The phpBB2 forum software that can be installed from the Account Manager has been upgraded to the latest 2.0.8a version. This version is mainly a bug and security fix release that addresses the following issues:
Fixed several vulnerabilities in admin pages
Fixed sid checking code in admin/pagestart.php
Fixed injection vulnerabilities possible with the img bbcode tag
Limited allowed images in img bbcode tag to jpg, jpeg, gif and png
Fixed redirect problems
Fixed sql injection vulnerability in search
Fixed several vulnerabilities in modcp
Changed whois lookup address within admin index
Fixed potential vulnerability in viewtopic postorder
Updates to cope with Zend Optimizer 2.5 problems
Force specialcharing of redirect variable in login
Fixed potential vulnerability in viewtopic postdays
Fixed potential vulnerability in viewforum topicdays
Fixed potential vulnerability in modcp
Fixed potential vulnerability in avatar gallery
This new version does not automatically upgrade currently installed phpBB2 forums. You would need to upgrade those manually. Any new forums that are installed will now be the latest version. If you need your current phpBB2 forum upgraded, and it does not have any added modifications to the code or templates, let us know, and we can apply the upgrade patch.
- LexiConn Support
