

Schnoofy

2.0.5 -> 2.0.6

Soeben haben wir ein Update auf die Version 2.0.6 durchgefuehrt (Ankuendigung von Simple Machine).

Der Changelog:
Zitat von: SMF 2.0.6SMF 2.0.6                                                      October 22 2013
===============================================================================

August 2013
--------------------------------------------------------------------------------
! Added some headers to help protect against clickjacking (thanks Jakob Lell for the report)
! Invalid avatars were not always properly cleaned up (thanks chaoztc for the report)
! Added protection against usernames being impersonated with Unicode space characters (thanks Jakob Lell for the report)
! Sessions weren't always cleaned up properly on logout (thanks creepernex for the report)
! Certain fields were accepted during registration even when they shouldn't be (thanks tomreyn for the report)
! Certain errors were unnecessarily shown during a failed registration and some of those were inappropriate anyway (thanks Labradoodle-360 for the report)
! Approving an account from a member's profile was not logged (thanks emanuele for the report)
! Approving an account from a member's profile did not always properly enforce security rules (thanks emanuele for the report)
! The PHPSESSID injector would also add it to the canonical link, breaking it (thanks to all who reported it)
! An invalid character was indicated in legacy attachment handling
! Under some circumstances the admin panel would not accept the number of verification questions you had entered (thanks BurkeKnight for the report)
! The help pages could sometimes accidentally direct users to non-existing pages (thanks AngelinaBelle for the report and Illori for the fix)

Schnoofy

2.0.6 -> 2.0.7

Soeben haben wir ein Update auf die Version 2.0.7 durchgefuehrt (Ankuendigung von Simple Machine).

Der Changelog:
Zitat von: SMF 2.0.7SMF 2.0.7                                                       January 20 2014
===============================================================================

January 2014
-------------------------------------------------------------------------------
! PHP 5.5 compatibility fixes merged in. (Thanks to all who contributed but especially SleePy and Spuds)
! Trim the username if oversized when logging in. (Thanks to TMcomputering for the report)
! Check that group inheritance is actually going to be viable before trying to do further inquiry. (Thanks to tfs for the report)
! Made sure some of the calendar holidays are corrected when previously incorrect.

December 2013
-------------------------------------------------------------------------------
! Don't let the prune reports function prune open, or for that matter, ignored, reports. (Reported by Kimmie)
! If an uploaded file somehow has an image size but isn't really an image, don't try to treat it as an image.
! Make file cache somewhat less fragile.
! ssi_fetchPosts didn't honour overriding permissions. (Thanks to IchBin for a fix)
! Privacy and original sending time were not kept in the mail queue in the event of sending failure.
! Wrong variable used in the mail queue handling (Thanks to Nao for originally finding the bug)
! Themes with spaces in could break the editor handling. (Thanks to akyhne for the report and akabugeyes for a suggested fix)
! Made the anti-XSS header a little less picky.
! FIND_IN_SET wasn't always properly set up for PostgreSQL use.
! Multiple installed themes with variants wouldn't all be able to be selected properly.
! Fields that are regex-validated couldn't be left empty (thanks HappyBits and emanuele)
! Fixing legacy TYPE=HEAP (thanks heusdens for the report)

Schnoofy

2.0.7 -> 2.0.8

Soeben haben wir ein Update auf die Version 2.0.8 durchgefuehrt (Ankuendigung von Simple Machine).

Der Changelog:
Zitat von: SMF 2.0.8SMF 2.0.8                                                       June 18 2014
===============================================================================

June 2014
-------------------------------------------------------------------------------
! Nobbc should work across multiple lines
! Package manager shouldn't fail when only 32M of memory is available
! Quoting posts with smileys in, in the WYSIWYG editor, shouldn't spout nonsense into the editor (in the way certain versions of 2.0.7 did)
! Td tags with a colspan should still function and not consume vast amounts of memory
! Using lots of html bbcode tags when not an admin should not consume vast amounts of memory
! Using queryless URLs, and/or when the PHPSESSID is present, should not consume vast amounts of memory
! Breaking long words should function without consuming lots of memory
! Adding posts with many smileys or bbc with specific parameter types (many times especially) should not consume vast amounts of memory, e.g. term
! Emails should work without consuming vast amounts of memory
! Time tags should work without consuming vast amounts of memory
! The copyright year should be updated
! Board order should always work correctly (if at a performance hit, a la the mod Arantor prepared)
! The memberlist search feature could, in some cases, throw a database error if no valid fields were specified

Schnoofy

2.0.8 -> 2.0.9

Soeben haben wir ein Update auf die Version 2.0.9 durchgefuehrt (Ankuendigung von Simple Machine).

