Topic: PunBB 1.2.11
Here's a short message announcing 1.2.11. This release has been made primarily to address an issue with the registration script that allowed a malicious user to perform a denial-of-service attack. PunBB 1.2.11 adds code to the registration script that prevents these flood registrations (an hour has to pass between registrations from the same IP). On top of this, an XSS vulnerability has been addressed.
For those of you not afraid to edit the scripts manually, here are the two changes:
Thanks to the people who alerted me via e-mail about the circulation of an "exploit" for the DoS attack.