Nueva versión para foros phpbb2, la 2.0.20 disponible para su descarga. Corrige diversas vulnerabilidades anteriores entre las que se encuentran: el problema de HTML, Smiles, avatars remotos, etc y ofrece una mayor seguridad al sistema. Imprescindible actualizar a esta nueva versión. Descarga del parche Si alguno aplicastéis las medidas paliativas que propuse en Daboweb en su día, os recomiendo dar un vistazo a esta excelente información de Halo en Fentlinux.
[Fix] Prevent login attempts from incrementing for inactive users
[Fix] Do not check maximum login attempts on re-authentication to the admin panel – tomknight
[Fix] Regenerate session keys on password change
[Fix] retrieving category rows in index.php (Bug #90)
[Fix] improved index performance by determining the permissions before iterating through all forums (Bug #91)
[Fix] Better handling of short usernames within the search (bug #105)
[Fix] Send a no-cache header on admin pages as well as normal board pages (Bug #149)
[Fix] Apply word censors to the message when quoting it (Bug #405)
[Fix] Improved performance of query in admin_groups (Bug #753)
[Fix] Workaround for an issue in either PHP or MSSQL resulting in a space being returned instead of an empty string (bug #830)
[Fix] Correct use of default_style config value (Bug #861)
[Fix] Replace unneeded unset calls in admin_db_utilities.php – vanderaj
[Fix] Improved error handling in modcp.php
[Fix] Improved handling of forums to which the user does not have any explicit permissions – vanderaj
[Fix] Assorted fixes and cleanup of admin_ranks.php, now requires confirmation of deletions
[Fix] Assorted fixes and cleanup of admin_words.php, now requires confirmation of deletions
[Fix] Addition and editing of smilies can no longer be performed via GET, now requires confirmation of deletions
[Fix] Escape group names in admin_groups.php
[Sec] Replace strip_tags with htmlspecialchars in private message subject
[Sec] Some changes to HTML handling if enabled
[Sec] Escape any special characters in reverse dns – Anthrax101
[Sec] Typecast poll id values – Anthrax101
[Sec] Added configurable search flood control to reduce the effect of DoS style attacks
[Sec] Changed the way we create «random» values for use as keys – chinchilla/Anthrax101
[Sec] Enabled Visual Confirmation by default
[Change] Changed handling of the case where a selected style doesn’t exist in the database
[Change] Changed handling of topic pruning to improve performance
[Change] Changed default forum permissions to only allow registered users to post in new forums
