Simple Machines Forum project has released SMF 1.1.17 and SMF 2.0.3 security patches for the SMF community.
A security issue has been identified in all versions and is fixed with this patch, therefore it is recommended to make sure you update your forums immediately to ensure your community is safe.
Additionally, another security issue a few bug fixes to SMF 2.0.2 are also included within the patch for 2.0.x.
The most relevant bug fix is an issue that will arise in few months with PayPal: starting on February 1, 2013 PayPal will only accept headers which comply with the HTTP 1.1 specification.
If you are running 2.0.2, you can update your forum to 2.0.3 using the package manager. You should see the upgrade notification in the Admin panel and in the package manager, allowing you to download and install seamlessly. If you don’t have a notification about the update, please run the scheduled task “Fetch Simple Machines files”.
You can also download the patch for 2.0.2 from the customize site: smf_patch_2.0.3.tar.gz patch, and install it using the package manager.
If you are running 1.1.16, you can update to 1.1.17 with the smf_patch_1.0.23_1.1.17.tar.gz patch, also using the package manager.
Please find the changelog for the latest release as usual, on the downloads page: