PunBB Home

PunBB 1.3.2 has been released. Apart from minor bugs, the following security flaws have been resolved (reported by Stefan Esser):

• an XSS vulnerability in login.php;
• a possible SQL-injection in the the admin settings page with permission config values;
• a possible SQL-injection in the the admin users page.

As usual, security hotfixes for versions 1.3 and 1.3.1 have been released.

Downloads: get the latest PunBB on Downloads page or via Subversion repository.

Posted on 2008-12-08 | Comments

A new security bug was reported for the latest 1.2 revision: a user could subscribe to the forums he didn't have a permission to read (if one knew the forum ID).

This bug is fixed and PunBB 1.2.21 is released. It is recommended that you update your PunBB 1.2.* installation.

Thanks to Smartys for report.

Visit Downloads page for the PunBB 1.2.21 packages and patches. Or get the latest revision from Subversion repository.

Posted on 2008-12-03 | Comments

PunBB 1.3.1 is released. Most significant 1.3 to 1.3.1 changes:

• XSS vulnerability via topic subjects in moderate.php is fixed (reported by PHPLizardo).
• Markup issues are fixed, language files are reviewed (thanks to PunBB translators).
• Both outdated and obscure notifications are modified.

Though all known critical bugs of PunBB 1.3 are solved with hotfixes, you can update your forum to 1.3.1.

Downloads: visit Downloads page for the 1.3.1 packages. Or get PunBB 1.3.1 from Subversion repository.

Posted on 2008-11-26 | Comments

Congratulations! PunBB 1.3 is finished.

Most significant (for users and moderators) 1.2.20 to 1.3 changes:

• Extension system based on hooking technique. One click extension installation, no need to modify forum's code anymore.
• Full UTF-8 support.
• More customazable styles, templating system.
• New layout: markup, CSS, language files updated, markup helper functions added.
• URL rewriting schemes, nice URL's built-in.
• Split/merge topics functionality.
• Multiple groups for moderators allowed.
• Searches are now case-insensitive, extern.php improved, more global, per-group and per-user options added.
• Certain "bad" characters are silently stripped out from the text input.
• Got rid of extras folder, README added.
• Hotifx system based on extension system for quick bugfixes.

Note: language packs and modifications for PunBB 1.2 are useless in 1.3. You are welcome to make a 1.3 translation to your language. Visit language packs page in wiki to take a part.

Downloads: visit Downloads page for the 1.3 packages. Or get PunBB from Subversion repository.

Migration: updating script (from 1.2.*) is included into the package. See wiki article for instructions.

Documentation: use PunBB wiki. There is some lack of information at the moment, but we hope to improve it with your help.

Extensions: you are welcome to download extensions from official PunBB extensions repository.

Posted on 2008-11-09 | Comments

PunBB 1.3RC2 is ready.

Most significant 1.3 RC to 1.3 RC2 changes:

• New layout: markup, CSS, language files updated, markup helper functions added.
• Added split/merge topics functionality.
• Added a "database revision number" to the code. This feature provides a way to track whether the database needs to be updated or not.
• Added constants to various included files to be used to indicate whether a certain file has been loaded or not, removing the need to use include_once/require_once.
• Added global DST option and the default email setting for new users.
• Search (searches are now case-insensitive), extern.php, URL rewriting improved.
• More helpers added to the DB layer and used everywhere in the forum.
• Got rid of extras folder: install and db_update moved to admin; README, COPYING and .htaccess.dist added to the forum root.
• Added phpDoc comments to the start of every PHP file, replacing the existing GPL notice.
• Lot of hooks added.

Visit Downloads page for the 1.3 RC2 packages. Or get it from Subversion repository.

PS: Official extensions may not work correctly now and need to be updated for the new 1.3 RC2 markup. This will be done in a week or two.

Posted on 2008-10-31 | Comments