[UPHPU] phpBB3 Release Date Announced
Eric Faerber
php at ericfaerber.com
Wed Dec 12 16:50:18 MST 2007
phpBB1 was released in 2000. phpBB2 was released in 2002. phpBB3 will be released in 2007.
It wasn't until a couple years ago that they raised the minimum version from PHP 3 to PHP 4 for phpBB2. phpBB is old. You can't say they could predict every exploit that was going to happen when they first released phpBB2 in 2002.
phpBB2 does have methods to sanitized user input but it's better and easier to use in phpBB3.
> -------Original Message-------
> From: Joshua Simpson <std3rr at gmail.com>
> Subject: Re: [UPHPU] phpBB3 Release Date Announced
> Sent: Dec 12 '07 23:37
>
> On Dec 12, 2007 3:28 PM, <[LINK: mailto:php at ericfaerber.com]
> php at ericfaerber.com> wrote:
> Yes. We had a paid security audit done by SektionEins ([LINK:
> http://www.sektioneins.de] http://www.sektioneins.de). SQL queries and
> getting user data has been standardized so that they are cleaned before use
> making it very unlikely for SQL injection and other attacks to happen.
>
>
> It took them 3 major versions and several years to get input sanitization
> standardized?
>
> I'm just surprised that phpBB is still around.
More information about the UPHPU
mailing list