phpBB 3.0.7-PL1 Released

[pi0tr3k]

Hello,

phpBB 3.0.7-PL1 has been released in order to address a security issue that was introduced in phpBB 3.0.7, according to an announcement from Nils. As such, you are urged to upgrade as soon as possible.

Update: The wording I had here, explaining the issue when this post was first made, was not accurate. In lieu of explaining it in a more detailed manner, the issue is that, under certain circumstances, a member or guest may be able to view the contents of a private forum, even if you have not specifically granted them access to it.

The fix is a single code change, which you can make to feed.php on line 525:

Find:

Code: 

$forum_ids = array_keys($auth->acl_getf('f_read'));

Replace with:

Code: 

$forum_ids = array_keys($auth->acl_getf('f_read', true));

There are no other code changes in phpBB 3.0.7-PL1. Nonetheless, we also have the full package available for download: http://www.phpbbhacks.com/download/9131

Cheers, pi0

Source: PHPBBHacks

pi0tr3k Reviewed by pi0tr3k on 8th Mar 2010. phpBB 3.0.7-PL1 Released Hello, phpBB 3.0.7-PL1 has been released in order to address a security issue that was introduced in phpBB 3.0.7, according to an announcement from Nils. As such, you are urged to upgrade as soon as possible. Update: The wording I had here, explaining the issue when this post was first made, was not accurate. In lieu of explaining it in a more detailed manner, the issue is that, under certain circumstances, a member or guest may be able to view the contents of a private forum, even if you Rating: 5