Topic: PunBB 1.2.3
I am pleased to announce the release of PunBB 1.2.3. This release, similarly to 1.2.2, has been made primarily to address a number of security vulnerabilities. Of these vulnerabilities, one is to be considered critical. PunBB 1.2.3 is a recommended upgrade for everyone. If you are for some reason unable to upgrade, you should at least make sure to apply changeset 123. In addition to said security updates, a number of minor bugfixes have also made it into this release.
I'm sorry for the rather high frequency of security updates these last few weeks. Hopefully there won't be a need for any more updates to the 1.2 tree for some time now. PunBB is currently undergoing a security audit and this is the reason for the high number of security updates lately.
I would like to thank John Gumbel and Smartys for both reporting the critical vulnerability (just a few hours apart), John Gumbel for reporting the e-mail header injection vuln. and Smartys for reporting the SQL injections in the admin scripts. Thank you both for giving me due time to fix and release 1.2.3.