[2005/07/20] phpBB 2.0.17 安全性修正版本

Announcement
竹貓星球所有重要公告,會不定時公佈。請隨時注意,以及新人必看!
版面規則
(請使用接收正常的郵件帳號申請註冊,此區僅供瀏覽,本區進站必看。)
(請會員盡量不要使用免費郵件註冊。)
主題已鎖定
小竹子
竹貓星球大統領
竹貓星球大統領
文章: 4690
註冊時間: 2001-10-29 22:13
來自: 竹貓星球
聯繫:

[2005/07/20] phpBB 2.0.17 安全性修正版本

文章 小竹子 » 2005-07-20 13:22

在檔案發佈的同時,竹貓星球已經更新完畢,請大家盡速更新!

為了您的站台安全性起見,請務必立即進行更新,本次更新內容並不包含語系檔,所以繼續沿用之前語系檔即可。





此次更新內容轉載官方公告如下:
Hi everyone,

phpBB Group announces the release of phpBB 2.0.17, the "no, we did not forget naming it last time" release. This release addresses several bugfixes and some low security issues as well as the recently seemingly wide-spread XSS issue (only affecting Internet Explorer).

Please have a look down this announcement for the code changes necessary to fix the XSS issue, we are again astounded about the energy people put into finding the smallest issue in phpBB 2.0.x, those must have a lot of time available. But on the other hand it is always increasing the products security since we do not introduce new features into the 2.0.x codebase.

With this announcement I want to give you some more information regarding phpBB's security. psoTFX (Paul S. Owen, Project Manager) initiated and brought forward the idea and concept of a complete security audit of the 2.0.x codebase. We introduced some top-notch security people, phpBB-Modders and very talented people from our teams to participate in this audit. We intend to implement the changes necessary - and also fixing the found issues, hopefully giving the now very aged codebase (it is still on a technical level from three years ago) a lift and bringing it up-to-date with security mechanisms and techniques which are common nowadays.

We also intend to open our private bugtracker system to the public for reporting 2.0.x bugs within the next days.

As with all new releases we urge you to update as soon as possible. You can of course find this download available on our downloads page. As per usual three packages are available to simplify your update.



What has changed in this release? (這次的更新修正了什麼呢?)

The changelog (contained within this release) is as follows:
  • Added extra checks to the deletion code in privmsg.php - reported by party_fan
  • Fixed XSS issue in IE using the url BBCode
  • Fixed admin activation so that you must have administrator rights to activate accounts in this mode - reported by ieure
  • Fixed get_username returning wrong row for usernames beginning with numerics - reported by Ptirhiik
  • Pass username through phpbb_clean_username within validate_username function - AnthraX101
  • Fixed PHP error in message_die function
  • Fixed incorrect generation of {postrow.SEARCH_IMG} tag in viewtopic.php - reported by Double_J
  • Also fixed above issue in usercp_viewprofile.php
  • Fixed incorrect setting of user_level on pending members if a group is granted moderator rights - reported by halochat
  • Fixed ordering of forums on admin_ug_auth.php to be consistant with other pages
  • Correctly set username on posts when deleting a user from the admin panel
官方公告連結: http://www.phpbb.com/phpBB/viewtopic.php?t=308490
注意事項:
●phpBB 架設相關問題請到 + phpBB 3.0.x 討論區發表!
●都沒有你要的答案嗎??>>點這裡<<搜尋一下吧!
●請使用>>標準的發文格式<<發表問題!
●竹貓星球並非政治團體代言人,請不要在竹貓討論政治議題,也不要認為竹貓是偏向任何一方政治團體,竹貓愛的是台灣這片生長的土地,過於泛政治化文章請來信告知移除!
●關於 phpBB 使用問題請在版面發問,私人訊息提供其他不相干或是隱私的事情聯絡之用。
●所有市面上的免費空間皆非竹貓管轄,請勿來信詢問,請直接與該免費空間連絡。

主題已鎖定

回到「系統公告區」