Category Archive for Security

Today, we have released Simple:Press Version 4.4.3. This is an urgent security release and we urge all Simple:Press users to upgrade as soon as possible. We would like to thank Paul Murphy for alerting us to a security hole in the avatar uploader which is the primary reason for this release. Additionally, we have included a few other bug fixes in the release. With this release, Simple:Press now supports the WP oEmbeds in the post content. So your users can now simply dump the url of a supported oEmbed video in the post content and we will auto handle the embedding of the video. This should greatly help with YouTube changing the default embed method from object to iframe as Simple:Press does not allow iframes in post content as its too great a security risk to allow users to post iframes.

Please head over to our downloads page and grab it.

The affected files are listed below:

M simple-forum/admin/panel-users/forms/sfa-users-members-form.php
M simple-forum/forum/sf-page-components.php
M simple-forum/forum/sf-topic-components.php
M simple-forum/forum/ahah/sf-ahah-adminlinks.php
M simple-forum/forum/ahah/sf-ahah-admintools.php
M simple-forum/forum/sf-forum-components.php
M simple-forum/linking/sf-links-comments.php
M simple-forum/profile/forms/sf-form-profile.php
M simple-forum/library/sf-common-display.php
M simple-forum/library/sf-primitives.php
M simple-forum/library/sf-database.php
M simple-forum/library/sf-filters.php
M simple-forum/library/sf-support.php
M simple-forum/install/sf-install.php
M simple-forum/install/sf-upgrade.php
M simple-forum/editors/tinymce/plugins/spellchecker/editor_plugin.js
M simple-forum/editors/tinymce/plugins/spellchecker/classes/utils/JSON.php
M simple-forum/resources/jscript/ajaxupload/sf-uploader.php
M simple-forum/sf-control.php
M simple-forum/messaging/sf-pm-components.php

Simple:Press Forum V4.1.3 is now available for download. This release is primarily a security release and is recommended for ALL users of SPF. A couple of potential security issues have arisen and we wanted to get those holes plugged as quickly as possible. This release does contain a few minor bug fixes for a couple of 4.1.2 issues but does not address all the 4.1.2 issues.

We are still hoping to have the V4.2.0 beta release available in the next week or so which addresses all of the 4.1.2 issues plus includes some nifty new features. However, taking care of this security release has set us back a few day. You can read all about the pending 4.2 features in our 4.2 features announcement.

We apologize for the inconvenience of a security update, but feel its important to help keep the users of SPF protected. As always, please visit us in the support forum if you have any issues or questions.