Archive For July, 2007

Yesterday (July 20th, 2007), a post was made on the popular Bugtraq mailing list about a so-called vulnerability in UseBB 1.0.7. This vulnerability includes an insecure value of PHP’s PHP_SELF variable being used in forms in three old upgrade scripts that can be exploited for an "XSS attack". However, unlike the report states, this vulnerability should be rated far from "dangerous".The vulnerability is found in upgrade scripts which were used to upgrade a few old versions of UseBB, being 0.2.3, 0.3 and 0.4. The latter one was released almost 2.5 years ago. Second, this vulnerability poses zero security threats to…

Yesterday (July 20th, 2007), a post was made on the popular Bugtraq mailing list about a so-called vulnerability in UseBB 1.0.7. This vulnerability includes an insecure value of PHP’s PHP_SELF variable being used in forms in three old upgrade scripts that can be exploited for an "XSS attack". However, unlike the report states, this vulnerability should be rated far from "dangerous".The vulnerability is found in upgrade scripts which were used to upgrade a few old versions of UseBB, being 0.2.3, 0.3 and 0.4. The latter one was released almost 2.5 years ago. Second, this vulnerability poses zero security threats to…

I thought I would comment here for our users that still use PHP4. PHP4 support will end some time in 2008. The exact date is not yet known. That means no security or feature changes after that date. PHP4 is already in a non-announced security fix only state.Phorum is more than ready for the latest PHP5 versions. The dev team all use PHP5 (5.2 in most cases). If you have control of it, I suggest you start migrating your code now. If you don’t have control, I recommend you complain asap to your host.Furthermore, Phorum 5.2 will not guarantee compatibility…

I am happy to announce version 1.0.7 of the light and Open Source PHP/MySQL bulletin board package "UseBB".Version 1.0.7 is a minor feature enhancements and bug fix release. Changes include but are not limited to:- added an (random math based or custom) anti-spam question feature against spam bots;- added a security measure which generates a new session ID when logging in/out;- fixed a few minor bugs found since version 1.0.6.Upgrading is highly recommended. Visit http://www.usebb.net/downloads/ for downloads. Information about upgrading is available in the docs/index.html document.This release also features a small gain in performance. 1.0.7 uses only 92% of 1.0.6’s…

I am happy to announce version 1.0.7 of the light and Open Source PHP/MySQL bulletin board package "UseBB".Version 1.0.7 is a minor feature enhancements and bug fix release. Changes include but are not limited to:- added an (random math based or custom) anti-spam question feature against spam bots;- added a security measure which generates a new session ID when logging in/out;- fixed a few minor bugs found since version 1.0.6.Upgrading is highly recommended. Visit http://www.usebb.net/downloads/ for downloads. Information about upgrading is available in the docs/index.html document.This release also features a small gain in performance. 1.0.7 uses only 92% of 1.0.6’s…

For Phorum 5.2, the Phorum team has started to setup a structured documentation system. We want to provide documentation for several audiences: administrators, users (which includes moderators) and developers. A preview of this documentation system can be found here: [secretsauce.phorum.org]We would like to invite the users of Phorum to help us with writing the user documentation part. As you can see in the above page, that part is still quite empty. Please let us know if you are interested and have time to work on this project. Once we have a couple of documentation writers (or just one fanatic writer…