For those of you running phpbb, there has been an update today, including an important security fix. I suggest you update as soon as possible.
Aren't we seeing a lot of updates recently for phpBB?? Everytime I update, I lose my hacks.. Anyone can tell me how to update without losing my hacks??
Just performed the update, its a very small one at that, only a few changed files to update. For those on the phpbb support mailing list, did you receive an email regarding the new update?
First, I think the reason we are seeing a lot of security updates is because they pissed off some coders with their attitude. I mean, broken is broken, but a lot of this seems malicious because of phpbb's attitude and responses to people. The bugs could have been reported and fixed, but instead, they put their pride (or something) above their users and then came the santy worm. That and their fondness for large regex's.. lol. Secondly, you should just apply the patches, they usually list them in their forum, and it's very easy to cut and paste them out. I usually just shut off whatever feature is exploitable (when I see it on bugtraq) until they come out with a patch. This is usually the place : http://www.phpbb.com/phpBB/viewforum.php?f=14&sid=0fa5df5e81c6b69d497ec453e4c71491 This is the saga with phpbb and howdark, it's really pretty amusing. http://64.233.161.104/search?q=cach...ev.com/?postid=20+phpbb+exploit+howdark&hl=en That was shortly before the worm... lol, if I'm not mistaken. Since then, there's been a similar critical bug almost every new release. Some of them seem malicious to me, and the fact that phpbb never accepts blame, from what I read in their forums. It's always "upgrade php" or something. I love this... oops.