Hosting Simple Machines Forum
Included in our offers

Simple Machines Forum
Simple Machines Forum is a free forum application. Simple Machines Forum forked from YaBBSE in 2003.

1 click installation

Easy update

Backup and restoration
Information
System Requirements
2.0.17
2 January 2020 - 22MB
- Fixes a bug that could cause SMF 2.0.16 to start consuming significant amounts of CPU-resources when the RSS function was used.
- Eliminates some deprecated function warnings when using SSI.php on PHP 7.2+.
Read more: https://www.simplemachines.org/community/index.php?topic=571067.0
2.0.16
(security release)
27 December 2019 - 22MBHighlights
- Support for privacy policy in addition to registration agreement
- GDPR Compliance toggle in Core Features
- Enabling this configures multiple settings and new features to comply with the GDPR, including:
- Requiring members to accept the current privacy policy in order to use the forum
- Asking during registration whether the new member wants to receive announcements via email
- Enabling token-based unsubscribe links in emails so members can unsubscribe without logging in
- Allowing members to download a copy of their profile information
- Adjusting the behaviour of a number of other features in minor ways as necessary
- PHP 7.2 support
- Improved security hashes for the image proxy
- Improved security for the login cookie
- Assorted other security improvements
- Various improvements for both the installer and upgrader
Changes
& Fix a minor grammatical error and adds documentation comment to the email template
- Updated credits.
- Revert the fix to search highlighting [topic 550840]
- Generates $auth_secret during install, so that the admin can log in immediately.
- Improves UI for viewing/accepting changes to registration agreement & privacy policy.
- Improves UI for editing registration agreement & privacy policy.
- Correctly decides whether to search using a regex when using full text search.
- Prevents errors converting HTML entities to 4-byte characters during database maintenance.
- Removes old 1.1 themes during upgrade.
- Implements a number of fixes for the installer and upgrader.
- Removes deprecated ALTER IGNORE statements from upgrade SQL.
- Ensures check_mime_type() is defined before calling it in profileSaveAvatarData().
- Fixes a bug with regex searching in SQLite.
- Removes redundant count() in Poll.php and changes explode for implode.
- Uses hash_hmac to generate much more secure hashes for the image proxy.
- Adds `rel="noopener noreferrer"` to links for user supplied URLs. (Reported by Travis Knapp-Prasek)
- Increases cookie security by hashing with a secret authentication key. (Reported by Logan Whitmire)
- Requires admin password to add/remove admins via group moderation. (Reported by Logan Whitmire)
- Checks MIME type of user-supplied avatar images more thoroughly. (Reported by Logan Whitmire)
- Adds $force parameter to validateSession()
- Improves functionality and security of token-based unsubscribe system.
- Adds token-based unsubscribe links to newsletters.
- Simplifies language strings and templates for unsubscribe links.
- Shows an error message if trying to unsubscribe an invalid member id.
- Prevents sending newletters to arbitrary email addresses in GDPR mode.
- Fixed create_function for the installer, warn for SQLite deprecation.
- Limit PM rules and how many times they can be applied in a time period.
- Don't proxy images for bots
- Cleanup old proxied images as part of daily maintenance
- Only set the old url whenever stats are being logged [topic 459730]
- Fix search highlighting to not mangle/expose some HTML [topic 550840]
- The code to check for too many PM labels was wrong [topic 559166]
- $db_persist needed to be defined as a global in the MySQLi driver [topic 552581]
- $smcFunc['db_error'] shouldn't require a database object as a parameter
- Add X-Frame-Options to both the installer and the upgrader
- Add registration agreement section where users can view and agree to the document, complete with logging
- Ensure that count() is called on valid objects when using PM labels in PHP 7.2
- Try to inject session tokens into any login form that doesn't already have one (may not work in SSI!)
- Implement privacy policy stuff for GDPR
- Add link in footer to agreement and privacy policy
- In XML profile export, explicitly state the language even when the member uses the forum default
- In installer and upgrader, get resource files from simplemachines.org via HTTPS
- Avoid generating errors for non-numeric start values when getting recent posts
- Add ability to force the browser to download XML feed data as a file (good for GDPR support)
- Add a link in profile actions menu to export profile info.
