QUOTE
Hi everyone,
phpBB Group announces the release of phpBB 2.0.17, the "no, we did not forget
naming it last time" release. This release addresses several bugfixes and some
low security issues as well as the recently seemingly wide-spread XSS issue
(only affecting Internet Explorer).
Please have a look down this announcement for the code changes necessary to fix
the XSS issue, we are again astounded about the energy people put into finding
the smallest issue in phpBB 2.0.x, those must have a lot of time available. But
on the other hand it is always increasing the products security since we do not
introduce new features into the 2.0.x codebase.
With this announcement I want to give you some more information regarding
phpBB's security. psoTFX (Paul S. Owen, Project Manager) initiated and brought
forward the idea and concept of a complete security audit of the 2.0.x codebase.
We introduced some top-notch security people, phpBB-Modders and very talented
people from our teams to participate in this audit. We intend to implement the
changes necessary - and also fixing the found issues, hopefully giving the now
very aged codebase (it is still on a technical level from three years ago) a
lift and bringing it up-to-date with security mechanisms and techniques which
are common nowadays.
We also intend to open our private bugtracker system to the public for reporting
2.0.x bugs within the next days.
As with all new releases we urge you to update as soon as possible. You can of
course find this download available on our downloads page at
http://www.phpbb.com/downloads.php.
As per usual three packages are available to simplify your update.
The Full Package contains entire phpBB2 source and English language package.
The Changed Files Only contains only those files changed from previous versions
of phpBB. Please note this archive contains changed files for each previous
release.
Patch Files contains patch compatible patches from the previous versions of
phpBB.
As always, our Code Changes Tutorial is available too for those with heavily
modded boards.
It can be downloaded from http://www.phpbb.com/phpBB/viewtopic.php?t=308426
Select whichever package is most suitable for you.
Please ensure you read the INSTALL and README documents in docs/ before
proceeding with installation or updates!.
The changelog (contained within this release) is as follows:
- Added extra checks to the deletion code in privmsg.php - reported by party_fan
- Fixed XSS issue in IE using the url BBCode
- Fixed admin activation so that you must have administrator rights to activate
accounts in this mode - reported by ieure
- Fixed get_username returning wrong row for usernames beginning with numerics -
reported by Ptirhiik
- Pass username through phpbb_clean_username within validate_username function -
AnthraX101
- Fixed PHP error in message_die function
- Fixed incorrect generation of {postrow.SEARCH_IMG} tag in viewtopic.php -
reported by Double_J
- Also fixed above issue in usercp_viewprofile.php
- Fixed incorrect setting of user_level on pending members if a group is granted
moderator rights - reported by halochat
- Fixed ordering of forums on admin_ug_auth.php to be consistant with other
pages
- Correctly set username on posts when deleting a user from the admin panel
Please read the official announcement for the code changes necessary to fix the
XSS issue:
http://www.phpbb.com/phpBB/viewtopic.php?t=308490
the phpBB Group
----
To unsubscribe from this list visit
http://www.phpbb.com/lists/?p=unsubscribe&...fa841f636eb7040
--
Powered by PHPlist, www.phplist.com --
phpBB Group announces the release of phpBB 2.0.17, the "no, we did not forget
naming it last time" release. This release addresses several bugfixes and some
low security issues as well as the recently seemingly wide-spread XSS issue
(only affecting Internet Explorer).
Please have a look down this announcement for the code changes necessary to fix
the XSS issue, we are again astounded about the energy people put into finding
the smallest issue in phpBB 2.0.x, those must have a lot of time available. But
on the other hand it is always increasing the products security since we do not
introduce new features into the 2.0.x codebase.
With this announcement I want to give you some more information regarding
phpBB's security. psoTFX (Paul S. Owen, Project Manager) initiated and brought
forward the idea and concept of a complete security audit of the 2.0.x codebase.
We introduced some top-notch security people, phpBB-Modders and very talented
people from our teams to participate in this audit. We intend to implement the
changes necessary - and also fixing the found issues, hopefully giving the now
very aged codebase (it is still on a technical level from three years ago) a
lift and bringing it up-to-date with security mechanisms and techniques which
are common nowadays.
We also intend to open our private bugtracker system to the public for reporting
2.0.x bugs within the next days.
As with all new releases we urge you to update as soon as possible. You can of
course find this download available on our downloads page at
http://www.phpbb.com/downloads.php.
As per usual three packages are available to simplify your update.
The Full Package contains entire phpBB2 source and English language package.
The Changed Files Only contains only those files changed from previous versions
of phpBB. Please note this archive contains changed files for each previous
release.
Patch Files contains patch compatible patches from the previous versions of
phpBB.
As always, our Code Changes Tutorial is available too for those with heavily
modded boards.
It can be downloaded from http://www.phpbb.com/phpBB/viewtopic.php?t=308426
Select whichever package is most suitable for you.
Please ensure you read the INSTALL and README documents in docs/ before
proceeding with installation or updates!.
The changelog (contained within this release) is as follows:
- Added extra checks to the deletion code in privmsg.php - reported by party_fan
- Fixed XSS issue in IE using the url BBCode
- Fixed admin activation so that you must have administrator rights to activate
accounts in this mode - reported by ieure
- Fixed get_username returning wrong row for usernames beginning with numerics -
reported by Ptirhiik
- Pass username through phpbb_clean_username within validate_username function -
AnthraX101
- Fixed PHP error in message_die function
- Fixed incorrect generation of {postrow.SEARCH_IMG} tag in viewtopic.php -
reported by Double_J
- Also fixed above issue in usercp_viewprofile.php
- Fixed incorrect setting of user_level on pending members if a group is granted
moderator rights - reported by halochat
- Fixed ordering of forums on admin_ug_auth.php to be consistant with other
pages
- Correctly set username on posts when deleting a user from the admin panel
Please read the official announcement for the code changes necessary to fix the
XSS issue:
http://www.phpbb.com/phpBB/viewtopic.php?t=308490
the phpBB Group
----
To unsubscribe from this list visit
http://www.phpbb.com/lists/?p=unsubscribe&...fa841f636eb7040
--
Powered by PHPlist, www.phplist.com --
Like the 6th time in 5 months
