Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to IPS!

Feel free to browse our community to get a feel for how our community software operates. Post in the pre-sales forum with any questions you have before purchasing or use the Test Posting forum to post a few messages yourself! You can also get a free demo to try the IPS Community Suite yourself.

Already an active IPS client?

Login with the same email address and password you use for the client area to access client-only areas.

5

3 votes

Invision Power Board 3.0.5 Released

Started by IPS News, Dec 08 2009 04:59 PM

Please log in to reply

No replies to this topic

#1 IPS News

Public Relations

IPS Staff
710 posts

Posted 08 December 2009 - 04:59 PM

We are pleased to announce Invision Power Board 3.0.5 has been released.

This is a maintenance release for IP.Board 3 and addresses various bugs, security enhancements, and performance improvements.

Major Changes Since 3.0.4

Among many dozens of smaller bugs fixed and performance improvements, the following security enhancements were made:

SQL and local file include issue fixed. Note: Due to protection within the SQL driver classes, it is very difficult to effectively exploit IP.Board using this attack. Also you need moderator permissions to perform any exploit. We've hardened this code regardless. Also, due to the input cleaning functions IP.Board uses, the local file include is limited to PHP files on the file system as the usual 'null byte' trick is ineffective.
Internet Explorer XSS Issue due to incorrect attachment handling fixed.

Downloading

You can download IP.Board 3.0.5 and any applications you have an active license for in the client area. As always, make a backup of your community before proceeding.

IP.Board 2.3.6 Security Update
Below is a zip containing the patched files for 2.3.6.