- Make cdata_parse() smarter and less aggressive
- Add "Allow the administrators to send me important news by email" checkbox to registration form
- Invalidate opcode after writing Settings.php (other/install.php)
- Use openssl_random_pseudo_bytes (if available) to generate the token_secret for unsubscribe links
- Underline the link to the GDPR official info page
- Don't offer the Override Notification Settings option when composing a newsletter if force_gdpr is turned on
- Implement GDPR compliance regarding unsubscribe links and options for email notifications
- Add a GDPR compliance toggle to Core Features.
- Core theme missing login hash [topic 558445]
- template_kick_guest() missing login hash
- Wireless missing login hash [topic 557843]
- Fix code selection in modern browsers (Firefox, Chrome) [topic 553445]
- Message previews ate emoji on UTF forums [topic 558414]
- Improve logging of exceptions
- Don't load the MySQLi driver if on PHP 5.3
- Fix bitmask for error reporting
- Type mismatch [topics 554723, 556672, 558542]
- Undefined index errors if checking permissions too early [topic 558349]
- matchPackageVersion() did not extract the beta number correctly [topic 557810]
- Must clear the opcode cache on Settings.php when modifying it from within the admin area [topic 560180]
- Board theme should not be overridden by user theme [topic 558121]
- sendmail() should send the current server's name [topic 552893]
- smf_categories lost ordering on InnoDB tables in MySQL [topic 552922]
- Silence deprecation notices because we use deprecated functions everywhere
- Remove leftover code while porting from 2.1 [topic 555723]
- Several fixes for the proxy
Read more: https://www.simplemachines.org/community/index.php?topic=570986.0
2.0.15
(security release)
16 June 2018 - 22MBHighlights
- A security issue reported by Daniel Le Gall from SCRT SA
- Various bug fix with Proxy handler
- Login fixes for SSI and Maintenance mode
- Various Search fixes
- Email handling issue fixed when using SendTopic
- Fixed SM Stat collection and added opt in/out functionality to the Admin Panel
Read more: https://www.simplemachines.org/community/index.php?topic=557176.0
2.0.14
(security release)
23 June 2017 - 22MBThis patch adds both security and general maintenance fixes to your forum, so it is imperative that you install this patch quickly.
SMF 2.0.14
- Updating session handlers
- Adding HTTPS
- fetch_web_data now uses cURL, falling back to sockets
- Ported image proxy support from SMF 2.1
- Also added HTTPS for avatars
- Added a simple exception handler
- Check session while logging in
- Sanitize some fields to help guard against XSS
- Validate email addresses with PHP’s filter method
- Fix search highlighting to not mangle/expose some HTML
- Fix password acceptance when special characters were used in UTF-8;
- Correct some random logic errors in the profile area
- Use ampersands instead of semi-colons for PayPal’s return link
- Fix sending multiple MIME-Version headers in notification mail
- Fix sending multipel Content-Type headers in all requests
SMF 2.0.13
- Some file versions didn't get modified in the 2.0.12 patch
- Added check and sanitization for $_REQUEST['u'] in LogInOut.php and Reminder.php
- Added check and sanitization for $_REQUEST['uid'] in Reminder.php
- Properly sanitize author's website for packages
- Added session check when uploading packages
- Added session check when copying template files from one theme to another
- The code to remove empty BBCode was sometimes breaking things (reported by @rjen; fix provided by Sesquipedalian)
- Remove hardcoded limits for safe_unserialize as it was causing cache problems
- Update the cal_max_year setting to 2030
SMF 2.0.12
- Fixed word censor injection by disallowing an empty 'proper word'
- Fixed vulnerable unserialize() code by converting all instances to safe_unserialize()
- Added a more thorough safe_unserialize() function to prevent object injection
- Fixed a bug where leaving a custom profile field blank on registration that has an email mask would throw an error
- Fixed PayPal integration to comply with the new forced SSL
- Fixed a bug where notifications were sent for messages in inaccessible boards
- Fixed editor to make the editor work with Microsoft Edge
- Fixed issue where smiley popup is blank on iOS 9 devices
- Fixed WYSIWYG editor in mobile devices
- Fixed an undefined $_POST['icon'] in Sources/Post.php
- Fixed a minor bug in Login2()
- Fixed an issue where SMF doesn't recognize new domain names and considers these as invalid
- Fixed an issue where SMF would allow empty BBC
- Fixed an issue where theme variants could not be selected
- Fixed an issue where the file version of Subs-Post.php could have been 2.0.8 or 2.0.11. It will be updated to 2.0.12 in either case.
