The UseBB Project releases UseBB 1.0.11, a new bugfix and maintenance release for the UseBB 1 light PHP 4 and MySQL bulletin board system.
Changes since 1.0.10
- Fixed security issue with forum/topic RSS feeds with "read" forum permission;
- increased possibilities when deleting users, i.e. removing all posts and banning email address/domain (screenshot);
- preview feature and bugs fixed for member pruning (screenshot).
Much more changes and bug fixes were made. See the Changelog for a complete list.
RSS feeds security issue
A security issue has been discovered in UseBB 1.0.10 with per forum and topic RSS feeds in combination with restricted forum access permissions, giving users access to post contents that should remain hidden. Anyone having a restricted "read" permission set but NOT an equal or more restricted "view" one is prone to this issue.
A full disclosure and patch was released earlier at node/1363. There is no need to apply the patch before upgrading to 1.0.11.
Support for PHP 5.3
Although UseBB 1 is written in PHP 4 and upto now still uses some PHP features that will be removed in future major releases (and thus are currently deprecated), UseBB 1.0.11 remains working and supported under the recent PHP 5.3. Code rewriting to avoid using deprecated functions will take place for future 1.0.x releases.
Upgrading to UseBB 1.0.11 is STRONGLY encouraged. Any version equal or less than 1.0.10 is now out of official support. Visit http://www.usebb.net/downloads/ for downloads. Information about upgrading is available in the docs/index.html document. Upgrading usually is as easy as overwriting a set of files.