Official support for phpBB2 ended on January 1, 2009, and the 2.0.x support forums have been locked. Furthermore all development for phpBB2, including security patches, has ceased as of February 1, 2009.[27] Other information pertaining to phpBB2 on the phpBB.com website will be removed over the coming months and phpBB2 will likely be fully phased out by the second half of 2009. However, a number of unofficial support sites for phpBB2 have formed to fill the void and will likely continue supporting phpBB2 indefinitely.

Many administrators still prefer to run phpBB2 because it provides a much simpler administration interface and has a thriving ecosystem of MODs (modifications) and styles that allow admins many options for customising the software to their liking. Others still run phpBB2 because they have installed many MODs, none of which can function in phpBB3.

The default theme in phpBB2 is named subSilver, and was designed by Tom “subBlue” Beddard. At the time that it premiered in 2001, it was a revolutionary new design for bulletin boards[citation needed], and many bulletin board themes since have borrowed many cues and design elements from subSilver.

Some of phpBB2′s major features included the following:

• A templated style system intended to allow easy customisation that keeps the PHP code separate from the HTML.
• Support for internationalisation through a language pack system; 48 translations are available for phpBB2 as of 2007.
• Compatibility with multiple database management systems including MySQL, PostgreSQL, Microsoft SQL Server, and Microsoft Access,
• Easy customisations, including MODs and styles.

The last official release of the 2.0.x line is 2.0.23, released on February 17, 2008. However, the code for phpBB 2.0.24 still remains, unreleased, in the SVN repository.

About PhpBB

phpBB is a popular Internet forum package written in the PHP scripting language. The name “phpBB” is an abbreviation of PHP Bulletin Board. Available under the GNU General Public License, phpBB is a free software. phpBB was started by James Atkinson as a simple UBB-like forum for his own website …

Drupal has announced that there will be no new features added to 6.x or 5.x. They are holding the feature updates and implementation of new features until they are ready to release Drupal 7.x in the near future.

A 7th security update for version 6 and the 13th security update for version 5 may not mean a whole slew of new features, but they do address major security issues.

Security Issues

In both versions there are potential vulnerabilities to users for creating cross site request forgeries as well as cross site scripting. Both of these vulnerabilities could potentially result in database damage or unfiltered content being published inadvertently.

Whether you are using Drupal 6.x or Drupal 5.x, it is highly recommended by the community to update to the newest version to eliminate the potential for security infringements.

There are two options to upgrade:.
Patching or Upgrading Current Drupal Versions

The first option for updating your Drupal version 5.x or 6.x is to simply patch your current core files with the updated ones. This is not the best option as the patch files do not contain certain bug fixes.

The second and best option is to do a full upgrade. This will ensure that all security fixes and bug fixes are addressed in your particular core code. You will also be better prepared for the Drupal 7 update which is expected to contain a number of new features.

It is also highly recommended that you run update.php to refresh the menu cache and other website caches. If you are using custom .htaccess or robot.txt files, you will want to make sure that any custom changes are retained since the updates modify both of these files.

Full upgrade files and patch files can be found here:

* Drupal 5.13 upgrade files
* Drupal 6.7 upgrade files
* Drupal 5.13 patch files
* Drupal 6.7 patch files

If you are using PHP 5.1.x or lower there is a warning that comes up upon login. According to the Drupal Community, “That patch has been rolled back in CVS, and we will be doing a bug fix release on December 11th.”
Get Ready for Drupal 7

Want new Drupal features? You’ll have to wait for Drupal 7 to be released. Until then get the upgrade files and ensure that your site is secure against the malicious threats described above.

If you are interested in learning more about Drupal, DrupalCon DC, the premier conference for Drupal developers, is right around the corner in March. While final submissions for sessions is over, tickets are still available. Get yours today and learn all the ins and outs of Drupal.

CMSWire

WordPress

According to an advisory from maintainers of the open-source blog software, WordPress 2.6.2 was released on September 8 to mitigate a new attack vector discovered by PHP security guru Stefan Esser.

From the announcement:

Stefan Esser recently warned developers of the dangers of SQL Column Truncation and the weakness of mt_rand(). With his help we worked around these problems and are now releasing WordPress 2.6.2. If you allow open registration on your blog, you should definitely upgrade. With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password. The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit. However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password.

WordPress developers said the attack is difficult to accomplish but, because of the associated risk, the patch is being released.

It’s important to note that other PHP applications are vulnerable to this class of attack.

WordPress shuts door on new PHP attack vector | Zero Day | ZDNet.com