Author |
Message |
Daniel
Team Member
Joined: 06 Jan 2002
Posts: 2564
|
Posted:
Fri Jun 20, 2003 3:54 pm (20 years, 10 months ago) |
|
You probably know this already, but, in case you don't (phpBB's site was down these last few days due to a DoS attack), phpBB 2.0.5 has been released. This will be the last version of phpBB 2.0.x until phpBB 2.2's first release candidate is released.
Further details
Download it
Also, an SQL injection vulnerability was discovered in viewtopic.php, which is quite simple to fix. See the fix |
________________________________
|
|
|
|
Darren
Team Member
Joined: 05 Feb 2002
Posts: 549
Location: London
|
Posted:
Fri Jun 20, 2003 6:11 pm (20 years, 10 months ago) |
|
This fix stops the error handling from not working so elegantly when the post_id is missing or its not an integer, you get a debug message rather than the usual message. see this post which contains an 'unofficial' fix. |
|
|
|
|
Ben
Senior WebHelper
Joined: 08 Jan 2002
Posts: 431
Location: Liverpool - UK
|
Posted:
Fri Jun 20, 2003 8:16 pm (20 years, 10 months ago) |
|
Quote: | This will be the last version of phpBB 2.0.x until phpBB 2.2's first release candidate is released. |
What happens if theres a massive security hole discovered tomorrow? |
________________________________ Ben Scott
Red and White Kop |
|
|
|
jayant
Team Member
Joined: 07 Jan 2002
Posts: 262
Location: New Delhi, India
|
Posted:
Sat Jun 21, 2003 6:37 am (20 years, 10 months ago) |
|
|
|
|
Daniel
Team Member
Joined: 06 Jan 2002
Posts: 2564
|
Posted:
Sat Jun 21, 2003 6:42 am (20 years, 10 months ago) |
|
They will most likely issue a patch, since most security issues don't require more than a few code changes (much like the one I just pointed out). |
________________________________
|
|
|
|
Darren
Team Member
Joined: 05 Feb 2002
Posts: 549
Location: London
|
Posted:
Thu Jun 26, 2003 7:48 am (20 years, 10 months ago) |
|
|
|
|
Daniel
Team Member
Joined: 06 Jan 2002
Posts: 2564
|
Posted:
Thu Jun 26, 2003 7:50 am (20 years, 10 months ago) |
|
Typical mentality: my fame goes before the security of people using the script, so I let the whole world know there's a vulnerability in the script before letting phpBB developers know |
________________________________
|
|
|
|
Ben
Senior WebHelper
Joined: 08 Jan 2002
Posts: 431
Location: Liverpool - UK
|
Posted:
Mon Aug 04, 2003 11:43 pm (20 years, 8 months ago) |
|
Ben wrote: | Quote: | This will be the last version of phpBB 2.0.x until phpBB 2.2's first release candidate is released. |
What happens if theres a massive security hole discovered tomorrow? |
2.0.6 is out |
________________________________ Ben Scott
Red and White Kop |
|
|
|
|
Page generation time: 0.15192 seconds :: 18 queries executed :: All Times are GMT
Powered by
phpBB 2.0
© 2001, 2002 phpBB Group :: Based on an FI Theme