Download PunBB 1.2.14
Many websites have a forum where users can engage in various discussions with each other. To do this in a clear form, a handy piece of software is needed so that you can assign different rights with which the forum can be managed. PunBB is one of these forum packages and is developed for a web server with a PHP-MySQL/PostgreSQL/SQLite environment. The developers started PunBB because they were dissatisfied with the performance of other forum packages. According to the developers, it is much faster than the competition, but has therefore had to give up on a number of points. Version 1.2.14 has recently entered the digital world with both feet and features the following announcement:
Version 1.2.14:
- I guess the old English idiom “when it rains, it pours” applies today 🙂 Nevertheless, I am pleased to announce the release of PunBB 1.2.14. This release addresses a few security problems, fixes a bug or two, adds a search performance tweak and adds stylesheet fixes to fully support the up-and-coming Internet Explorer 7 release.
Thanks a lot to Nms. Never before have I received such a detailed vulnerability report 🙂 As usual, thanks to Smartys for some of the reports. Finally, thanks to Yann for reporting the search performance tweak.
As some of you might have noticed, I didn’t update the copyright notice to include the year 2006 because that would affect all scripts (the GPL preamble) and make the diff’s huge. It’ll be in 1.3.
Version 1.2.13:
- Yesterday, I posted about the supposed “poison NULL byte vulnerability”. I ranted on about how PunBB wasn’t vulnerable and how I disliked the way vulnerability databases worked. Guess what? I was wrong! Through the help of a very nice editor at CVE, I was able to get in touch with the researcher behind the report and he clarified the issue for me. I had completely misunderstood what the vulnerability was about. Turns out I was wrong both on the vulnerability and in my generalization of how bad vulnerability databases work. I’m sorry for that.
So, today I have the pleasure of announcing PunBB 1.2.13. A release I’ve internally dubbed the “I’m a moron” release. PunBB 1.2.13 deals with the NULL byte injection vulnerability and adds support for HttpOnly cookies. The NULL byte injection is only exploitable by administrators so there’s no need to rush. Nevertheless, I recommend that everyone upgrade.
Small note: If you have a look at the patch and the hdiff for this release, you’ll notice there are what appears as non-existent changes in the unregister_globals() function. Never mind these. It’s just an update to get rid of some Windows style linebreaks.
Over and out.
Version number | 1.2.14 |
Website | PunBB |
Download | |
File size |
173.00KB |
License type | GPL |