ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

SMF v1.0 - END OF LIFE ANNOUNCEMENT

(1/1)

db90h:
News, today.

SMF v1.0 is finally being EOL'd. That means no more security patches. See: http://www.simplemachines.org/community/index.php?topic=472913.new#new

SMF v1.1 is ok.
SMF v2 is of course ok.

There have been multiple critical exploits in SMF over the years, so anyone using SMF v1.0 needs to work on upgrading immediately. Also, be sure to keep an eye out for SMF exploits. 0-day or unpatched exploits on forum and CMS software is perhaps the #1 way sites get breached (well, one of the top mechanisms anyway).

mouser:
Thanks for the heads up db.  I don't know how many people are actually using 1.0 so i'm not sure this will be too much of a concern.  Version 1.1 is still quite a bit in use so let's hope they don't end patch support of that anytime soon.

db90h:
Yes, v1.0 is very old... but there are probably sites using it. Just like you got 'bound' to 1.1 with your custom mods, others may have gotten 'bound' to v1.0. Anyway, I wouldn't expect them to EOL 1.1 anytime in the near future, there are hundreds of thousands of sites using it (wild guess).

Tuxman:
All board systems have similar problems: Once customized, upgrading is hard. phpBB, at least, tries to preserve hacks when updating and allows to keep them as well as possible. Maybe there should just be a WordPress-like plug-in system with hooks instead of core modifications.

db90h:
Yes, SMF has made their update system into 'patches' that can be more easily applied, even *with* modifications (so long as they aren't that extensive). Still, it may sometimes require custom tweaking. Honestly, if I had a board as customized as this, I'd be paranoid as could be about exploits. Fortunately the code is closed (though legally you may have to reveal it if anyone asked, depending on the SMF license?), so it can't be evaluated for breach points, but it takes only the slightest of mistakes to create a breach point. That's why I *prefer* running a forum (or any third-party code) in an isolated user context.

Navigation

[0] Message Index

Go to full version