I am happy to announce version 1.0.8 of the light and Open Source PHP/MySQL bulletin board package "UseBB".
Version 1.0.8 is a minor security and bug fix release. The most important fix is for a few full path disclosure vulnerabilities reported by Ilia Alshanetsky. Upgrading is highly recommended. Visit http://www.usebb.net/downloads/ for downloads. Information about upgrading is available in the docs/index.html document.
One of the discovered vulnerabilities is the same one found in 1.0.5 and prior releases. The fix introduced in 1.0.6 turned out insufficient and the vulnerability appeared to come forward in another case as well. It does not pose a direct threat to the forum but may disclose sensitive information which may be abused by a user who has shell access to the server or can abuse another vulnerable application or script.
Thus, as always, it is highly advised to regularly check for and install updates of installed software. Nobody except the owner is responsible when a vulnerability in an outdated version of an application has been abused.