1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Security again: phpBB 2.0.13 released

Discussion in 'Plesk for Linux - 8.x and Older' started by lvalics, Feb 27, 2005.

  1. lvalics

    lvalics Silver Pleskian Plesk Guru

    Jun 20, 2003
    Likes Received:
    Hi everyone,
    phpBB Group announces the release of phpBB 2.0.13. This release addresses two recent security exploits, one of them critical. They were reported a few days after .12 was released and no one is more annoyed than us, having to release a new version in such a short period of time.
    Fortunately both fixes are easy and in each case just one line needs to be edited.
    The first issue is critical and we urge you to fix it on your forums as soon as possible:
    Open includes/sessions.php
    if( $sessiondata['autologinid'] == $auto_login_key )
    Replace with:
    if( $sessiondata['autologinid'] === $auto_login_key )
    The second minor issue, reported to bugtraq several days ago, was the path disclosure bug in viewtopic.php. For further information on how to manually fix this bug please see our announcements forum at www.phpbb.com:
    As with all new releases we urge you to upgrade as soon as possible.
    You can of course find this download available on our website at:
    As per usual three packages are available to simplify your upgrade.
  2. kabarty

    kabarty Guest

    Is there an easy way to update all the customers who've got phpBB installed? This is becoming a full time job trying to keep my customers boards up to date!

    Also, is there a new plesk package for the app-vault to bring phpBB up to 2.0.13? At the moment I've disabled my customers from installing new phpBB's because I just can't afford for them to get hacked as they'll install 2.0.11 if they go from app vault.

  3. luksa

    luksa Guest