Topic: PunBB 1.2.19
PunBB 1.2.19 released.
The only differ from 1.2.18 is fixing improper attempt to solve an XSS issue in include/parser.php.
We apologize for hurrying up with 1.2.18 release, having not enough testing.
We assume most users are upgrading from PunBB version 1.2.17 or lower, so
here is the 1.2.17 to 1.2.19 changelist:
Fixed an SMTP command injection vulnerability, discovered by Stefan Esser.
Fixed an XSS issue in include/parser.php, discovered by Dan Crowley.
Fixed issue with database returning the same user on multiple pages of the userlist, noticed by hcgtv.
Fixed several potential XSS vectors in moderate.php.
Fixed the avatars of deleted users not being removed.
Copyrights and punbb.informer.com links updated.
It is strongly recommended to update your PunBB 1.2.* installations to PunBB 1.2.19 as soon as possible.
Visit Downloads page for archives and the patch. Or get latest revision from SVN trunk.
Thanks to the people who reported issues and Smartys who fixed them.