Topic: PunBB 1.2.12

Just a quick note to announce 1.2.12. This release fixes two XSS vulnerabilities and one minor bug. Due to the security updates, I recommend that everyone update. As usual, you'll find the download on the downloads page.

Thanks to the people who alerted me via e-mail about the vulnerabilities. I'm sorry for the somewhat slow response this time.

Edit: I won't be able to announce this via the newsletter today because it turns out my ISP isn't that fond of me sending out mass e-mail. I'll write a script and run it on the server, but it'll have to wait until tomorrow.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Re: PunBB 1.2.12

1.3 needed not 1.2.12 hmm

Re: PunBB 1.2.12

Yes, I understand a lot of you are looking forward to 1.3. The only thing I can say about that right now is that it is in active development. Don't take my word for it, have a look for yourself:

http://dev.punbb.org/timeline

"Programming is like sex: one mistake and you have to support it for the rest of your life."

4 (edited by Nevethir 2006-05-20 17:29)

Re: PunBB 1.2.12

Yes I see, but how long will take You to release stable 1.3? Months, weeks, days tongue?

5 (edited by Jansson 2006-05-20 17:40)

Re: PunBB 1.2.12

I'm guessing that 1.3 will require a few months of open beta testing before going stable because of the extension system and all the hooks that need to be sorted out.

Edit: Update the announcement tongue

6

Re: PunBB 1.2.12

Is there any way we can make manual updates ... like for 1.2.11 .... ?

Re: PunBB 1.2.12

Great! Thanks for this update.

iatbm wrote:

Is there any way we can make manual updates ... like for 1.2.11 .... ?

There's a hdiff file here: hdiff-1.2.11_to_1.2.12.html

8

Re: PunBB 1.2.12

thank you for the update tongue updated with the version changer plugin cause im a lazy motha trucka.

9 (edited by Bassguy 2006-05-20 23:55)

Re: PunBB 1.2.12

Thanks for keeping my boards secure, Rickard! PunBB simply is the best.

10 (edited by neofutur 2006-05-21 05:40)

Re: PunBB 1.2.12

thanks for the colored diff and the security update.

( remember to update http://freshmeat.net/projects/punbb/ too wink

11

Re: PunBB 1.2.12

I blame myself for exploits. Why? Because everytime I install a piece of software and get it the way I want, an update comes out lol

Re: PunBB 1.2.12

This one is prety fast and simple with http://punbb.org/download/hdiff/hdiff-1 … .2.12.html

( thanks jmpy for the link )

My megamod MyBestBB is already 1.2.12 based wink

13 (edited by coxis 2006-05-21 14:04)

Re: PunBB 1.2.12

Thanks for hdiff-1.2.11_to_1.2.12.html file !!!
It is always better this way than upload a new files because we have probably many mods from plugins in the standard codes smile

But in admin i see this still:
PunBB 1.2.10 - Check for upgrade
© Copyright 2002, 2003, 2004, 2005 Rickard Andersson

Re: PunBB 1.2.12

Coxis: Because you didn't run the updating script, you can't expect to edit the files and have the value in the DB magically change tongue
You can also use the version changing plugin wink

15 (edited by coxis 2006-05-21 14:30)

Re: PunBB 1.2.12

ooo ok
i just change the files manually by hdiff file
do i need to make some more ?

i mean i only change the files by editing them and i can have that old version number show
i just want to be secure with the new updates, that is all i think

Re: PunBB 1.2.12

coxis wrote:

ooo ok
i just change the files manually by hdiff file
do i need to make some more ?

No, you don't tongue
My point is that the version number is stored in the database and thus you can't expect to update the version number by just updating the files in the hdiff tongue
You can either grab a copy of the 12_to_1212_update.php script or just use the version changer plugin to manually change it

17

Re: PunBB 1.2.12

ok thanks, clear to me and others maybe now smile

18

Re: PunBB 1.2.12

coxis wrote:

i just change the files manually by hdiff file
do i need to make some more ?

i mean i only change the files by editing them and i can have that old version number show
i just want to be secure with the new updates, that is all i think

To do it by hand you must modify the value of o_cur_version in the database to 1.2.12, then you need to delete the cache_config.php file located in the cache folder.

Reference:
solutionsphp: http://punbb.org/forums/viewtopic.php?pid=63835#p63835
Smartys: http://punbb.org/forums/viewtopic.php?pid=63836#p63836

19 (edited by Smartys 2006-05-21 20:22)

Re: PunBB 1.2.12

Edit: I mis-read, my bad, ignore me tongue

asleo wrote:
coxis wrote:

i just change the files manually by hdiff file
do i need to make some more ?

i mean i only change the files by editing them and i can have that old version number show
i just want to be secure with the new updates, that is all i think

To do it by hand you must modify the value of o_cur_version in the database to 1.2.12, then you need to delete the cache_config.php file located in the cache folder.

Reference:
solutionsphp: http://punbb.org/forums/viewtopic.php?pid=63835#p63835
Smartys: http://punbb.org/forums/viewtopic.php?pid=63836#p63836

Wrong, because the data is still in the database as 1.2.11: you also have to update the database tongue

Re: PunBB 1.2.12

Smartys wrote:

Wrong, because the data is still in the database as 1.2.11: you also have to update the database tongue

He said "modify the value of o_cur_version in the database" smile

"Programming is like sex: one mistake and you have to support it for the rest of your life."

21 (edited by Smartys 2006-05-21 20:22)

Re: PunBB 1.2.12

Bah, I thought he said modify it in the file tongue
I've been sitting in front of this computer for too long today, time to take a break tongue

22 (edited by mikey 2006-05-23 06:41)

Re: PunBB 1.2.12

You should make an RSS feed for update notifications.

[edit]

also, could you provide some manual patching instructions? I don't want to undo all my hacks.


[more editing]

nevermind, found manual directions on download page

Re: PunBB 1.2.12

mikey wrote:

You should make an RSS feed for update notifications.

http://punbb.org/forums/extern.php?acti … p;type=rss
That should work for the most part tongue

24

Re: PunBB 1.2.12

jmpy wrote:

Great! Thanks for this update.

iatbm wrote:

Is there any way we can make manual updates ... like for 1.2.11 .... ?

There's a hdiff file here: hdiff-1.2.11_to_1.2.12.html

thx for the update and the diff!

My PunBB Arcade Mod & Game Packs 1-9 (update 01-06-2007):
Test and download here !

25

Re: PunBB 1.2.12

1.3 needed not 1.2.12

[img]http://www.chemicalfusion.net/jords/eddieb.jpg[/img]