Der Changelog:
Zitat von: SMF 2.0.9SMF 2.0.9                                                       October 1 2014
===============================================================================

September 2014
-------------------------------------------------------------------------------
! SMF tries to stick ORDER BY NULL onto INSERT IGNORE queries containing sub-selects with a GROUP BY statement, causing a database error (Reported by guest)
! "Show Results" button always shown for polls as long as you can vote in them (Reported by Chainy)
! Multi-select boxes for settings were broken when no value had been selected (Reported by Suki)
! Some mail providers screw up the activation link (Reported by NanoSector)
! PHP 5.4 changes default charset to UTF-8, which can cause problems with search results and PM notification emails (Reported by fun4us)
! Make sure opcode cache gets cleared when regular cache does
! Log pruning should only delete closed mod reports, not open ones
! Fix layout issue with manage permissions page (Reported by Antes)
! Adjust image check to not fail on "cellTextIsHtml", unless paranoid... (Reported by Arantor)
! Sanitize all package XML to prevent any XSS attacks (Reported by Arantor)
! Add session check when previewing posts to prevent XSS via [html] from forged forms (Reported by emanuele)
! Sanitize maintenance mode title to prevent XSS attacks if HTML is used in it (Reported by guest)

Schnoofy

2.0.9 -> 2.0.10

Soeben haben wir ein Update auf die Version 2.0.10 durchgefuehrt (Ankuendigung von Simple Machine).

Der Changelog:
Zitat von: SMF 2.0.10SMF 2.0.10                                                       April 22 2015
===============================================================================

April 2015
-------------------------------------------------------------------------------
! The instructions on ManagePaid page need to be updated
! PayPal emails are case insensitive
! Long standing problem with ManageNews and PostgreSQL
! Long standing problem with Smiley sets and PostgreSQL
! Errors show in log when handling certain tar.gz packages

March 2015
-------------------------------------------------------------------------------
! Forum Maintenance - Topics fails if header is collapsed
! Fix for unsupported UTF8mb4 characters

February 2015
-------------------------------------------------------------------------------
! SSI.php doesn't handle "hide results until user has voted" properly
! Sanitize package redirects

January 2015
-------------------------------------------------------------------------------
! Can't use WYSIWYG editor in Pale Moon browser
! Search dialogue can overflow inappropriately
- Excessive line in ManageServer.php in the patch upgrade from 2.0.8
! HTML tag broken in 2.0.9 install package
! Wrong link in ManageAttachments
* Error suppression missing in Subs-Package
! XML post preview was broken in 2.0.9
! Chrome doesn't like opacity for the news fader anymore
+ Add additional emails in Paid Subscriptions settings for PayPal business accounts.

Schnoofy

2.0.10 -> 2.0.11

Soeben haben wir ein Update auf die Version 2.0.11 durchgefuehrt (Ankuendigung von Simple Machine).

Der Changelog:
Zitat von: SMF 2.0.11SMF 2.0.11                                                    September 18 2015
===============================================================================

September 2015
-------------------------------------------------------------------------------
! Security vulnerability patched (reported by Andrea Palazzo - Truel IT)
! safe_unserialize() function added to Subs.php
! Instances of unserialize() with user-supplied data changed to safe_unserialize()


Zudem kann ich ankuendigen, dass wir bereits seit einigen Wochen SMF 2.1 (aktuell ist die Beta 2) intern testen. Eine der großen Neuerungen ist ein responsives Design [Wikipedia].

Schnoofy

2.0.11 -> 2.0.12

Soeben haben wir ein Update auf die Version 2.0.12 durchgefuehrt (Ankuendigung von Simple Machine).

Der Changelog:
Zitat von: SMF 2.0.12SMF 2.0.12                                              July 7, 2016
===============================================================================
! Fixed word censor injection by disallowing an empty 'proper word'
! Fixed vulnerable unserialize() code by converting all instances to safe_unserialize()
! Added a more thorough safe_unserialize() function to prevent object injection
! Fixed a bug where leaving a custom profile field blank on registration that has an email mask would throw an error
! Fixed PayPal integration to comply with the new forced SSL
! Fixed a bug where notifications were sent for messages in inaccessible boards
! Fixed editor to make the editor work with Microsoft Edge
! Fixed issue where smiley popup is blank on iOS 9 devices
! Fixed WYSIWYG editor in mobile devices
! Fixed an undefined $_POST['icon'] in Sources/Post.php
! Fixed a minor bug in Login2()
! Fixed an issue where SMF doesn't recognize new domain names and considers these as invalid
! Fixed an issue where SMF would allow empty BBC
! Fixed an issue where theme variants could not be selected
! Fixed an issue where the file version of Subs-Post.php could have been 2.0.8 or 2.0.11. It will be updated to 2.0.12 in either case.
! Updated copyright year to 2016

Sollten Euch Fehler auffallen, so meldet sie bitte hier.

