Hébergement Simple Machines Forum

Simple Machines Forum

Simple Machines Forum est une application gratuite de forum. Simple Machines Forum est dérivé de YaBBSE en 2003.

Installation en 1 clic Simple Machines Forum

Installation en 1 clic

Mise à jour facile Simple Machines Forum

Mise à jour facile

Sauvegarde et restauration Simple Machines Forum

Sauvegarde et restauration

Information

Application
forum
Catégorie
Logiciel de communauté
Version courante
2.0.14
Dernière mise à jour
23 June 2017
Langues
Français + 41 autres

Configuration requise

Taille de l'installation
22 Mo
Base de données
mysql
License
libre/gratuit
Vue d'ensemble
Quoi de neuf

2.0.14

(version de sécurité)
23 Juin - 22MBThis patch adds both security and general maintenance fixes to your forum, so it is imperative that you install this patch quickly.

SMF 2.0.14
  • Updating session handlers
  • Adding HTTPS
  • fetch_web_data now uses cURL, falling back to sockets
  • Ported image proxy support from SMF 2.1
  • Also added HTTPS for avatars
  • Added a simple exception handler
  • Check session while logging in
  • Sanitize some fields to help guard against XSS
  • Validate email addresses with PHP’s filter method
  • Fix search highlighting to not mangle/expose some HTML
  • Fix password acceptance when special characters were used in UTF-8;
  • Correct some random logic errors in the profile area
  • Use ampersands instead of semi-colons for PayPal’s return link
  • Fix sending multiple MIME-Version headers in notification mail
  • Fix sending multipel Content-Type headers in all requests

SMF 2.0.13
  • Some file versions didn't get modified in the 2.0.12 patch
  • Added check and sanitization for $_REQUEST['u'] in LogInOut.php and Reminder.php
  • Added check and sanitization for $_REQUEST['uid'] in Reminder.php
  • Properly sanitize author's website for packages
  • Added session check when uploading packages
  • Added session check when copying template files from one theme to another
  • The code to remove empty BBCode was sometimes breaking things (reported by @rjen; fix provided by Sesquipedalian)
  • Remove hardcoded limits for safe_unserialize as it was causing cache problems
  • Update the cal_max_year setting to 2030

SMF 2.0.12
  • Fixed word censor injection by disallowing an empty 'proper word'
  • Fixed vulnerable unserialize() code by converting all instances to safe_unserialize()
  • Added a more thorough safe_unserialize() function to prevent object injection
  • Fixed a bug where leaving a custom profile field blank on registration that has an email mask would throw an error
  • Fixed PayPal integration to comply with the new forced SSL
  • Fixed a bug where notifications were sent for messages in inaccessible boards
  • Fixed editor to make the editor work with Microsoft Edge
  • Fixed issue where smiley popup is blank on iOS 9 devices
  • Fixed WYSIWYG editor in mobile devices
  • Fixed an undefined $_POST['icon'] in Sources/Post.php
  • Fixed a minor bug in Login2()
  • Fixed an issue where SMF doesn't recognize new domain names and considers these as invalid
  • Fixed an issue where SMF would allow empty BBC
  • Fixed an issue where theme variants could not be selected
  • Fixed an issue where the file version of Subs-Post.php could have been 2.0.8 or 2.0.11. It will be updated to 2.0.12 in either case.
  • Updated copyright year to 2016

Lire la suite: https://www.simplemachines.org/community/index.php?topic=553855.0

2.0.11

(version de sécurité)
23 Septembre 2015 - 22MBThis patch is a security release, which focuses on fixing a minor security vulnerability reported in the software, therefore, it is important that you install this patch in a timely manner.
Lire la suite: http://www.simplemachines.org/community/index.php?topic=539888.0

2.0.10

(supplément 1)
29 Avril 2015 - 22MBApplications:
  • Update: Fixed an issue which could prevent the update process from completing successfully. Updates affected by this issue can be re-started from the UI.

