Skip navigation

PunBB Home

Navigation

Reinventing the wheel since august 2003!

PunBB 1.3

PunBB 1.2 (old)

Recent Forums posts

Software Informer tags

Newsletter

Subscribe to the PunBB Newsletter to receive notification of updates and other important events regarding PunBB. Your e-mail address will be kept private and will not be shared with any third party.

Subscribe/unsubscribe

News

PunBB 1.3.1

PunBB 1.3.1 is released. Most significant 1.3 to 1.3.1 changes:

  • XSS vulnerability via topic subjects in moderate.php is fixed (reported by PHPLizardo).
  • Markup issues are fixed, language files are reviewed (thanks to PunBB translators).
  • Both outdated and obscure notifications are modified.

Though all known critical bugs of PunBB 1.3 are solved with hotfixes, you can update your forum to 1.3.1.

Downloads: visit Downloads page for the 1.3.1 packages. Or get PunBB 1.3.1 from Subversion repository.

Posted on 2008-11-26 | Comments

PunBB 1.3 final release

Congratulations! PunBB 1.3 is finished.

Most significant (for users and moderators) 1.2.20 to 1.3 changes:

  • Extension system based on hooking technique. One click extension installation, no need to modify forum's code anymore.
  • Full UTF-8 support.
  • More customazable styles, templating system.
  • New layout: markup, CSS, language files updated, markup helper functions added.
  • URL rewriting schemes, nice URL's built-in.
  • Split/merge topics functionality.
  • Multiple groups for moderators allowed.
  • Searches are now case-insensitive, extern.php improved, more global, per-group and per-user options added.
  • Certain "bad" characters are silently stripped out from the text input.
  • Got rid of extras folder, README added.
  • Hotifx system based on extension system for quick bugfixes.

Note: language packs and modifications for PunBB 1.2 are useless in 1.3. You are welcome to make a 1.3 translation to your language. Visit language packs page in wiki to take a part.

Downloads: visit Downloads page for the 1.3 packages. Or get PunBB from Subversion repository.

Migration: updating script (from 1.2.*) is included into the package. See wiki article for instructions.

Documentation: use PunBB wiki. There is some lack of information at the moment, but we hope to improve it with your help.

Extensions: you are welcome to download extensions from official PunBB extensions repository.

Posted on 2008-11-09 | Comments

PunBB 1.3 RC2

PunBB 1.3RC2 is ready.

Most significant 1.3 RC to 1.3 RC2 changes:

  • New layout: markup, CSS, language files updated, markup helper functions added.
  • Added split/merge topics functionality.
  • Added a "database revision number" to the code. This feature provides a way to track whether the database needs to be updated or not.
  • Added constants to various included files to be used to indicate whether a certain file has been loaded or not, removing the need to use include_once/require_once.
  • Added global DST option and the default email setting for new users.
  • Search (searches are now case-insensitive), extern.php, URL rewriting improved.
  • More helpers added to the DB layer and used everywhere in the forum.
  • Got rid of extras folder: install and db_update moved to admin; README, COPYING and .htaccess.dist added to the forum root.
  • Added phpDoc comments to the start of every PHP file, replacing the existing GPL notice.
  • Lot of hooks added.

Visit Downloads page for the 1.3 RC2 packages. Or get it from Subversion repository.

PS: Official extensions may not work correctly now and need to be updated for the new 1.3 RC2 markup. This will be done in a week or two.

Posted on 2008-10-31 | Comments

PunBB 1.2.20

PunBB 1.2.20 and 1.3RC hotfix released today.

The XSS via the "p" GET parameter is fixed. Reported by Henry Sudhof.

The proof of concept: userlist.php?p=2<script>alert('meh');</script>

As usual, PunBB 1.3RC administrators will see an alert (as soon as they log in to the forum) and will be able to install the hotfix with several clicks.

This bug cannot be used directly in PunBB 1.2, but can appear in mods using the page number set by PunBB: check your mods for the correct page number screening.

Visit Downloads page for the PunBB 1.2.20 packages and patches. Or get the latest revision from SVN trunk.

Posted on 2008-08-20 | Comments

PunBB 1.2.19

PunBB to 1.2.19 released. This release fixes just one bug introduced in 1.2.18.

We assume most users are upgrading from PunBB version 1.2.17 or lower, so here is the
1.2.17 to 1.2.19 changelist:

  • Fixed an SMTP command injection vulnerability, discovered by Stefan Esser.
  • Fixed an XSS issue in include/parser.php, discovered by Dan Crowley.
  • Fixed issue with database returning the same user on multiple pages of the userlist, noticed by hcgtv.
  • Fixed several potential XSS vectors in moderate.php.
  • Fixed the avatars of deleted users not being removed.
  • Copyrights and punbb.informer.com links updated.
  • Docs removed.

It is strongly recommended to update your PunBB 1.2.* installations as soon as possible.

Patches and changes files for 1.2.17 to 1.2.19 (as well as 1.2.18 to 1.2.19) migration are available at Downloads page.

You are welcome to get the latest revision from SVN trunk.

Posted on 2008-07-11 | Comments