Schnoofy

2.0.12 -> 2.0.13

Soeben haben wir ein Update auf die Version 2.0.13 durchgefuehrt (Ankuendigung von Simple Machine).

Der Changelog:
Zitat von: SMF 2.0.13SMF 2.0.13                                           January 4, 2017
===============================================================================
! Some file versions didn't get modified in the 2.0.12 patch
! Added check and sanitization for $_REQUEST['u'] in LogInOut.php and Reminder.php
! Added check and sanitization for $_REQUEST['uid'] in Reminder.php
! Properly sanitize author's website for packages
! Added session check when uploading packages
! Added session check when copying template files from one theme to another
! The code to remove empty BBCode was sometimes breaking things (reported by @rjen; fix provided by Sesquipedalian)
! Remove hardcoded limits for safe_unserialize as it was causing cache problems
! Update the cal_max_year setting to 2030

Version 2.0.14 erscheint "sehr bald".

Sollten Euch Fehler auffallen, so meldet sie bitte hier.

Schnoofy

Zitat von: Schnoofy am 21. September 2015, 16:24:59[...] Zudem kann ich ankuendigen, dass wir bereits seit einigen Wochen SMF 2.1 (aktuell ist die Beta 2) intern testen. Eine der großen Neuerungen ist ein responsives Design [Wikipedia].

Ein kleines Update: Sobald die Beta 3 veroeffentlicht wurde, werden wir sie natuerlich ausfuehrlich testen. Wann die finale Version von SMF 2.1 erscheinen soll, steht derzeit gaenzlich in den Sternen. Bitte bedenkt, dass es sich beim Simple Machines Forum um ein Open-Source-Projekt handelt – die Entwickler erhalten fuer ihre harte Arbeit in ihrer Freizeit keine Verguetung. So lange kritische Fehler zeitnah ausgebessert werden, ist eine laengere Wartezeit kein Problem. Frei nach dem Motto: "It's done, when it's done." ("Es ist fertig, wenn es fertig ist.").

Wer sich fuer die Neuerungen in SMF 2.1 (im Vergleich zu SMF 2.0) interessiert, der kann sich an dieser Stelle informieren.

Schnoofy

Fuer die N3rds unter Euch: Es gibt Neuigkeiten bezueglich der Version 2.0.14 des Forums.

So aufgeregt ... (also ich). :)

Badetuch

Beim letzten Update gab es leider Schwierigkeiten und das Backup hat etwas auf sich warten lassen.
Ein Forum ist ein Forum, nur mit ernstgemeinten Todeswünschen
Plattenschrank | Augen Auf | Kill-Them-All

Schnoofy

2.0.13 -> 2.0.14

Soeben haben wir ein Update auf die Version 2.0.14 durchgefuehrt (Ankuendigung von Simple Machine).

Der Changelog:
Zitat von: SMF 2.0.14SMF 2.0.14                                           May 14, 2017
===============================================================================
! Updating session handlers
! Adding HTTPS
! fetch_web_data now uses cURL, falling back to sockets
! Ported image proxy support from SMF 2.1
! Also added HTTPS for avatars
! Added a simple exception handler
! Check session while logging in
! Sanitize some fields to help guard against XSS
! Validate email addresses with PHP's filter method
! Fix search highlighting to not mangle/expose some HTML
! Fix password acceptance when special characters were used in UTF-8;
! Correct some random logic errors in the profile area
! Use ampersands instead of semi-colons for PayPal's return link
! Fix sending multiple MIME-Version headers in notification mail
! Fix sending multipel Content-Type headers in all requests

Sollten Euch Fehler auffallen, so meldet sie bitte hier.

Zudem testen wir intern mittlerweile SMF 2.1 Beta 3.

Badetuch

Falls ihr Probleme beim Einloggen habt, probiert es über folgenden Link:
http://www.forum.kill-them-all.de/index.php?action=login
Ein Forum ist ein Forum, nur mit ernstgemeinten Todeswünschen
Plattenschrank | Augen Auf | Kill-Them-All

Schnoofy

Zitat von: Badetuch am 25. August 2017, 16:36:09Falls ihr Probleme beim Einloggen habt, probiert es über folgenden Link:
http://www.forum.kill-them-all.de/index.php?action=login
Das Problem sollte nicht mehr auftreten.


