phpBB 2.0.7 released

Read me first before posting anywhere!
Subscribe to the feed, available in Image Atom or Image RSS format.
Scam Warning

phpBB 2.0.7 released

Postby Acyd Burn » Sat Mar 13, 2004 4:46 pm

phpBB Group are pleased to announce the release of phpBB 2.0.7 the "phew, ironed out all security issues?" Edition. This release had been made to fix a number of potential security related issues and to pack-up all minor revision [a to d] releases. Work continues on 2.2.0 and again we do not plan on further releases of 2.0.x except where critical issues arise.

As with previous releases three different packages are available:
  • Full Package
    Contains entire phpBB2 source and English language package
  • Changed Files Only
    Contains only those files changed from previous versions of phpBB. Please note this archive contains changed files for each previous release
  • Patch Files
    Contains patch compatible patches from the previous versions of phpBB.
Select whichever package is most suitable for you.

Please ensure you read the INSTALL and README documents in docs/ before proceeding with installation or updates!.

Note to 2.0.3 users intending to use the patch file version

Users of 2.0.3 intending to use the patch version may (but not necessarily will) need to run fix_files.sh (found in the contrib/ directory with the downloaded archive) before patching.

We recommend that all 2.0.3 users do a "dry run" patch first to see whether this you need to use this fix. To do this append --dry-run to the patch command, e.g. patch -cl -p1 --dry-run < phpBB-2.0.3_to_2.0.7.patch. This will prevent any permanent changes being made to your installation. If you experience numerous (literally dozens and dozens) of hunk failed messages this applies to you.

To correct this problem go to your phpBB root directory, copy the fix_files.sh to this location, chmod u+x fix_files.sh and type ./fix_files.sh *. This will strip windows style carriage returns present in the 2.0.3 source. Please note that binary files will be "fixed" too if they are within directories other than those named files or images. Please move such directories out of the phpBB root path (temporarily) before running this fix.

What has changed in this release?

A comprehensive changelog is included with all archives. This edition is centred on fixing a number of potential security issues.

As with 2.0.5 and 2.0.6 the visual confirmation and the template caching Mods are included in the contrib directory.

Note to all users using 2.0.6a to 2.0.6d

If you followed all security updates and announcements regarding this (you should) here are the changes for you to make to your source files to patch two new security issues found by Gulftech Security Research:

Open viewforum.php

FIND ( Line 243 )
Code: Select all
   $topic_days = ( !empty($HTTP_POST_VARS['topicdays']) ) ? $HTTP_POST_VARS['topicdays'] : $HTTP_GET_VARS['topicdays'];


REPLACE WITH
Code: Select all
   $topic_days = ( !empty($HTTP_POST_VARS['topicdays']) ) ? intval($HTTP_POST_VARS['topicdays']) : intval($HTTP_GET_VARS['topicdays']);


Open viewtopic.php

FIND ( Line 317 )
Code: Select all
   $post_days = ( !empty($HTTP_POST_VARS['postdays']) ) ? $HTTP_POST_VARS['postdays'] : $HTTP_GET_VARS['postdays'];


REPLACE WITH
Code: Select all
   $post_days = ( !empty($HTTP_POST_VARS['postdays']) ) ? intval($HTTP_POST_VARS['postdays']) : intval($HTTP_GET_VARS['postdays']);


To all those experiencing the poll bugs in phpBB 2.0.6d, please read this post. This bug has been fixed in 2.0.7 too.
User avatar
Acyd Burn
Consultant
 
Posts: 5831
Joined: Wed Dec 05, 2001 8:31 pm
Location: Behind You
Name: Meik Sievertsen

Postby SHS` » Sat Mar 13, 2004 6:02 pm

Just to reinterate what we've said in the past, we urge all users to update promptly to this new release.

There are a number of ways in which we've eased upgrading, be it a vanilla of heavily MOD'ed board.

If you are still having troubles on reading the documentation provided, please refer to the Support Forum and use the Support Request Template.

Thanks.
Jonathan “SHS`” Stanley • 史德信
Image
User avatar
SHS`
Consultant
 
Posts: 6615
Joined: Wed Jul 04, 2001 9:13 am
Location: Yellow Beach, Nine Dragons, Hong Kong
Name: Jonathan Stanley


Return to Announcements

Who is online

Users browsing this forum: oBot and 15 guests