Hi,
I think it is time to write about the presentations we (the developers) gave at Londonvasion revealing the planned features in the upcoming version of phpBB - codenamed Ascraeus.
Please do not take anything mentioned within this blog post as guaranteed. There may be changes, some things may not evolve at all, some may be changed completely. But yeah, this is the current state of planning.
Yes, it is no secret that phpBB’s reputation regarding security has not yet recovered completely. We take every report about possible vulnerabilities seriously and are deeply grateful about reports on our security tracker. We give full credit for all undisclosed valid reports made on our trackers.
Even if one is not sure about what happened, the nice guys from the Incident Investigation Team will help you figure it out. If in doubt: report.
The things floating on the web and frequently washing up in our tracker are usually not valid, however. Ready for the fun? Here comes the first installment of “Exploits from the crypt”:
