Topic: PunBB 1.2.18
EDIT: Please, do update directly to PunBB 1.2.19 due to the parser bug introduced in 1.2.18.
Patches and changes files for 1.2.17 to 1.2.19 migration are available at Downloads page.
Just updated PunBB to 1.2.18.
Several security vulnerabilities fixed.
Fixed an SMTP command injection vulnerability, discovered by Stefan Esser.
Fixed an XSS issue in include/parser.php, discovered by Dan Crowley.
Fixed issue with database returning the same user on multiple pages of the userlist, noticed by hcgtv.
Fixed several potential XSS vectors in moderate.php.
Fixed the avatars of deleted users not being removed.
Copyrights and punbb.informer.com links updated.
Thanks to the people who reported issues and Smartys who fixed them.