2.0.10


25 Avril 2015 - 22MB
  • The instructions on ManagePaid page need to be updated
  • PayPal emails are case insensitive
  • Long standing problem with ManageNews and PostgreSQL
  • Long standing problem with Smiley sets and PostgreSQL
  • Errors show in log when handling certain tar.gz packages
  • Forum Maintenance - Topics fails if header is collapsed
  • Fix for unsupported UTF8mb4 characters
  • SSI.php doesn't handle "hide results until user has voted" properly
  • Sanitize package redirects
  • Can't use WYSIWYG editor in Pale Moon browser
  • Search dialogue can overflow inappropriately
  • Excessive line in ManageServer.php in the patch upgrade from 2.0.8
  • HTML tag broken in 2.0.9 install package
  • Wrong link in ManageAttachments
  • Error suppression missing in Subs-Package
  • XML post preview was broken in 2.0.9
  • Chrome doesn't like opacity for the news fader anymore
  • Add additional emails in Paid Subscriptions settings for PayPal business accounts.

Lire la suite: http://www.simplemachines.org/community/index.php?topic=535828.0

Afficher plus de versions

2.0.9

(version de sécurité)
3 Octobre 2014 - 22MB
  • SMF tries to stick ORDER BY NULL onto INSERT IGNORE queries containing sub-selects with a GROUP BY statement, causing a database error (Reported by guest)
  • "Show Results" button always shown for polls as long as you can vote in them (Reported by Chainy)
  • Multi-select boxes for settings were broken when no value had been selected (Reported by Suki)
  • Some mail providers screw up the activation link (Reported by NanoSector)
  • PHP 5.4 changes default charset to UTF-8, which can cause problems with search results and PM notification emails (Reported by fun4us)
  • Make sure opcode cache gets cleared when regular cache does
  • Log pruning should only delete closed mod reports, not open ones
  • Fix layout issue with manage permissions page (Reported by Antes)
  • Adjust image check to not fail on "cellTextIsHtml", unless paranoid... (Reported by Arantor)
  • Sanitize all package XML to prevent any XSS attacks (Reported by Arantor)
  • Add session check when previewing posts to prevent XSS via [html] from forged forms (Reported by emanuele)
  • Sanitize maintenance mode title to prevent XSS attacks if HTML is used in it (Reported by guest)

Lire la suite: http://www.simplemachines.org/community/index.php?topic=528448.0

2.0.8


18 Juin 2014 - 22MB
  • Nobbc should work across multiple lines
  • Package manager shouldn't fail when only 32M of memory is available
  • Quoting posts with smileys in, in the WYSIWYG editor, shouldn't spout nonsense into the editor (in the way certain versions of 2.0.7 did)
  • Td tags with a colspan should still function and not consume vast amounts of memory
  • Using lots of html bbcode tags when not an admin should not consume vast amounts of memory
  • Using queryless URLs, and/or when the PHPSESSID is present, should not consume vast amounts of memory
  • Breaking long words should function without consuming lots of memory
  • Adding posts with many smileys or bbc with specific parameter types (many times especially) should not consume vast amounts of memory, e.g. [acronym=definition]term[/acronym]
  • Emails should work without consuming vast amounts of memory
  • Time tags should work without consuming vast amounts of memory
  • The copyright year should be updated
  • Board order should always work correctly (if at a performance hit, a la the mod Arantor prepared)
  • The memberlist search feature could, in some cases, throw a database error if no valid fields were specified

Lire la suite: http://www.simplemachines.org/community/index.php?topic=524016.0

2.0.7

(supplément 1)
22 Janvier 2014 - 22MBApplications:
  • Install and Update: Added revisions published by Simple Machines Forum.

2.0.7


21 Janvier 2014 - 22MB
  • PHP 5.5 compatibility fixes merged in. (Thanks to all who contributed but especially SleePy and Spuds)
  • Trim the username if oversized when logging in. (Thanks to TMcomputering for the report)
  • Check that group inheritance is actually going to be viable before trying to do further inquiry. (Thanks to tfs for the report)
  • Made sure some of the calendar holidays are corrected when previously incorrect.
  • Don't let the prune reports function prune open, or for that matter, ignored, reports. (Reported by Kimmie)
  • If an uploaded file somehow has an image size but isn't really an image, don't try to treat it as an image.
  • Make file cache somewhat less fragile.
  • ssi_fetchPosts didn't honour overriding permissions. (Thanks to IchBin for a fix)
  • Privacy and original sending time were not kept in the mail queue in the event of sending failure.
  • Wrong variable used in the mail queue handling (Thanks to Nao for originally finding the bug)
  • Themes with spaces in could break the editor handling. (Thanks to akyhne for the report and akabugeyes for a suggested fix)
  • Made the anti-XSS header a little less picky.
  • FIND_IN_SET wasn't always properly set up for PostgreSQL use.
  • Multiple installed themes with variants wouldn't all be able to be selected properly.
  • Fields that are regex-validated couldn't be left empty (thanks HappyBits and emanuele)
  • Fixing legacy TYPE=HEAP (thanks heusdens for the report)

