And Again A New Phpbb phpBB 2.0.17

[HoRuS 0]

Again got me a nice email from phpBB group...:

 

Hi everyone,

 

phpBB Group announces the release of phpBB 2.0.17, the "no, we did not forget

naming it last time" release. This release addresses several bugfixes and some

low security issues as well as the recently seemingly wide-spread XSS issue

(only affecting Internet Explorer).

 

Please have a look down this announcement for the code changes necessary to fix

the XSS issue, we are again astounded about the energy people put into finding

the smallest issue in phpBB 2.0.x, those must have a lot of time available. But

on the other hand it is always increasing the products security since we do not

introduce new features into the 2.0.x codebase.

 

With this announcement I want to give you some more information regarding

phpBB's security. psoTFX (Paul S. Owen, Project Manager) initiated and brought

forward the idea and concept of a complete security audit of the 2.0.x codebase.

We introduced some top-notch security people, phpBB-Modders and very talented

people from our teams to participate in this audit. We intend to implement the

changes necessary - and also fixing the found issues, hopefully giving the now

very aged codebase (it is still on a technical level from three years ago) a

lift and bringing it up-to-date with security mechanisms and techniques which

are common nowadays.

 

We also intend to open our private bugtracker system to the public for reporting

2.0.x bugs within the next days.

 

As with all new releases we urge you to update as soon as possible. You can of

course find this download available on our downloads page at

https://www.phpbb.com/downloads/.

As per usual three packages are available to simplify your update.

 

The Full Package contains entire phpBB2 source and English language package.

The Changed Files Only contains only those files changed from previous versions

of phpBB. Please note this archive contains changed files for each previous

release.

Patch Files contains patch compatible patches from the previous versions of

phpBB.

 

As always, our Code Changes Tutorial is available too for those with heavily

modded boards.

It can be downloaded from https://www.phpbb.com/community/viewtopic.php?t=308426

 

Select whichever package is most suitable for you.

 

Please ensure you read the INSTALL and README documents in docs/ before

proceeding with installation or updates!.

 

 

The changelog (contained within this release) is as follows:

 

- Added extra checks to the deletion code in privmsg.php - reported by party_fan

- Fixed XSS issue in IE using the url BBCode

- Fixed admin activation so that you must have administrator rights to activate

accounts in this mode - reported by ieure

- Fixed get_username returning wrong row for usernames beginning with numerics -

reported by Ptirhiik

- Pass username through phpbb_clean_username within validate_username function -

AnthraX101

- Fixed PHP error in message_die function

- Fixed incorrect generation of {postrow.SEARCH_IMG} tag in viewtopic.php -

reported by Double_J

- Also fixed above issue in usercp_viewprofile.php

- Fixed incorrect setting of user_level on pending members if a group is granted

moderator rights - reported by halochat

- Fixed ordering of forums on admin_ug_auth.php to be consistant with other

pages

- Correctly set username on posts when deleting a user from the admin panel

 

 

Please read the official announcement for the code changes necessary to fix the

XSS issue:

https://www.phpbb.com/community/viewtopic.php?t=308490

 

the phpBB Group

 

----

To unsubscribe from this list visit

http://forums.xisto.com/no_longer_exists/

 

 

 

--

Powered by PHPlist, https://www.phplist.com/ --

Like the 6th time in 5 months

[Saint_Michael 3]

i tell you instead of bringing out newer version build up the list for a couple of months and then work on all of them, yeah thats getting rediculous that they keep on popping out a new version everyone week can't wait .18 and .19 to come out.

[odomike 0]

well, i think they are trying to improve the board and also treat the bugs they've got in there. Or else, thyey wont ever bother.

[snlildude87 0]

It's good to see updates from PHPBB coming out that fast. It would suck if your forum all of a sudden got hacked, and you would end up looking really bad. Updates will fix that.

[guangdian 0]

im also waiting for phpbb 3.0..:Dbut i think phpbb should do the most effort to their skins.the default skin is so ugly

[rvalkass 5]

It is good to see phpBB keeping on top of the bugs and errors in their system. I agree with guangdian that phpBB need to work on their themes, its been the same for ages

[hype 0]

You've gotta wait for 3.0, or else you've to go throught with PHPBB with those keeps on upgrading of forum until you get bored out of it...

[brandice 0]

It's good to know that they are on top of any problems that come up and put up fixes for them right away. You've got to update these things as they come out, as well. If you put it off people might exploit you.

[boyCradle 0]

Don't they have people to test their scripts first before launching their suposed "latest" versions?? It is sickening to update your phpBB frequently because your latest update has a bug or bugs.

[Dragonfly 0]

I'm struggling or stucked at phpBB 2.0.10 and see what has happen, in five months many updates have to be enforced. Its good that these guys are really working hard on those bugs, equally I have to follow their pace, but I'm not.. I just stuck in 2.0.10 and I don't have enthusiasm to update this time. Still my forum is working. I'm still observing what is going on.

[badinfluence 0]

well, another headache for phpbb with a lot of mods..

[Florisjuh 0]

I think its very good that they upgrade their versions so often, packing these into big packs would just make your board unstable for the time that the pack isnt released... Let's hope 3.0 have some better skins indeed, Invision Power Boards have so much more skining features then phpbb...

[steven 0]

Oh man!! Why?I can't keep up with those phpbb guys because I was thinking of putting a phpbb forum on my website. However I do have a question: on Xisto, will the new version be automatically updated for hosted users? I am not sure. Please reply.

[badinfluence 0]

Oh man!! Why?

 

I can't keep up with those phpbb guys because I was thinking of putting a phpbb forum on my website. However I do have a question: on Xisto, will the new version be automatically updated for hosted users?

 

I am not sure. Please reply.       

164047[/snapback]

i'm afraid off topic but quick replay "no".. Xisto maintain the most stable release of every scripts. but instaling latest phpBB by manual isnt that hard. find something under tutorial section. for the topic, if you want to get running phpBB 2.0.17, update or install by manual. get some guide from phpbbhacks.com also.

[steven 0]

I was starting to cry before, but now that i read your reply, thanks for the advice.