Hi everyone, phpBB Group announces the release of phpBB 2.0.13. This release addresses two recent security exploits, one of them critical. They were reported a few days after .12 was released and no one is more annoyed than us, having to release a new version in such a short period of time. Fortunately both fixes are easy and in each case just one line needs to be edited. The first issue is critical and we urge you to fix it on your forums as soon as possible: Open includes/sessions.php Find: if( $sessiondata['autologinid'] == $auto_login_key ) Replace with: if( $sessiondata['autologinid'] === $auto_login_key ) The second minor issue, reported to bugtraq several days ago, was the path disclosure bug in viewtopic.php. For further information on how to manually fix this bug please see our announcements forum at www.phpbb.com: http://www.phpbb.com/phpBB/viewtopic.php?t=267563 As with all new releases we urge you to upgrade as soon as possible. You can of course find this download available on our website at: http://www.phpbb.com/downloads.php As per usual three packages are available to simplify your upgrade.