phpBB patch?
gareth
bsd at lordcow.org
Thu Feb 1 13:21:51 UTC 2007
On Wed 2007-01-24 (19:51), Gordon Stratton wrote:
> On 1/24/07, gareth <bsd at lordcow.org> wrote:
> >hi, portupgrade just upgraded phpbb-2.0.22 to phpbb-2.0.22_1.
> >it used phpBB-2.0.22.tar.bz2 from www.phpbb.com (same as before),
> >and as far as i can tell the .php files are the same (and naturally
> >the database is untouched). does anyone know what this upgrade
> >was meant to achieve?
>
> >From the log[1]:
> ---
> Remove previously added security patch against session table
> exhaustion, as it causes more problems in the latest phpbb
> version. Users are advised to drop and re-create their
> session tables (phpbb_sessions, phpbb_sessions_keys) without
> using "HEAP" tables.
ah, thanx for the link. so this's the only thing that changed? :
http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/phpbb/files/Attic/security-patch-includes-sessions.php?annotate=1.2
More information about the freebsd-ports
mailing list