Lire la suite: http://www.simplemachines.org/community/index.php?topic=517205.0

2.0.6

(version de sécurité)
22 Octobre 2013 - 22MBCritical security issues have been identified and are fixed with this update, therefore it is recommended to make sure you update your forums immediately to ensure your community is safe. A few other minor bugs have also been fixed.
  • Added some headers to help protect against clickjacking (thanks Jakob Lell for the report)
  • Invalid avatars were not always properly cleaned up (thanks chaoztc for the report)
  • Added protection against usernames being impersonated with Unicode space characters (thanks Jakob Lell for the report)
  • Sessions weren't always cleaned up properly on logout (thanks creepernex for the report)
  • Certain fields were accepted during registration even when they shouldn't be (thanks tomreyn for the report)
  • Certain errors were unnecessarily shown during a failed registration and some of those were inappropriate anyway (thanks Labradoodle-360 for the report)
  • Approving an account from a member's profile was not logged (thanks emanuele for the report)
  • Approving an account from a member's profile did not always properly enforce security rules (thanks emanuele for the report)
  • The PHPSESSID injector would also add it to the canonical link, breaking it (thanks to all who reported it)
  • An invalid character was indicated in legacy attachment handling
  • Under some circumstances the admin panel would not accept the number of verification questions you had entered (thanks BurkeKnight for the report)
  • The help pages could sometimes accidentally direct users to non-existing pages (thanks AngelinaBelle for the report and Illori for the fix)

Lire la suite: http://www.simplemachines.org/community/index.php?topic=509417.0

2.0.5

(version de sécurité)
12 Août 2013 - 22MBCritical security issues have been identified and are fixed with this update, therefore it is recommended to make sure you update your forums immediately to ensure your community is safe. A few other minor bugs have also been fixed.
  • Updated the WHOIS search URL for RIPE (thanks Runic)
  • Fixed a problem with upgrade.php that wasn't able to continue after db errors (thanks akc42 for the fix)
  • Fixed code injection in manage language pages (thanks HauntIT for the report)
  • Fixed XSS in the news page, emails field (thanks HauntIT for the report)
  • XSS in personal messages page (thanks HauntIT for the report)

Lire la suite: http://www.simplemachines.org/community/index.php?topic=509417.0

2.0.4

(supplément 1)
5 Août 2013 - 22MBApplications:
  • Added compatibility for CloudLinux CageFS.

2.0.4


1 Février 2013 - 22MBCritical security issues have been identified and are fixed with this update, therefore it is recommended to make sure you update your forums immediately to ensure your community is safe. A few other minor bugs have also been fixed.
  • Joshua's fix for validatePasswordFlood logic error (reported by Raz0r)
  • Arantor fix for database error on lost connections
  • Quick fix for Admin Password Reset vulnerability reported by Raz0r
  • Directory traversal vulnerability in the function ViewFile (thanks yan.uniko.102 for reporting and Arantor for proposing the fix and Spuds for spotting the undefined variable)
  • active users cannot change anymore the email from action activate without deactivation/confirmation (thanks BarteX for reporting the issueand suggesting a fix)
  • Change language from the admin panel could allow XSS, path disclosure and code injection (thanks Jakub Galczyk for reporting the issue)
  • Missing arguments in SSI functions called through ?ssi= generated error messages showing full server file path (thanks yan.uniko.102 for reporting it)
  • Directory listing and editing of arbitrary files from the theme editing page in the admin panel

