phpBB just release their latest verison 2.0.12, its been few month since the last patch, if you can recall before the last patch, phpbb been announce that having some security problem and cause some host been hacked, after that phpbb annonce that its because of bug in PHP …. ( if i remember the whole story correctl, correct me if i m wrong )
anyway this release seem like fixed up lots of security bug which is good, so upgrade it as soon as possible ..
what phpBB 2.0.12 fixed
- Added confirm table to admin_db_utilities.php
- Prevented full path display on critical messages
- Fixed full path disclosure in username handling caused by a PHP 4.3.10 bug - AnthraX101
- Added exclude list to unsetting globals (if register_globals is on) - SpoofedExistence
- Fixed arbitrary file disclosure vulnerability in avatar handling functions - AnthraX101
- Fixed arbitrary file unlink vulnerability in avatar handling functions -AnthraX101
- Removed version number from powered by line
- Merged database update files to update_to_latest.php file
- Fixed path disclosure bug in search.php caused by a PHP 4.3.10 bug (related to AnthraX101’s discovery)
- Fixed path disclosure bug in viewtopic.php caused by a PHP 4.3.10 bug - matrix_killer
check the detail from phpBB offcial site
