Please note this release includes important security related additions (see "What has changed in this release" below). An important change to at least one template file has also been made (see the Changelog in each archive for more information).
As usual three different packages are available:
- Full Package
Contains entire phpBB2 source and English language package
- Changed Files Only
Contains only those files changed from previous versions of phpBB. Please note this archive contains changed files for each previous release
- Patch Files
Contains patch compatible patches from the previous versions of phpBB.
Please ensure you read the INSTALL and README documents in docs/ before proceeding with installation or updates!.
Note to 2.0.3 users intending to use the patch file version
Users of 2.0.3 intending to use the patch version may (not necessarily will) need to run fix_files.sh (found in the contrib/ directory with the downloaded archive) before patching.
We recommend that all 2.0.3 do a "dry run" patch first to see whether this does apply to you. To do this append --dry-run to the patch command, e.g. patch -p0 --dry-run < phpBB-2.0.3_to_2.0.4.patch. This will prevent any permanent changes being made to your installation. If you experience numerous (dozens and dozens) of hunk failed messages when patching then this applies to you.
To correct this problem go to your phpBB root directory, copy the fix_files.sh to this location, chmod u+x fix_files.sh and type ./fix_files.sh *. This will strip windows style carriage returns present in the 2.0.3 source.
What has changed in this release?
A comprehensive changelog is included with all archives.
2.0.4 fixes numerous issues discovered by you our users since the release of 2.0.3. The release fixes a few vulnerability related issues including a significant potential issue with marking messages and SQL. You are therefore strongly advised to upgrade or update to this version as soon as possible, do not delay if at all possible. If you cannot upgrade you are advised to analyse the patch file release and implement changes made to privmsg and usercp_register as soon as possible.
In addition to vulnerability fixes a number of extra security related additions have been made. These help limit remote submission of scripts via forms, preventing situations were an admin may be tricked into carrying out tasks. As well as reducing the effectiveness of some applications designed to "auto-spam" your board.
Please note that this does not make your board immune to more "sophisticated" scripting methods. If you're affected by unthinking people running such scripts you may want to look at the Anti-robotic scripting Mod.
To address the above issue more fully a different system (somewhat more effective than the noted Mod in many circumstances) being developed by us and intended for phpBB 2.2 may be backported for 2.0.5 (note that PHP 4.0.1+ will be required to make the most use of this feature when it arrives).