Lire la suite: http://www.simplemachines.org/community/index.php?topic=496403.0

2.0.3


16 Décembre 2012 - 22MBCritical security issues have been identified and are fixed with this update, therefore it is recommended to make sure you update your forums immediately to ensure your community is safe. A few other minor bugs have also been fixed. The most relevant bug fix is an issue that will arise in few months with PayPal: starting on February 1, 2013 PayPal will only accept headers which comply with the HTTP 1.1 specification.
  • SSI showed hidden boards on non-properly configured forums (part 2)
  • SSI showed hidden boards on non-properly configured forums
  • XSS in moderation log page (thanks kingW3 for the report)
  • ManagePaid fails if copies of Subscriptions-Paypal,php are present
  • PCRE engine starting at rev 8.3, will not allow you to specify the surrogate range D800–DFFF - From Spuds (similar to commit 10994)
  • Fixed lacking of check on referer URL when adminLogin comes into play (1.0, 1.1 and 2.0 versions)
  • Fixes for paypal moving to HTTP 1.1 [bug 5009]
  • update sandbox to use https, the former address results in a redirect
  • curl did not work due to improper check
  • subscriptions should also check for approved payment. Cherry-picked from git commit 07d4bc9fba8942fd284d3d0c3c732889a7bc2e6f by Spuds
  • Fixed the upgrade.php failing when the Themes directory was in a directory other than $boarddir (thanks iacchi for finding the cause)
  • Applied all the changes proposed by rawlogic to fix the intermittent session verification failures

Lire la suite: http://www.simplemachines.org/community/index.php?topic=492786.0

2.0.2


23 Décembre 2011 - 22MB

2.0.1


19 Septembre 2011 - 22MB

2.0

(version majeure)
11 Juin 2011 - 22MB

1.1.21


25 Avril 2015 - 10MB
  • XML post preview was broken in 1.1.20
  • XSS possibility if HTML used in maintenance mode title (Reported by guest)
  • Various parts of the package system could allow XSS attacks (Reported by Arantor)
  • Add session check to post preview to prevent XSS from html tag through forged forms (Reported by emanuele)

Lire la suite: http://www.simplemachines.org/community/index.php?topic=535828.0

1.1.19

(version de sécurité)
22 Octobre 2013 - 10MBCritical security issues have been identified and are fixed with this update.
Lire la suite: http://www.simplemachines.org/community/index.php?topic=512964.0

1.1.18


1 Février 2013 - 10MBCritical security issues have been identified and are fixed with this update.
Lire la suite: http://www.simplemachines.org/community/index.php?topic=496403.0

1.1.17


16 Décembre 2012 - 10MB

1.1.16


23 Décembre 2011 - 10MB

1.1.15


19 Septembre 2011 - 10MB

1.1.14


11 Juin 2011 - 10MB

1.1.13


12 Février 2011 - 10MB

1.1.12


2 Novembre 2010 - 10MB

1.1.11


4 Décembre 2009 - 10MB

1.1.10


15 Juillet 2009 - 10MB

1.1.9


22 Mai 2009 - 10MB

1.1.8


5 Février 2009 - 10MB

1.1.7


11 Novembre 2008 - 10MB

1.1.6


14 Septembre 2008 - 10MB

1.1.5


2 Mai 2008 - 10MB

1.1.4


2 Octobre 2004 - 10MB

1.1.3


9 Août 2007 - 10MB

1.1.2


20 Février 2007 - 10MB

1.1.1


21 Décembre 2006 - 10MB

1.0.9


31 Octobre 2006 - 4MB

1.0.8


27 Août 2006 - 4MB

1.0.7


10 Avril 2006 - 4MB

1.0.6


7 Février 2006 - 4MB

1.0.5


30 Juin 2005 - 4MB

1.0.4


22 Juin 2005 - 4MB

1.0.3


2 Mai 2005 - 6MB

1.0


11 Janvier 2005 - 2MB

Nos hébergements Web compatibles avec
Simple Machines Forum

Web

Uniquement l'hébergement Web

Hébergement Web 100% SSD
100 Go et +
Gestion multisites
Certificats SSL gratuits
Protection Anti-DDoS
10 Go de VOD


En savoir plus

à partir de 5.75 € / mois

Classic

L'offre complète Web+Mail

Hébergement Web 100% SSD
100 Go et +
Gestion multisites
Certificats SSL gratuits
Protection Anti-DDoS
10 Go de VOD


Messagerie professionnelle
25 adresses email avec stockage illimité


WorkSpace
Messagerie en ligne
Messagerie instantanée
Synchronisation des contacts et agendas


En savoir plus

à partir de 7.42 € / mois

Serveur Cloud

Managé

Hébergement Web 100% SSD
100 Go et +
Gestion multisites
Certificats SSL gratuits
Protection Anti-DDoS
10 Go de VOD


Puissance
2 CPU et +
6 Go de RAM et +
100% SSD
Ressources 100% dédiées


Gestion
Infomaniak gère votre serveur


En savoir plus

à partir de 29 € / mois

Prix en EUR TTC

Assistance

Guides utiles

    +41 22 820 35 44

    Du lundi au vendredi de 8h00 à 17h50