- Updated copyright year to 2016
Read more: https://www.simplemachines.org/community/index.php?topic=553855.0
display more versions2.0.11
(security release)
23 September 2015 - 22MBThis patch is a security release, which focuses on fixing a minor security vulnerability reported in the software, therefore, it is important that you install this patch in a timely manner.
Read more: http://www.simplemachines.org/community/index.php?topic=539888.0
2.0.10
(addendum 1)
29 April 2015 - 22MBApplications:
- Update: Fixed an issue which could prevent the update process from completing successfully. Updates affected by this issue can be re-started from the UI.
2.0.10
25 April 2015 - 22MB
- The instructions on ManagePaid page need to be updated
- PayPal emails are case insensitive
- Long standing problem with ManageNews and PostgreSQL
- Long standing problem with Smiley sets and PostgreSQL
- Errors show in log when handling certain tar.gz packages
- Forum Maintenance - Topics fails if header is collapsed
- Fix for unsupported UTF8mb4 characters
- SSI.php doesn't handle "hide results until user has voted" properly
- Sanitize package redirects
- Can't use WYSIWYG editor in Pale Moon browser
- Search dialogue can overflow inappropriately
- Excessive line in ManageServer.php in the patch upgrade from 2.0.8
- HTML tag broken in 2.0.9 install package
- Wrong link in ManageAttachments
- Error suppression missing in Subs-Package
- XML post preview was broken in 2.0.9
- Chrome doesn't like opacity for the news fader anymore
- Add additional emails in Paid Subscriptions settings for PayPal business accounts.
Read more: http://www.simplemachines.org/community/index.php?topic=535828.0
2.0.9
(security release)
3 October 2014 - 22MB
- SMF tries to stick ORDER BY NULL onto INSERT IGNORE queries containing sub-selects with a GROUP BY statement, causing a database error (Reported by guest)
- "Show Results" button always shown for polls as long as you can vote in them (Reported by Chainy)
- Multi-select boxes for settings were broken when no value had been selected (Reported by Suki)
- Some mail providers screw up the activation link (Reported by NanoSector)
- PHP 5.4 changes default charset to UTF-8, which can cause problems with search results and PM notification emails (Reported by fun4us)
- Make sure opcode cache gets cleared when regular cache does
- Log pruning should only delete closed mod reports, not open ones
- Fix layout issue with manage permissions page (Reported by Antes)
- Adjust image check to not fail on "cellTextIsHtml", unless paranoid... (Reported by Arantor)
- Sanitize all package XML to prevent any XSS attacks (Reported by Arantor)
- Add session check when previewing posts to prevent XSS via [html] from forged forms (Reported by emanuele)
- Sanitize maintenance mode title to prevent XSS attacks if HTML is used in it (Reported by guest)
Read more: http://www.simplemachines.org/community/index.php?topic=528448.0
2.0.8
18 June 2014 - 22MB
- Nobbc should work across multiple lines
- Package manager shouldn't fail when only 32M of memory is available
- Quoting posts with smileys in, in the WYSIWYG editor, shouldn't spout nonsense into the editor (in the way certain versions of 2.0.7 did)
- Td tags with a colspan should still function and not consume vast amounts of memory
- Using lots of html bbcode tags when not an admin should not consume vast amounts of memory
- Using queryless URLs, and/or when the PHPSESSID is present, should not consume vast amounts of memory
- Breaking long words should function without consuming lots of memory
- Adding posts with many smileys or bbc with specific parameter types (many times especially) should not consume vast amounts of memory, e.g. [acronym=definition]term[/acronym]
- Emails should work without consuming vast amounts of memory
- Time tags should work without consuming vast amounts of memory
- The copyright year should be updated
- Board order should always work correctly (if at a performance hit, a la the mod Arantor prepared)
- The memberlist search feature could, in some cases, throw a database error if no valid fields were specified
Read more: http://www.simplemachines.org/community/index.php?topic=524016.0
2.0.7
(addendum 1)
22 January 2014 - 22MBApplications:
- Install and Update: Added revisions published by Simple Machines Forum.
2.0.7
21 January 2014 - 22MB
- PHP 5.5 compatibility fixes merged in. (Thanks to all who contributed but especially SleePy and Spuds)
- Trim the username if oversized when logging in. (Thanks to TMcomputering for the report)
- Check that group inheritance is actually going to be viable before trying to do further inquiry. (Thanks to tfs for the report)
- Made sure some of the calendar holidays are corrected when previously incorrect.