2.0.14 -> 2.0.15

Soeben haben wir ein Update auf die Version 2.0.15 durchgefuehrt (Ankuendigung von Simple Machine).

Der Changelog:
Zitat von: SMF 2.0.15SMF 2.0.15                                                    November 19, 2017
===============================================================================

September 2017
! Fixed a minor $smcFunc bug in Search-Fulltext.php
! Fixed a saving Settings.php bools being reset bug
! Fixed a security issue (Reported by Daniel Le Gall from SCRT SA)

June 2017
-------------------------------------------------------------------------------
! Cache the admin search results in the session and avoid IE's 2083 character limit
! Fixed a Mark Board Read bug

May 2017
-------------------------------------------------------------------------------
! Fixed Proxy URLs not handling redirects properly due to case sensitivity
! Fixed SendTopic using incorrect Post data
! Fixed SSI.php having a bad login panel
! Fixed Maintenance Page having a double login button
! Fixed a minor unsigned int typo in MySQL DB
! Fixed Deprecated installer message for ftp_connection.
! Fixed a loop bug in custom search
! Fixed SM Stat collection
! Added SM Stat collection registration to the Admin Control Panel
Sollten Euch Fehler auffallen, so meldet sie bitte hier.

Schnoofy

Zitat von: Schnoofy am 25. August 2017, 16:01:09[...] Zudem testen wir intern mittlerweile SMF 2.1 Beta 3.

Seit ein paar Tagen wird intern SMF 2.1 RC1 getestet.
Aufgrund eines gefundenen Bugs ("A significant bug has been found in RC1 that prevents alerts and notification messages from being sent. A fix for this has already been included in the code on GitHub and will be available in RC2.") wird wahrscheinlich ziemlich bald SMF 2.1 RC2 verfuegbar sein.

Schnoofy

Passend zu dem Erreichbarkeitsproblem des Forums von gestern Nacht / heute Vormittag:

Zitat von: Schnoofy am 18. Februar 2019, 20:31:05[...] wird wahrscheinlich ziemlich bald SMF 2.1 RC2 verfuegbar sein.
SMF 2.1 RC2 ist veroeffentlicht und wird intern getestet.

(Fuer die Interessierten: "Roadmap for [...] upcoming development milestones")

Schnoofy

2.0.15 → 2.0.16

Soeben haben wir ein Update auf die Version 2.0.16 durchgefuehrt (Ankuendigung von Simple Machine).

Der Changelog:
Zitat von: SMF 2.0.16SMF 2.0.16                                                    December 24, 2019
===============================================================================
December 2019
-------------------------------------------------------------------------------
& Changes "Terms and Rules" to "Terms and Policies" to indicate that this will show the privacy policy.
+ Installer now randomizes its initial suggestions for database name and table prefix.
+ Replaces GDPR image with one that we definitely know is in the public domain.

November 2019
-------------------------------------------------------------------------------
! Revert the fix to search highlighting [topic 550840]
! Fixes missing index error when accepting the registration agreement and/or privacy policy.

October 2019
-------------------------------------------------------------------------------
! Updated credits.

September 2019
-------------------------------------------------------------------------------
! Generates $auth_secret during install, so that the admin can log in immediately.
&& Improves UI for viewing/accepting changes to registration agreement & privacy policy.
&& Improves UI for editing registration agreement & privacy policy.

August 2019
-------------------------------------------------------------------------------
! Correctly decides whether to search using a regex when using full text search.
! Prevents errors converting HTML entities to 4-byte characters during database maintenance.
* Removes old 1.1 themes during upgrade.
! Implements a number of fixes for the installer and upgrader.

July 2019
-------------------------------------------------------------------------------
! Removes deprecated ALTER IGNORE statements from upgrade SQL.
! Ensures check_mime_type() is defined before calling it in profileSaveAvatarData().
! Fixes a bug with regex searching in SQLite.
! Removes redundant count() in Poll.php and changes explode for implode.

June 2019
-------------------------------------------------------------------------------
! Uses hash_hmac to generate much more secure hashes for the image proxy.
& Adds `rel="noopener noreferrer"` to links for user supplied URLs. (Reported by Travis Knapp-Prasek)
! Increases cookie security by hashing with a secret authentication key. (Reported by Logan Whitmire)
+ Requires admin password to add/remove admins via group moderation. (Reported by Logan Whitmire)
! Checks MIME type of user-supplied avatar images more thoroughly. (Reported by Logan Whitmire)
+ Adds $force parameter to validateSession()

May 2019
-------------------------------------------------------------------------------
+ Improves functionality and security of token-based unsubscribe system.
+ Adds token-based unsubscribe links to newsletters.
&& Simplifies language strings and templates for unsubscribe links.
! Shows an error message if trying to unsubscribe an invalid member id.
+ Prevents sending newletters to arbitrary email addresses in GDPR mode.

