As you may or may not have noticed, StorageForum was updated tonight to the latest Release Candidate. During this past week a few major security issues were made public knowledge. The phpBB2 development team had issued a temporary fix that was implemented here, until a new Release Candidate could be made available.
We are currently running RC 4.0 of phpBB2. If you discover any new problems, please let me know so that I can address the issue ASAP.
Thanks for your patients,
Doug
Here is the list of changes:
We are currently running RC 4.0 of phpBB2. If you discover any new problems, please let me know so that I can address the issue ASAP.
Thanks for your patients,
Doug
Here is the list of changes:
- Changes since RC-3
- Addressed serious security issue with included files
- Fixed non-use of database table prefix name during upgrade
- Split functions and profile into separate modules
- Fixed (hopefully) remaining issues with colourisation of moderator usernames
- Updated install to include entry of additional, required, information
- Fixed (hopefully) AOL incompatibilities
- Fixed non-display of moderators in index/viewforum
- Fixed group control panel 'no groups exist' problems
- Fix HTTP_X_FORWARDED_FOR spoofing possibility
- Fix ignoring of private range IP's in HTTP_X_FORWARDED_FOR
- Enable multiple wildcard email banning, eg. *name*@somewhere.tld
- Fix problems with posts being truncated if containing < and > characters
- Prevent URL, BBCode and most smiley parseing in {code}{/code}
- Fix problems with use of certain reserved chars in word censor list
- Fix default search useage to be as described (was doing AND by default)
- Fix various avatar issues with profile, gallery and viewtopic
- Enable safe mode support for uploading avatars
- Fix broken modcp IP view issue
- Fix potential session_id re-write vulnerability
- Finish localisation of days and months (AM/PM are not and will not be localised in 2.0)
- Remove link to external subSilver stylesheet from default subSilver templates
- Handle TRANSACTIONS correctly in MySQL 3.x (by returning correct responses)
- Fix checkbox resetting problem while previewing posts
- Fix a login redirect issue
- Remove some additional unused fields during upgrade
- Fix (hopefully) remaining ICQ overlay issue with view profile in subSilver