phpBB 2.0.12 released

2.0.12 主要修正了 2.0.11 的安全性問題, 包括 SQL injection .
( phpBB 怎麼好像還是沒完全跳脫這個地雷呀?! XD )

2.0.12 跟 2.0.11 的變動如下 ( 引用自 phpBB 官方公告 ) :

  • Added confirm table to admin_db_utilities.php
  • Prevented full path display on critical messages
  • Fixed full path disclosure in username handling caused by a PHP 4.3.10 bug – AnthraX101
  • Added exclude list to unsetting globals (if register_globals is on) – SpoofedExistence
  • Fixed arbitrary file disclosure vulnerability in avatar handling functions – AnthraX101
  • Fixed arbitrary file unlink vulnerability in avatar handling functions -AnthraX101
  • Removed version number from powered by line
  • Merged database update files to update_to_latest.php file
  • Fixed path disclosure bug in search.php caused by a PHP 4.3.10 bug (related to AnthraX101″s discovery)
  • Fixed path disclosure bug in viewtopic.php caused by a PHP 4.3.10 bug – matrix_killer

不過官方丟到 SourceForge 上的檔案好像都是壞的, 竹貓星球 則是貼出了他們自己的 mirror (引用自 [公告] phpBB 2.0.12 正式釋出(安全性更新) ) :

另外, 竹貓星球 還釋出 phpBB 2.0.12 的 繁體中文語系檔 .

Tweet 20
fb-share-icon20