topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 1:11 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: SMF v1.0 - END OF LIFE ANNOUNCEMENT  (Read 2866 times)

db90h

  • Coding Snacks Author
  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 481
  • Software Engineer
    • View Profile
    • Bitsum - Take control of your PC
    • Read more about this member.
    • Donate to Member
SMF v1.0 - END OF LIFE ANNOUNCEMENT
« on: April 03, 2012, 06:18 AM »
News, today.

SMF v1.0 is finally being EOL'd. That means no more security patches. See: http://www.simplemac...topic=472913.new#new

SMF v1.1 is ok.
SMF v2 is of course ok.

There have been multiple critical exploits in SMF over the years, so anyone using SMF v1.0 needs to work on upgrading immediately. Also, be sure to keep an eye out for SMF exploits. 0-day or unpatched exploits on forum and CMS software is perhaps the #1 way sites get breached (well, one of the top mechanisms anyway).
« Last Edit: April 03, 2012, 03:00 PM by db90h »

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: SMF v1.0 - END OF LIFE ANNOUNCEMENT
« Reply #1 on: April 03, 2012, 08:59 AM »
Thanks for the heads up db.  I don't know how many people are actually using 1.0 so i'm not sure this will be too much of a concern.  Version 1.1 is still quite a bit in use so let's hope they don't end patch support of that anytime soon.

db90h

  • Coding Snacks Author
  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 481
  • Software Engineer
    • View Profile
    • Bitsum - Take control of your PC
    • Read more about this member.
    • Donate to Member
Re: SMF v1.0 - END OF LIFE ANNOUNCEMENT
« Reply #2 on: April 03, 2012, 09:43 AM »
Yes, v1.0 is very old... but there are probably sites using it. Just like you got 'bound' to 1.1 with your custom mods, others may have gotten 'bound' to v1.0. Anyway, I wouldn't expect them to EOL 1.1 anytime in the near future, there are hundreds of thousands of sites using it (wild guess).

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,466
    • View Profile
    • Donate to Member
Re: SMF v1.0 - END OF LIFE ANNOUNCEMENT
« Reply #3 on: April 03, 2012, 02:18 PM »
All board systems have similar problems: Once customized, upgrading is hard. phpBB, at least, tries to preserve hacks when updating and allows to keep them as well as possible. Maybe there should just be a WordPress-like plug-in system with hooks instead of core modifications.

db90h

  • Coding Snacks Author
  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 481
  • Software Engineer
    • View Profile
    • Bitsum - Take control of your PC
    • Read more about this member.
    • Donate to Member
Re: SMF v1.0 - END OF LIFE ANNOUNCEMENT
« Reply #4 on: April 03, 2012, 02:42 PM »
Yes, SMF has made their update system into 'patches' that can be more easily applied, even *with* modifications (so long as they aren't that extensive). Still, it may sometimes require custom tweaking. Honestly, if I had a board as customized as this, I'd be paranoid as could be about exploits. Fortunately the code is closed (though legally you may have to reveal it if anyone asked, depending on the SMF license?), so it can't be evaluated for breach points, but it takes only the slightest of mistakes to create a breach point. That's why I *prefer* running a forum (or any third-party code) in an isolated user context.