Topic: PunBB 1.2.2
Today brings the release of PunBB 1.2.2. This release has been made primarily to deal with a number of security vulnerabilities in PunBB 1.2/1.2.1. PunBB 1.2.2 fixes a number of SQL injection vulnerabilities in register.php, profile.php and moderate.php (posted to Bugtraq a few hours ago) as well as a file disclosure vulnerability in admin_loader.php. On top of this, a small number of non-security related bugs have been adressed. PunBB 1.2.2 is a recommended upgrade for everyone.
It should be noted that PunBB 1.1.* might very well be affected by some of these vulnerabilities as well, so if you're still running PunBB 1.1.*, I recommend that you at least apply the fixes in changeset 101.
I would like to thank Smartys for reporting the admin_loader.php bug and giving me time to fix it. I would also like to thank John Gumbel for reporting the other vulnerabilities even though I would have preferred more than ~20 minutes to release a bugfix version prior to the Bugtraq posting