Topic: PunBB 1.2.4
It's that time again. I had hoped to not have to release an update for a while, but security in web applications is a tricky thing. Nevertheless, I'm happy to announce the release of PunBB 1.2.4. This release has been made to remedy a few security vulnerabilities (primarily an XSS bug in profile.php) as well as fix a few minor glitches and annoyances.
Thanks to smartys for reporting most of the bugs fixed in this release and for reporting security vulnerabilities directly to me AND giving me due time to fix/release. I wish I could say the same regarding some of the other bugs. If you find a vulnerability in PunBB, please e-mail it to me. Posting it directly to various "security bulletins" only makes life more difficult for me and for all PunBB users. I have no problem with PunBB vulnerabilities showing up on e.g. Bugtraq, but only if there is a bugfix release available at the time it is posted.