http://punbb.informer.com/
轻量级PHP开源论坛程序,facebook的开发者论坛用的就是这个
推出了最新的1.2.19,做了以下修正

1、Fixed an SMTP command injection vulnerability, discovered by Stefan Esser.
2、Fixed an XSS issue in include/parser.php, discovered by Dan Crowley.
3、Fixed issue with database returning the same user on multiple pages of the userlist, noticed by hcgtv.
4、Fixed several potential XSS vectors in moderate.php.
5、Fixed the avatars of deleted users not being removed.
6、Copyrights and punbb.informer.com links updated.
7、Docs removed.

其中最重要的应该是修正了可能导致跨站攻击的bug,有使用这个程序的,尽快升级吧。

下载链接:
http://punbb.informer.com/download/punbb-1.2.19.zip

有像我一样有升级强迫症的人请用SVN
http://punbb.informer.com/svn/punbb/trunk/

ps:在官方论坛看到用人用中文发帖,真牛。

标签:punbb, opensource

评论已关闭