- Don't let the prune reports function prune open, or for that matter, ignored, reports. (Reported by Kimmie)
- If an uploaded file somehow has an image size but isn't really an image, don't try to treat it as an image.
- Make file cache somewhat less fragile.
- ssi_fetchPosts didn't honour overriding permissions. (Thanks to IchBin for a fix)
- Privacy and original sending time were not kept in the mail queue in the event of sending failure.
- Wrong variable used in the mail queue handling (Thanks to Nao for originally finding the bug)
- Themes with spaces in could break the editor handling. (Thanks to akyhne for the report and akabugeyes for a suggested fix)
- Made the anti-XSS header a little less picky.
- FIND_IN_SET wasn't always properly set up for PostgreSQL use.
- Multiple installed themes with variants wouldn't all be able to be selected properly.
- Fields that are regex-validated couldn't be left empty (thanks HappyBits and emanuele)
- Fixing legacy TYPE=HEAP (thanks heusdens for the report)
Read more: http://www.simplemachines.org/community/index.php?topic=517205.0
2.0.6
(security release)
22 October 2013 - 22MBCritical security issues have been identified and are fixed with this update, therefore it is recommended to make sure you update your forums immediately to ensure your community is safe. A few other minor bugs have also been fixed.
- Added some headers to help protect against clickjacking (thanks Jakob Lell for the report)
- Invalid avatars were not always properly cleaned up (thanks chaoztc for the report)
- Added protection against usernames being impersonated with Unicode space characters (thanks Jakob Lell for the report)
- Sessions weren't always cleaned up properly on logout (thanks creepernex for the report)
- Certain fields were accepted during registration even when they shouldn't be (thanks tomreyn for the report)
- Certain errors were unnecessarily shown during a failed registration and some of those were inappropriate anyway (thanks Labradoodle-360 for the report)
- Approving an account from a member's profile was not logged (thanks emanuele for the report)
- Approving an account from a member's profile did not always properly enforce security rules (thanks emanuele for the report)
- The PHPSESSID injector would also add it to the canonical link, breaking it (thanks to all who reported it)
- An invalid character was indicated in legacy attachment handling
- Under some circumstances the admin panel would not accept the number of verification questions you had entered (thanks BurkeKnight for the report)
- The help pages could sometimes accidentally direct users to non-existing pages (thanks AngelinaBelle for the report and Illori for the fix)
Read more: http://www.simplemachines.org/community/index.php?topic=509417.0
2.0.5
(security release)
12 August 2013 - 22MBCritical security issues have been identified and are fixed with this update, therefore it is recommended to make sure you update your forums immediately to ensure your community is safe. A few other minor bugs have also been fixed.
- Updated the WHOIS search URL for RIPE (thanks Runic)
- Fixed a problem with upgrade.php that wasn't able to continue after db errors (thanks akc42 for the fix)
- Fixed code injection in manage language pages (thanks HauntIT for the report)
- Fixed XSS in the news page, emails field (thanks HauntIT for the report)
- XSS in personal messages page (thanks HauntIT for the report)
Read more: http://www.simplemachines.org/community/index.php?topic=509417.0
2.0.4
(addendum 1)
5 August 2013 - 22MBApplications:
- Added compatibility for CloudLinux CageFS.
2.0.4
1 February 2013 - 22MBCritical security issues have been identified and are fixed with this update, therefore it is recommended to make sure you update your forums immediately to ensure your community is safe. A few other minor bugs have also been fixed.
- Joshua's fix for validatePasswordFlood logic error (reported by Raz0r)
- Arantor fix for database error on lost connections
- Quick fix for Admin Password Reset vulnerability reported by Raz0r
- Directory traversal vulnerability in the function ViewFile (thanks yan.uniko.102 for reporting and Arantor for proposing the fix and Spuds for spotting the undefined variable)
- active users cannot change anymore the email from action activate without deactivation/confirmation (thanks BarteX for reporting the issueand suggesting a fix)
- Change language from the admin panel could allow XSS, path disclosure and code injection (thanks Jakub Galczyk for reporting the issue)
- Missing arguments in SSI functions called through ?ssi= generated error messages showing full server file path (thanks yan.uniko.102 for reporting it)
- Directory listing and editing of arbitrary files from the theme editing page in the admin panel
Read more: http://www.simplemachines.org/community/index.php?topic=496403.0
2.0.3
16 December 2012 - 22MBCritical security issues have been identified and are fixed with this update, therefore it is recommended to make sure you update your forums immediately to ensure your community is safe. A few other minor bugs have also been fixed. The most relevant bug fix is an issue that will arise in few months with PayPal: starting on February 1, 2013 PayPal will only accept headers which comply with the HTTP 1.1 specification.
