Phorum 3.4.3 Released!
We are releasing Phorum 3.4.3 today in response to some security issues found by Procheckup Ltd. On 05/06/2003 at 8:41 AM, they posted a bug report that they have found the issues. We had them fixed that day, but wanted to test and test again before releasing the code. News of bugs always puts the spotlight on a project, so we did want to make sure all was fixed. The bugs included more XSS issues that we introduced when we fixed the last XSS issues, one admin script that could execute some code (if you moved your admin like the installation instructions reccomend, this should not be an issue) to the simple problem of PHP blurting out file paths (a common PHP issue, not really Phorum related) when some scripts are loaded in a browser (again if the install instructions are followed, this would not be possible).
We won't be listing any specific descriptions of exploits and have asked Procheckup Ltd. to do the same. We know it will take time for everyone to get upgraded and hope that you will not be affected.