Just a reminder: Simplemachines is now at 1.05 and you still use 1.01
There is a changelog in 1.05 in case you wonder if updating is needed. Usually is, at least for security reasons. Be sure they will “urge” you to take action, not much different than AV software
SMF is very solid, also with updates. Piece of cake but take a look at their very informative support forum if there are questions. Mods and themes are probably only concern. Most themes are updated for each new forum version - minor changes. But check that, this is custom made theme I think.
Kubec’s approach is always ‘don’t touch it when it works’.
This software works without problems. New version doesn’t bring any new functionality (1.0.4 was even buggy). There are mods which may not work after the upgrade. Why should I risk it?
BTW: There is a beta of 1.1 out. That release has new functionality and it’s something I may consider (as soon as it goes gold).
Very clever and good calculated answer Kubecj. Let’s wait until it goes gold… till now, I haven’t noticed any single soul in these forums that complained about this engine or something connected to it. If it works, don’t fix it…
Well Im not going to talk about forum or php security on an AV forum - just noticed Simplemachines call 1.05 a “critical release” they could be wrong of course…
Those updates are very much suppoesed to be painless, not major operation. The “Dont touch” doesnt and should not apply. Also those mods worth using will be updated, minor changes. Same with themes. Should be checked out but no show stopper.
Your idea and advice is certainly very welcome and with best possible intentions… it’s just, I believe that guys from Alwil have so much to do regarding releasing upcoming avast! program update and testing and fixing problems in those beta releases. Once, they catch some spare time, I’m sure they will play with forum engine and all those goodies we get with those updates.
I hate to have my first post on this board be a negative one but I find it amazing that you’re still using this old a version of SMF. All you have to do is make a backup of your db just in case and then a couple of clicks in the package manager and you’re good to go with 1.05 critical update version. This will be my one and only post on the subject, I came here to learn more about my Avast AV program. I just couldn’t resist giving my opinion.
No one is criticizing you for asking the right questions. But then the answers are not always that simple. Sometimes it is a benefit to use an older program version, and security wise that can be very true. I for one cannot comment on the reasons, but a bit of conservatism sometimes is the right policy. Google and Adobe had to go back from added functionality in some desktop applications because later people found it was too intrusive. The webmaster of to-day and the security man-of-old are having conflicting interests to-day. That is all I like to comment. I would further encourage you to go on with this, if there are things happening on this forum that arouse your suspicion or are not good security wise, you should never hesitate to inform the moderators. We all come here to learn, and I think your contributions are very welcome.
Well just another reminder, SMF is now at 1.08 and without xraying changelogs Im willing to bet my Avast installation it is very highly recommended you update.
“don’t touch it when it works” - I suggest you leave that decision to SMF people. They are not making updates to bother you. True about features, 1.1 looks like a major update and will be sweet, but this is relevant because of bug fixes and security updates. Not wize to be that clever when it comes to forumcode you have no knowledge about. These things can of course be checked out in details on SMF forum. Just hoping some idiot dont make use of the now fixed exploits and suddenly forum is #¤%&. A little surprising policy from an AV company but ok - you feel lucky, after all it is not phpbb - then you would have been out of circulation long ago 8)
Still it requires someone from Alwil crew to show some effort regarding this matter… is there anyone interested in doing this little update for us Alwil ?
...but this is relevant because of bug fixes and [b]security updates[/b]...
Do we need more reasons than security related updates ? In AV forum like this one, that should be priority. I don’t know much about forum software, but as dk70 already mentioned, this shouldn’t be that difficult.
[i]Simple Machines is happy to release a new update to Simple Machines 1.0. This update will fix a vulnerability that was recently discovered in PHP (malfunctioning zend_hash_del_key_or_index() function). Also included are a small number of bug fixes found since 1.0.7. The vulnerability exists in PHP versions below 4.4.3 and 5.1.4.
We encourage everyone to upgrade their forum to 1.0.8 and all server administrators to upgrade their PHP to at least 4.4.3 or 5.1.4.
As this is a critical release, you can easily upgrade by one of the following ways:
* Use the package manager in your administration center - one click, and you're done.
* Download the update archive file, and upload all of the files from it.
* Download the modification file attached to this message, and manually modify the files according to it.[/i]
Just my 2 cents worth … the forum has worked great as it is and the only good reason for an update is for security reasons. This is first an anti-virus forum and secondly a security forum since that is what anti-virus is for. And thirdly, it is a help forum for those who need help.
“Bells & Whistles” are not needed for good funtionality (nor good security) and would only mean a lot to those whose interest is less that what this forum is about. :
On the other hand, and I would not be disappointed if it does not happen, but a few more smileys would be nice. ;D
Actually, I would like to thank the awil personel for keeping this forum simple and functional. 8)
In general most software used for internet use is supposed to be updated the second update is available. Look at any major product, any forum, CMS or whatever. Always security fixes, sometimes urgent!. Taking it easy is healthy, updates can be “broken”. Time will always tell.
I once had some unwelcomed guest on a server-space placing files used for phishing attack aimed at Barclays Bank PLC. I never did anything but was almost kicked out by ISP. Would have been completely had I not explained how it happend. I was playing with a not so secure upload script and some bot-thingy or whatever made use of it. Placed phishing files imitating mentioned bank. Think the unknown domain got 4000 hits in 24 hours, ISP got letter from bank etc. Anyway, that experience learned me a lesson and told me there are real dangers out there and unless you are in control of code yourself you need to check out sources, bugs really well. No comparison but still… You cant be sure some clown is not preparing a kick in Avast butt through old forum and also not that the latest and greatest can prevent that - but between the 2 choices most secure is not hard to chose.
Tweaking and prettifying forum software is not an easy task but dont underestimate the power of features CharleyO. Throw in some extensions/plugins/modifications and watch people go crazy 8) Some are quite useful gadgets, also for Avast but one of the things that can make updating troublesome is to have tons of modifications. Then forget about press a button. Each modification must be remade, perhaps not even possible. Can be much work. Unless Im mistaken Avast forum is plain and without extras so update is easy.