phpBB patch?
LI Xin
delphij at delphij.net
Thu Jan 25 03:51:44 UTC 2007
gareth wrote:
> hi, portupgrade just upgraded phpbb-2.0.22 to phpbb-2.0.22_1.
> it used phpBB-2.0.22.tar.bz2 from www.phpbb.com (same as before),
> and as far as i can tell the .php files are the same (and naturally
> the database is untouched). does anyone know what this upgrade
> was meant to achieve?
This update has removed a patch which is previously used to protect
users against session exhaustion problem that hurts when heap session
table is used, which is common and is suggested by phpBB developers in
the MySQL 3.x age.
Unfortunately, the continued phpBB development has more and more (ab)use
of the session table and simply rejecting anonymous session is no longer
feasible, as it causes problem for many places in phpBB especially for
its new features. Instead of using the patch, users have to re-create
session table if they used heap session table in the past, to prevent
the DoS problem. This would not cause serious performance penalty for
newer MySQL versions.
Cheers,
--
Xin LI <delphij at delphij.net> http://www.delphij.net/
FreeBSD - The Power to Serve!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20070125/fd8dc07f/signature.pgp
More information about the freebsd-ports
mailing list