As I mentioned on my forum, a patch for the forum web application, SMF, has been released. Earlier this month, we talked about SMF 1.1 Final being out and how easy it is to upgrade SMF. Installing the patch was even easier with not only SMF's ability to install the package easily but can also the ability to self-download the patches as well through the browser. No FTP or Linux shell required! Something I would like to see in all my favorite content management systems.

The SMF 1.1.1 patch is mostly a bug fixer, but there is a security improvement for a cross-scripting vulnerability found for Internet Explorer users. The changes from SMF 1.1 to 1.1.1 include:

• Fixed potential XSS vulnerability for users of Internet Explorer.
• Changed the way SMF logs IP addresses to make it harder for someone to bypass banning.
• Fixed bug in BBC parsing that could cause an error for people with special characters in their username on certain versions of PHP.
• Fixed apostrophes in smiley location path causing a database error.
• Fixed usage of an array before it was declared causing issues for bridges.
• Fixed Personal Message labels not being properly restricted to the current member.
• Fixed search sometimes returning no results when it should have done.
• The sticky checkbox in prune boards would alternate when it shouldn't have done.
• Send announcements out in slightly smaller chunks.

The complete announcement for the for SMF patch can be found at the Simple Machines forum. The announcement also contains a tarred and gzipped patch for those that need or prefer to upgrade the "old fashion" way.