Handruin
03-23-2002, 02:33 AM
As you may or may not have noticed, StorageForum was updated tonight to the latest Release Candidate. During this past week a few major security issues were made public knowledge. The phpBB2 development team had issued a temporary fix that was implemented here, until a new Release Candidate could be made available.
We are currently running RC 4.0 of phpBB2. If you discover any new problems, please let me know so that I can address the issue ASAP.
Thanks for your patients,
Doug
Here is the list of changes:
Changes since RC-3
Addressed serious security issue with included files
Fixed non-use of database table prefix name during upgrade
Split functions and profile into separate modules
Fixed (hopefully) remaining issues with colourisation of moderator usernames
Updated install to include entry of additional, required, information
Fixed (hopefully) AOL incompatibilities
Fixed non-display of moderators in index/viewforum
Fixed group control panel 'no groups exist' problems
Fix HTTP_X_FORWARDED_FOR spoofing possibility
Fix ignoring of private range IP's in HTTP_X_FORWARDED_FOR
Enable multiple wildcard email banning, eg. *name*@somewhere.tld
Fix problems with posts being truncated if containing < and > characters
Prevent URL, BBCode and most smiley parseing in {code}{/code}
Fix problems with use of certain reserved chars in word censor list
Fix default search useage to be as described (was doing AND by default)
Fix various avatar issues with profile, gallery and viewtopic
Enable safe mode support for uploading avatars
Fix broken modcp IP view issue
Fix potential session_id re-write vulnerability
Finish localisation of days and months (AM/PM are not and will not be localised in 2.0)
Remove link to external subSilver stylesheet from default subSilver templates
Handle TRANSACTIONS correctly in MySQL 3.x (by returning correct responses)
Fix checkbox resetting problem while previewing posts
Fix a login redirect issue
Remove some additional unused fields during upgrade
Fix (hopefully) remaining ICQ overlay issue with view profile in subSilver
We are currently running RC 4.0 of phpBB2. If you discover any new problems, please let me know so that I can address the issue ASAP.
Thanks for your patients,
Doug
Here is the list of changes:
Changes since RC-3
Addressed serious security issue with included files
Fixed non-use of database table prefix name during upgrade
Split functions and profile into separate modules
Fixed (hopefully) remaining issues with colourisation of moderator usernames
Updated install to include entry of additional, required, information
Fixed (hopefully) AOL incompatibilities
Fixed non-display of moderators in index/viewforum
Fixed group control panel 'no groups exist' problems
Fix HTTP_X_FORWARDED_FOR spoofing possibility
Fix ignoring of private range IP's in HTTP_X_FORWARDED_FOR
Enable multiple wildcard email banning, eg. *name*@somewhere.tld
Fix problems with posts being truncated if containing < and > characters
Prevent URL, BBCode and most smiley parseing in {code}{/code}
Fix problems with use of certain reserved chars in word censor list
Fix default search useage to be as described (was doing AND by default)
Fix various avatar issues with profile, gallery and viewtopic
Enable safe mode support for uploading avatars
Fix broken modcp IP view issue
Fix potential session_id re-write vulnerability
Finish localisation of days and months (AM/PM are not and will not be localised in 2.0)
Remove link to external subSilver stylesheet from default subSilver templates
Handle TRANSACTIONS correctly in MySQL 3.x (by returning correct responses)
Fix checkbox resetting problem while previewing posts
Fix a login redirect issue
Remove some additional unused fields during upgrade
Fix (hopefully) remaining ICQ overlay issue with view profile in subSilver