[mxbb-news] mxBB-Portal version 2.7.5-pl3 (patch level 3) released!

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi everyone,

The mxBB Development Team would like to announce the immediate release of
mxBB-Portal version 2.7.5-pl3 (Patch Level 3).

This is a Critical Update that in addition to several bug fixes contains
back ported code from our incomming 2.8 core to make it easy to deal with
security issues related to GET and POST variables. This has been used to
fix a Critical Security Issue affecting our main index.php script.

A BIG THANK YOU goes to resnikov for reporting said security hole to us
privately.

This package has been tested under PostgreSQL 8.0.1. While doing so, a
couple of malformed SQL statements have been detected (interestingly
enough, MySQL never complained about them). This has been fixed as well.

All Users of mxBB-Portal are strongly encouraged to upgrade to this release
as soon as possible.

mxBB-Portal 2.7.5-pl3 is already available from our main website:

    http://www.mx-system.com/index.php?page=112&action=file&file_id=2

mxBB-Portal 2.7.5-pl3 Release Notes can be found here:

    http://www.mx-system.com/forum/viewtopic.php?t=1224

It contains a step by step guide to help upgrade from 2.7.5 to 2.7.5-pl3
in just 5 minutes! ;-)

A detailed guide of all code changes from 2.7.5 to 2.7.5-pl3 (written in
phpBB MOD format) has been posted here:

    http://www.mx-system.com/forum/viewtopic.php?t=6473

Summary of changes introduced with 2.7.5-pl3:

   Security Fixes:
     * SQL Injection affecting index.php has been fixed. To do so, an new
       Object Oriented Class has been introducted (back ported code from
       our incomming 2.8 core) to make it easy to deal with security issues
       related to GET and POST variables.

   Bug Fixes:
     * A minor typo in login.php has been fixed.
     * Who's Online block has been re-written based on code from latest
       phpBB release (version 2.0.13).
     * A number of issues related to malformed SQL statements detected
       while testing the Core under PostgreSQL have been fixed in Block
       Administration and Page Administration.
     * Cache Management has been patched to make it fully DBAL compliant,
       enabling PostgreSQL users to use the cache system.
     * Portal page_header.php has been patched as well to fix a minor
       bug preventing Extra Meta Tags Settings from being sent to the
       browser.
     * File name in header comments has been fixed in lang_main.php

   Functionality added or changed:
     * New version of the mxBB Installer. It is now able to deal with
       several phpBB boards installed on the target system, even if they
       use *different DB engines*.
     * Module Administration has been patched to add compatibility with
       incomming 2.8 Core. This has been introduced by Jon (aka Haplo)
       when releasing the Knowledge Base Module 2.0.1.
     * Meta Tags Administration has been heavily changed. This has been
       back ported from incomming 2.8 core. Thanks to Snake for introducing
       the code changes sometime ago. ;-)

Regards,
Markus

on behalf of the mxBB Project Team