2.0.8: http://www.simplemachines.org/community/index.php?topic=524016.0

2.0.9: http://www.simplemachines.org/community/index.php?topic=528448.0 - "Several security issues were identified in both release lines and have been addressed with this patch."

2.0.10: http://www.simplemachines.org/community/index.php?topic=535828.0

2.0.11: http://www.simplemachines.org/community/index.php?topic=539888.0 - "This patch is a security release, which focuses on fixing a minor security vulnerability reported in the software, therefore, it is important that you install this patch in a timely manner."

...So, as a security company, how do you justify continuing to run outdated versions of SMF?Allegedly you're running 2.0.7, which means......none of those bug fixes were applied. Not even the security ones.Additionally, I identified several PHP object injection vulnerabilities in the 2.1 branch, which may also be present in 2.0.x (but there has been no 2.0.12 release). http://www.openwall.com/lists/oss-security/2016/06/10/7 But interestingly, your 404 page says you're still running version 1.1.2: https://forums.comodo.com/docs Please help me understand how to reconcile a security company not patching their rubbish*.Thank you.(PS: I haven't confirmed any of the security bugs exist in the version you're running, because violating the CFAA isn't on my to-do list, but seeing this is really disappointing. How much of the Internet are you responsible for securing, again? I really hope your DB password isn't still cosmicjam8 .)