Today, we have released Simple:Press Version 4.4.3. This is an urgent security release and we urge all Simple:Press users to upgrade as soon as possible. We would like to thank Paul Murphy for alerting us to a security hole in the avatar uploader which is the primary reason for this release. Additionally, we have included a few other bug fixes in the release. With this release, Simple:Press now supports the WP oEmbeds in the post content. So your users can now simply dump the url of a supported oEmbed video in the post content and we will auto handle the embedding of the video. This should greatly help with YouTube changing the default embed method from object to iframe as Simple:Press does not allow iframes in post content as its too great a security risk to allow users to post iframes.
Please head over to our downloads page and grab it.
The affected files are listed below:
M simple-forum/admin/panel-users/forms/sfa-users-members-form.php
M simple-forum/forum/sf-page-components.php
M simple-forum/forum/sf-topic-components.php
M simple-forum/forum/ahah/sf-ahah-adminlinks.php
M simple-forum/forum/ahah/sf-ahah-admintools.php
M simple-forum/forum/sf-forum-components.php
M simple-forum/linking/sf-links-comments.php
M simple-forum/profile/forms/sf-form-profile.php
M simple-forum/library/sf-common-display.php
M simple-forum/library/sf-primitives.php
M simple-forum/library/sf-database.php
M simple-forum/library/sf-filters.php
M simple-forum/library/sf-support.php
M simple-forum/install/sf-install.php
M simple-forum/install/sf-upgrade.php
M simple-forum/editors/tinymce/plugins/spellchecker/editor_plugin.js
M simple-forum/editors/tinymce/plugins/spellchecker/classes/utils/JSON.php
M simple-forum/resources/jscript/ajaxupload/sf-uploader.php
M simple-forum/sf-control.php
M simple-forum/messaging/sf-pm-components.php