• From: 127.0.0.1
  • Registered: 2001-11-02
  • Posts: 9,167

Topic: PunBB 1.2.3

I am pleased to announce the release of PunBB 1.2.3. This release, similarly to 1.2.2, has been made primarily to address a number of security vulnerabilities. Of these vulnerabilities, one is to be considered critical. PunBB 1.2.3 is a recommended upgrade for everyone. If you are for some reason unable to upgrade, you should at least make sure to apply changeset 123. In addition to said security updates, a number of minor bugfixes have also made it into this release.

I'm sorry for the rather high frequency of security updates these last few weeks. Hopefully there won't be a need for any more updates to the 1.2 tree for some time now. PunBB is currently undergoing a security audit and this is the reason for the high number of security updates lately.

I would like to thank John Gumbel and Smartys for both reporting the critical vulnerability (just a few hours apart), John Gumbel for reporting the e-mail header injection vuln. and Smartys for reporting the SQL injections in the admin scripts. Thank you both for giving me due time to fix and release 1.2.3.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Rickard's Website

2 Reply by Romuald (edited by Romuald 2005-03-11 19:49)

  • Registered: 2005-02-28
  • Posts: 51

Re: PunBB 1.2.3

What about the 1.3?
No update? No probleme?

Sorry for my french english.
GT4 Club driver France & Forum - Lingerie.

Romuald's Website

3 Reply by dot

  • dot
  • Member
  • Offline
  • From: Rocky Mountains
  • Registered: 2004-07-30
  • Posts: 31

Re: PunBB 1.2.3

After doing the update, is it safe to overwrite the new 1.2.3 version Oxygen.css and Oxygen_cs.css with the older files of the same name from 1.21 or 1.22 versions? I've already made some changes in those older files to change color and size, and it would save doing it again.

4 Reply by Paul

  • Paul
  • Senior Member
  • Offline
  • From: Wales, UK.
  • Registered: 2003-08-13
  • Posts: 3,089

Re: PunBB 1.2.3

There have been no markup or css changes since 1.2.1.

5 Reply by dot (edited by dot 2005-03-11 20:24)

  • dot
  • Member
  • Offline
  • From: Rocky Mountains
  • Registered: 2004-07-30
  • Posts: 31

Re: PunBB 1.2.3

Thanks Paul.

One more question, since I can't exactly remember when I made the changes. Are the original first 1.2 version oxygen.css and oxygen_cs.css files alright to also upload and overwrite the newly upgraded files?

6 Reply by Paul

  • Paul
  • Senior Member
  • Offline
  • From: Wales, UK.
  • Registered: 2003-08-13
  • Posts: 3,089

Re: PunBB 1.2.3

There was a change between 1.2.0 and 1.2.1 so the answer is probably no depending on what changes you made. It's easy to tell which version of the files you altered. Open Oxygen.css and look for this at the end

****************************************************************/
/* 10. POST STATUS INDICATORS */
/****************************************************************/

If its there then that is version 1.2.1, if its not then it is a version 1.2.0 stylesheet.

  • Registered: 2005-03-01
  • Posts: 37

Re: PunBB 1.2.3

For the people who have edited almost all of the php files for mods, is it possible to get a list of the files that changed in this upgrade?

FREE web hosting: www.subnixus.com

subigo's Website

  • Connorhd
  • Connorhd
  • Former PunBB Developer
  • Offline
  • From: Leeds, UK
  • Registered: 2004-06-13
  • Posts: 4,195

Re: PunBB 1.2.3

yeh download the changed files only version (or look a the hdiff)

FluxBB.
Connorhd.co.uk.

Connorhd's Website

  • Registered: 2005-03-01
  • Posts: 37

Re: PunBB 1.2.3

Oops... lol. Thanks.

FREE web hosting: www.subnixus.com

subigo's Website

  • Registered: 2004-11-21
  • Posts: 64

Re: PunBB 1.2.3

So if I understand correct: to keep your mods just make the changes shown in the HDIFF manually and thus upgrade to 1.2.3.?

http://www.debateroom.com
  • From: 127.0.0.1
  • Registered: 2001-11-02
  • Posts: 9,167

Re: PunBB 1.2.3

Yes. Or run the patch.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Rickard's Website

12 Reply by Todd

  • Todd
  • Senior Member
  • Offline
  • From: Outer Banks, NC
  • Registered: 2004-07-05
  • Posts: 118

Re: PunBB 1.2.3

Thanks for focusing on security. I plan on using Pun on a future site where security will be very important. I'm glad to know that it is a priority. Keep up the excellent work!

If its cheaper to run Windows than it is to run Linux, how come Microsoft has all the money?

Todd's Website

13 Reply by gezz

  • gezz
  • Senior Member
  • Offline
  • From: Canada (eh?)
  • Registered: 2004-04-16
  • Posts: 142

Re: PunBB 1.2.3

Yes, security should be a priority and its reasuring to know that punbb thinks the same way.

-gezz
  • Registered: 2007-10-01
  • Posts: 15

Re: PunBB 1.2.3

Have I missed something. The dates indicate this is 3yrs old, but wouldn't 1.2.3 be further along than 1.2.2x?
Beagle

15 Reply by Utchin

  • Utchin
  • PunBB senior member
  • Offline
  • Registered: 2007-02-09
  • Posts: 760

Re: PunBB 1.2.3

Not relli.

1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
1.2.9
1.2.10
1.2.11
1.2.12
1.2.13
1.2.14
1.2.15
1.2.16
1.2.17
1.2.18
1.2.19
1.2.20

smile

Sorry. Unactive due to personal life.
  • Registered: 2007-10-01
  • Posts: 15

Re: PunBB 1.2.3

doh, thanks
Beagle