Topic: PunBB 1.2.17
Keeping true to our promise of providing security updates for the 1.2 branch even though our focus right now surely is on 1.3, it is my pleasure to announce the release of PunBB 1.2.17. This update addresses two rather serious security vulnerabilities as well as a couple of other minor fixes and annoyances. PunBB 1.2.17 is a recommended update for all 1.2 installs.
Important! One of the vulnerabilities that were dealt with in 1.2.17 have to do with something called the cookie seed. The changes in 1.2.17 should protect you from the vulnerability, but we still recommend that you make one minor change to your installation to further harden your forum from attacks. To make the change, open up config.php and look for something along the lines of:
$cookie_seed = '5b16024c';
The seemingly random characters within single quotes will differ in your install. Now, either replace the random characters entirely or add a few extra characters to the end and/or the beginning of the string. You can use any characters you like. Avoid the single quote character though. When you're done, save and upload the file to your forum installation. The change will require users to re-login, but apart from that, everything should be the same.
Thanks to all the people who reported bugs and security problems.