phpBB 2.0.11 released (critical update)

[iGuest 3]

Everyone using phpBB 2.0.9 or lower should upgrade to 2.0.11 but is not critical and very important.

But everyone using phpBB 2.0.10 must do.

We have now released phpBB 2.0.11, the "damn, it's cold and my fur won't grow back" edition. This fixes a number of issues, introduces visual confirmation as standard and addresses a potentially serious exploit. We encourage everyone to update as soon as possible. We also encourage any hosting providers out there to contact and/or update users copies of phpBB to this latest version. Please spread news of this release far and wide.  
quote:
Changes since 2.0.10  

Fixed unsetting global vars - Matt Kavanagh  

Fixed XSS vulnerability in username handling - AnthraX101  

Fixed not confirmed sql injection in username handling - warmth  

Added check for empty topic id in topic_review function  

Added visual confirmation mod to code base  

 


As with previous releases three different packages are available:  




Full Package  
Contains entire phpBB2 source and English language package  

Changed Files Only  
Contains only those files changed from previous versions of phpBB. Please note this archive contains changed files for each previous release  

Patch Files  
Contains patch compatible patches from the previous versions of phpBB.  



Select whichever package is most suitable for you.  

Please ensure you read the INSTALL and README documents in docs/ before proceeding with installation or updates!.  

Note to 2.0.3 users intending to use the patch file version  

Users of 2.0.3 intending to use the patch version may (but not necessarily will) need to run fixfiles.sh (found in the contrib/ directory with the downloaded archive) before patching.  

We recommend that all 2.0.3 users do a "dry run" patch first to see whether this you need to use this fix. To do this append --dry-run to the patch command, e.g. patch -cl -p1 --dry-run < phpBB-2.0.3_to_2.0.11.patch. This will prevent any permanent changes being made to your installation. If you experience numerous (literally dozens and dozens) of hunk failed messages this applies to you.  

To correct this problem go to your phpBB root directory, copy the fixfiles.sh to this location, chmod u+x fixfiles.sh and type ./fixfiles.sh. This will strip windows style carriage returns present in the 2.0.3 source.

Click here to download phpBB 2.0.11
Click here to download phpBB 2.0.11 changed files only (since 2.0.10)
Click here to download phpBB 2.0.11 patch file only

[iGuest 3]

Yes, I allready posted this ones to the admins!

[iGuest 3]

ok , thank you . do you help me download phpnuke 7.6

[iGuest 3]

yea i got 2.010 i belive and i had installin problems with the database thing"Fixed not confirmed sql injection in username handling - warmth"