March 2019
-------------------------------------------------------------------------------
! Fixed create_function for the installer, warn for SQLite deprecation.

Feburary 2019
-------------------------------------------------------------------------------
! Limit PM rules and how many times they can be applied in a time period.

December 2018
-------------------------------------------------------------------------------
! Don't proxy images for bots
! Cleanup old proxied images as part of daily maintenance
! Only set the old url whenever stats are being logged [topic 459730]
! Fix search highlighting to not mangle/expose some HTML [topic 550840]
! The code to check for too many PM labels was wrong [topic 559166]
! $db_persist needed to be defined as a global in the MySQLi driver [topic 552581]
! $smcFunc['db_error'] shouldn't require a database object as a parameter
+ Add X-Frame-Options to both the installer and the upgrader

November 2018
-------------------------------------------------------------------------------
+ Add registration agreement section where users can view and agree to the document, complete with logging
! Ensure that count() is called on valid objects when using PM labels in PHP 7.2
+ Try to inject session tokens into any login form that doesn't already have one (may not work in SSI!)
+ Implement privacy policy stuff for GDPR
+ Add link in footer to agreement and privacy policy
! In XML profile export, explicitly state the language even when the member uses the forum default
! In installer and upgrader, get resource files from simplemachines.org via HTTPS
! Avoid generating errors for non-numeric start values when getting recent posts

October 2018
-------------------------------------------------------------------------------
! Add ability to force the browser to download XML feed data as a file (good for GDPR support)
+ Add a link in profile actions menu to export profile info.
+ Make cdata_parse() smarter and less aggressive
+ Add "Allow the administrators to send me important news by email" checkbox to registration form
! Invalidate opcode after writing Settings.php (other/install.php)

June 2018
-------------------------------------------------------------------------------
! Use openssl_random_pseudo_bytes (if available) to generate the token_secret for unsubscribe links
& Fix a minor grammatical error and adds documentation comment to the email template
! Underline the link to the GDPR official info page
! Don't offer the Override Notification Settings option when composing a newsletter if force_gdpr is turned on
+ Implement GDPR compliance regarding unsubscribe links and options for email notifications
+ Add a GDPR compliance toggle to Core Features.

February 2018
-------------------------------------------------------------------------------
! Core theme missing login hash [topic 558445]
! template_kick_guest() missing login hash
! Wireless missing login hash [topic 557843]
! Fix code selection in modern browsers (Firefox, Chrome) [topic 553445]
! Message previews ate emoji on UTF forums [topic 558414]
@ Improve logging of exceptions

January 2018
-------------------------------------------------------------------------------
! Don't load the MySQLi driver if on PHP 5.3
! Fix bitmask for error reporting
! Type mismatch [topics 554723, 556672, 558542]
! Undefined index errors if checking permissions too early [topic 558349]
! matchPackageVersion() did not extract the beta number correctly [topic 557810]
! Must clear the opcode cache on Settings.php when modifying it from within the admin area [topic 560180]
! Board theme should not be overridden by user theme [topic 558121]
! sendmail() should send the current server's name [topic 552893]
! smf_categories lost ordering on InnoDB tables in MySQL [topic 552922]
@ Silence deprecation notices because we use deprecated functions everywhere
! Remove leftover code while porting from 2.1  [topic 555723]
! Several fixes for the proxyl

2.0.16 → 2.0.17

Soeben haben wir ein Update auf die Version 2.0.17 durchgefuehrt (Ankuendigung von Simple Machine).

Der Changelog:
Zitat von: SMF 2.0.17SMF 2.0.17                                                    December 29, 2019
===============================================================================
December 2019
-------------------------------------------------------------------------------
! Fixes a bug that could cause an infinite loop in News.php
! Suppresses deprecated function warnings in SSI.php
! Removes deprecated each() function
! Allows package manager to retrieve packages via HTTPS
Sollten Euch Fehler auffallen, so meldet sie bitte hier.

Warum bin ich ausgeloggt?
Zitat von: SMF.orgAll users, including the admin, will need to log in again after 2.0.16 has been installed.
Quelle: SMF 2.0.17 Released

Badetuch

ACHTUNG:
Solltet ihr Probleme beim LOGIN haben, löscht bitte einmal die Cookies - dann sollte es wieder laufen!
Ein Forum ist ein Forum, nur mit ernstgemeinten Todeswünschen
Plattenschrank | Augen Auf | Kill-Them-All