Daboweb

Nueva version 2.0.20 foros PHPBB2

Publicado por Dabo on abril 07, 2006
Webmaster
Nueva versión para foros phpbb2, la 2.0.20 disponible para su descarga. Corrige diversas vulnerabilidades anteriores entre las que se encuentran: el problema de HTML, Smiles, avatars remotos, etc y ofrece una mayor seguridad al sistema. Imprescindible actualizar a esta nueva versión.  Descarga del parche

Si alguno aplicastéis las medidas paliativas que propuse en Daboweb en su día, os recomiendo dar un vistazo a esta excelente información de Halo en Fentlinux.

[Fix] Prevent login attempts from incrementing for inactive users

[Fix] Do not check maximum login attempts on re-authentication to the admin panel – tomknight

[Fix] Regenerate session keys on password change

[Fix] retrieving category rows in index.php (Bug #90)

[Fix] improved index performance by determining the permissions before iterating through all forums (Bug #91)

[Fix] Better handling of short usernames within the search (bug #105)

[Fix] Send a no-cache header on admin pages as well as normal board pages (Bug #149)

[Fix] Apply word censors to the message when quoting it (Bug #405)

[Fix] Improved performance of query in admin_groups (Bug #753)

[Fix] Workaround for an issue in either PHP or MSSQL resulting in a space being returned instead of an empty string (bug #830)

[Fix] Correct use of default_style config value (Bug #861)

[Fix] Replace unneeded unset calls in admin_db_utilities.php – vanderaj

[Fix] Improved error handling in modcp.php

[Fix] Improved handling of forums to which the user does not have any explicit permissions – vanderaj

[Fix] Assorted fixes and cleanup of admin_ranks.php, now requires confirmation of deletions

[Fix] Assorted fixes and cleanup of admin_words.php, now requires confirmation of deletions

[Fix] Addition and editing of smilies can no longer be performed via GET, now requires confirmation of deletions

[Fix] Escape group names in admin_groups.php

[Sec] Replace strip_tags with htmlspecialchars in private message subject

[Sec] Some changes to HTML handling if enabled

[Sec] Escape any special characters in reverse dns – Anthrax101

[Sec] Typecast poll id values – Anthrax101

[Sec] Added configurable search flood control to reduce the effect of DoS style attacks

[Sec] Changed the way we create “random” values for use as keys – chinchilla/Anthrax101

[Sec] Enabled Visual Confirmation by default

[Change] Changed handling of the case where a selected style doesn’t exist in the database

[Change] Changed handling of topic pruning to improve performance

[Change] Changed default forum permissions to only allow registered users to post in new forums

Tags: ,

¿Quieres comentar algo sobre este post? Puedes hacerlo en nuestro foro de noticias.

Puedes seguir nuestras actualizaciones vía RSS, en Facebook y también desde Twitter.