Unfortunately no one can be told what FluxBB is - you have to see it for yourself.
You are not logged in. Please login or register.
FluxBB.org Forums » Announcements » FluxBB 1.2.21 released
We have just released an updated version of the 1.2 branch, this addresses a fairly serious security issue discovered by Smartys (thanks 
)
If you run 1.2 then it is highly recommended that you update your install.
Connor
http://fluxbb.org/trac/changeset/738
For anyone curious about the change
http://fluxbb.org/downloads/updates.php
Whats are the files to change to upgrade from 1.2.20 ?
http://fluxbb.org/download/releases/1.2 … .2.21.html just one small change
I've done that but it still shows 1.2.20 on the main page ?
Oh yes, we didn't update the DB update script -.-
*glares at Connor*
Ben
SVN repository for my extensions - The thread
Quickmarks 0.5
“Question: How does a large software project get to be one year late? Answer: One day at a time!” - Fred Brooks
Forgive me my ignorance, why is this dangerous?
fp.group_id=1
I guess the group with the id=1 could be other than the admin group in some situations...?
Forgive me my ignorance, why is this dangerous?
fp.group_id=1I guess the group with the id=1 could be other than the admin group in some situations...?
group_id 1 is the admin group, the old query was basically selecting all forums the admin group could view, rather than the actual user logged in can view.
Oh yes, we didn't update the DB update script -.-
Don't feel bad, the PunBB team forgot the 12_to_1221_update.php file in their changed files zip.
Let's cut them some slack though, they're doing the best they can in their spare time 
Bert Garcia - When all you have is a keyboard
To be clear, it's dangerous from an information security perspective more than anything else: it's a missing permissions check on subscriptions.
Thanks guys.
You can follow my instructions here to update your version number. The database update script was missing again (as noted above).
So it was bug rather than a security issue.
I mean, that "group_id=1" should never be there because it didn't make sense at all, not because it was dangerous. Did I got it right?
So it was bug rather than a security issue.
I mean, that "group_id=1" should never be there because it didn't make sense at all, not because it was dangerous. Did I got it right?
Yes and no. You're right that it didn't make sense at all. The security issue is that it allows me to subscribe to topics I'm not allowed to see. Which means I get emails when people post in them (along with the contents of the post)
Thanks you for the maintain of 1.2 branch .
But when the 1.3 branch was stabilized ? And it's possible to use the SVN version in production ?
I'm not speak English very well, because I'm French.
I'm kankan_1 in French community of FluxBB.
Thanks you for the maintain of 1.2 branch
But when the 1.3 branch was stabilized ? And it's possible to use the SVN version in production ?
1.3 is still in development stage, and you are not recommended to use it in production environment.
Today is the tomorrow you worried about yesterday, and all is well.
FluxBB in Chinese.
FluxBB.org Forums » Announcements » FluxBB 1.2.21 released
Powered by FluxBB