For those of you running phpbb, there has been an update today, including an important security fix. I suggest you update as soon as possible.

Thanks for the heads up. I think it's time to join their mailing list.

Aren't we seeing a lot of updates recently for phpBB??
Everytime I update, I lose my hacks..:(
Anyone can tell me how to update without losing my hacks??

I am on the mailing list and didnt receive the update email :eek:

Thanks for the heads up.

Aren't we seeing a lot of updates recently for phpBB??
Everytime I update, I lose my hacks..:(
Anyone can tell me how to update without losing my hacks??
Unfortunately you'd have to either move your hacks or apply the patches manually (that's what I do).

Just performed the update, its a very small one at that, only a few changed files to update.

For those on the phpbb support mailing list, did you receive an email regarding the new update?

Took me about 2 minutes to change this security fix. Thanks for the notification.

anyone with 2.015 should reciev any news about updates when they login to admin area.

anyone with 2.015 should reciev any news about updates when they login to admin area.

Yes I noticed. But I was on the mailing list to get emailed about it :)

Aren't we seeing a lot of updates recently for phpBB??
Everytime I update, I lose my hacks..

First, I think the reason we are seeing a lot of security updates is because they pissed off some coders with their attitude. I mean, broken is broken, but a lot of this seems malicious because of phpbb's attitude and responses to people. The bugs could have been reported and fixed, but instead, they put their pride (or something) above their users and then came the santy worm.

That and their fondness for large regex's.. lol.

Secondly, you should just apply the patches, they usually list them in their forum, and it's very easy to cut and paste them out. I usually just shut off whatever feature is exploitable (when I see it on bugtraq) until they come out with a patch.

This is usually the place : http://www.phpbb.com/phpBB/viewforum.php?f=14&sid=0fa5df5e81c6b69d497ec453e4c71491

This is the saga with phpbb and howdark, it's really pretty amusing.

http://64.233.161.104/search?q=cache:v08LNGC3AEAJ:blog.best-dev.com/%3Fpostid%3D20+phpbb+exploit+howdark&hl=en

That was shortly before the worm... lol, if I'm not mistaken. Since then, there's been a similar critical bug almost every new release. Some of them seem malicious to me, and the fact that phpbb never accepts blame, from what I read in their forums. It's always "upgrade php" or something.

Of course their security submission was looked at a determined that nothing could be done through it so it was nothing extremely important that had to be fixed.

I love this... oops.