Comodo is a Security Company, Right?

…So, as a security company, how do you justify continuing to run outdated versions of SMF?

Allegedly you’re running 2.0.7, which means…

…none of those bug fixes were applied. Not even the security ones.

Additionally, I identified several PHP object injection vulnerabilities in the 2.1 branch, which may also be present in 2.0.x (but there has been no 2.0.12 release). oss-security - Simple Machines Forums - PHP Object Injection

But interestingly, your 404 page says you’re still running version 1.1.2: https://forums.comodo.com/docs

Please help me understand how to reconcile a security company not patching their rubbish*.

Thank you.

(PS: I haven’t confirmed any of the security bugs exist in the version you’re running, because violating the CFAA isn’t on my to-do list, but seeing this is really disappointing. How much of the Internet are you responsible for securing, again? I really hope your DB password isn’t still cosmicjam8.)

So, Melih, do you have any response? Or are you going to bury your head in the sand and let this place rot even further? (I PM’ed you too.)

You catch more flies with honey than you do with vinegar. 88)

Not interested in flies.

I want to know how a company in the security industry can flip* up this badly and not go out of business. This negligence is probably how Comodo ended up in Zero For 0wned in the first place.

If nothing else, I hope LetsEncrypt sinks this rotting cadaver before it can deceive any more hapless consumers.

You need to stop trolling. What [any] company uses for their website/server is really none of your concern unless you are the IT manager of that site.
This thread is being locked as you are simply looking for a fight.