- SSI showed hidden boards on non-properly configured forums (part 2)
- SSI showed hidden boards on non-properly configured forums
- XSS in moderation log page (thanks kingW3 for the report)
- ManagePaid fails if copies of Subscriptions-Paypal,php are present
- PCRE engine starting at rev 8.3, will not allow you to specify the surrogate range D800–DFFF - From Spuds (similar to commit 10994)
- Fixed lacking of check on referer URL when adminLogin comes into play (1.0, 1.1 and 2.0 versions)
- Fixes for paypal moving to HTTP 1.1 [bug 5009]
- update sandbox to use https, the former address results in a redirect
- curl did not work due to improper check
- subscriptions should also check for approved payment. Cherry-picked from git commit 07d4bc9fba8942fd284d3d0c3c732889a7bc2e6f by Spuds
- Fixed the upgrade.php failing when the Themes directory was in a directory other than $boarddir (thanks iacchi for finding the cause)
- Applied all the changes proposed by rawlogic to fix the intermittent session verification failures
Read more: http://www.simplemachines.org/community/index.php?topic=492786.0
2.0.2
23 December 2011 - 22MB
2.0.1
19 September 2011 - 22MB
2.0
(major version)
11 June 2011 - 22MB
1.1.21
25 April 2015 - 10MB
- XML post preview was broken in 1.1.20
- XSS possibility if HTML used in maintenance mode title (Reported by guest)
- Various parts of the package system could allow XSS attacks (Reported by Arantor)
- Add session check to post preview to prevent XSS from html tag through forged forms (Reported by emanuele)
Read more: http://www.simplemachines.org/community/index.php?topic=535828.0
1.1.19
(security release)
22 October 2013 - 10MBCritical security issues have been identified and are fixed with this update.
Read more: http://www.simplemachines.org/community/index.php?topic=512964.0
1.1.18
1 February 2013 - 10MBCritical security issues have been identified and are fixed with this update.
Read more: http://www.simplemachines.org/community/index.php?topic=496403.0
1.1.17
16 December 2012 - 10MB
1.1.16
23 December 2011 - 10MB
1.1.15
19 September 2011 - 10MB
1.1.14
11 June 2011 - 10MB
1.1.13
12 February 2011 - 10MB
1.1.12
2 November 2010 - 10MB
1.1.11
4 December 2009 - 10MB
1.1.10
15 July 2009 - 10MB
1.1.9
22 May 2009 - 10MB
1.1.8
5 February 2009 - 10MB
1.1.7
11 November 2008 - 10MB
1.1.6
14 September 2008 - 10MB
1.1.5
2 May 2008 - 10MB
1.1.4
2 October 2004 - 10MB
1.1.3
9 August 2007 - 10MB
1.1.2
20 February 2007 - 10MB
1.1.1
21 December 2006 - 10MB
1.0.9
31 October 2006 - 4MB
1.0.8
27 August 2006 - 4MB
1.0.7
10 April 2006 - 4MB
1.0.6
7 February 2006 - 4MB
1.0.5
30 June 2005 - 4MB
1.0.4
22 June 2005 - 4MB
1.0.3
2 May 2005 - 6MB
1.0
11 January 2005 - 2MB
Our Web hostings are compatible with
Simple Machines Forum
Web
Only the Web hosting
100% SSD Web Hosting
100 GB and +
Multi-site management
Advanced management of EV and DV SSL certificates
Anti-DDoS protection
10 GB of VOD
Learn more
from CHF 9.92 / month
Classic
The complete Web+Mail offer
100% SSD Web Hosting
100 GB and +
Multi-site management
Advanced management of EV and DV SSL certificates
Anti-DDoS protection
10 GB of VOD
Professional messaging
5 email addresses with unlimited storage
WorkSpace
Online messaging
Instant messaging
Syncing contacts and calendars
Learn more
from CHF 12.00 / month
Cloud Server
Managed
100% SSD Web Hosting
100 GB and +
Multi-site management
Advanced management of EV and DV SSL certificates
Anti-DDoS protection
10 GB of VOD
Power
2 CPU and +
6 Gb (RAM) and +
100% SSD
100% dedicated resources
Management
Infomaniak manages your server
Learn more
from CHF 39.00 / month
Prices in CHF