The PunBB trunk copyrights update makes the changed files zip contain more files than were actually changed due to issues found.

I think it would be better to have the changed files zip only to contain what files need updating, this would speed up the adoption of these security patches.

I agree with your arguments, but we cannot release new version of PunBB with illegal copyrights. And we can't put all of them to "changed files only" zip, because users will have different sources then.

Yup. You're right :)

The PunBB trunk copyrights update makes the changed files zip contain more files than were actually changed due to issues found.

I think it would be better to have the changed files zip only to contain what files need updating, this would speed up the adoption of these security patches.

Also, should this release announcement be on the front page?

Thanks.

Just updated PunBB to 1.2.18.
Several security vulnerabilities fixed.

Changes:

• Fixed an SMTP command injection vulnerability, discovered by Stefan Esser.
  

• Fixed an XSS issue in include/parser.php, discovered by Dan Crowley.

• Fixed issue with database returning the same user on multiple pages of the userlist, noticed by hcgtv.

• Fixed several potential XSS vectors in moderate.php.

• Fixed the avatars of deleted users not being removed.

• Copyrights and punbb.informer.com links updated.

• Docs removed.

It is strongly recommended to update your PunBB 1.2 installations as soon as possible.
Visit Downloads page for archives and the patch. Or get latest revision from SVN trunk.

Thanks to the people who reported issues and Smartys who fixed them.