Security again: phpBB 2.0.13 released

[lvalics]

Hi everyone,
phpBB Group announces the release of phpBB 2.0.13. This release addresses two recent security exploits, one of them critical. They were reported a few days after .12 was released and no one is more annoyed than us, having to release a new version in such a short period of time.
Fortunately both fixes are easy and in each case just one line needs to be edited.
The first issue is critical and we urge you to fix it on your forums as soon as possible:
Open includes/sessions.php
Find:
if( $sessiondata['autologinid'] == $auto_login_key )
Replace with:
if( $sessiondata['autologinid'] === $auto_login_key )
The second minor issue, reported to bugtraq several days ago, was the path disclosure bug in viewtopic.php. For further information on how to manually fix this bug please see our announcements forum at www.phpbb.com:
http://www.phpbb.com/phpBB/viewtopic.php?t=267563
As with all new releases we urge you to upgrade as soon as possible.
You can of course find this download available on our website at:
http://www.phpbb.com/downloads.php
As per usual three packages are available to simplify your upgrade.

 

[kabarty]

Is there an easy way to update all the customers who've got phpBB installed? This is becoming a full time job trying to keep my customers boards up to date!

Also, is there a new plesk package for the app-vault to bring phpBB up to 2.0.13? At the moment I've disabled my customers from installing new phpBB's because I just can't afford for them to get hacked as they'll install 2.0.11 if they go from app vault.

Steve.

 

[luksa]

check also this: phpbb <= 2.0.13