UseBB.net is the official website of UseBB 1, a mature, light and Open Source PHP 4 and MySQL based forum package, distributed freely under the GPL license. It is also the project developing UseBB 2, a future PHP 5 based community system that is modular and object oriented while retaining UseBB's core characteristics of usability and effectivity.
Latest News
UseBB 1.0.10 RSS feeds security issue
Very recently, a security issue has been discovered in UseBB 1.0.10 with per forum and topic RSS feeds in combination with restricted forum access permissions.
UseBB 1.0.10 uses the "view" forum permission to enable or disable per forum and topic feeds. This way, if a forum has e.g. "view" set to guests but "read" to members, a guest gets access to the contents of the first posts through the forum feed and all the posts of a topic through its topic feed. With expected behaviour, UseBB should instead use the "read" permission setting to show or hide first posts' contents in the forum feeds and the topic feeds in their entirety.
Anyone having a restricted "read" permission set but NOT an equal or more restricted "view" one is prone to this issue and should either disable per forum/topic feeds, adjust the "view" permission to be equal to the "read" one or fix their UseBB setup.
Fixing UseBB 1.0.10 is done through uploading (overwriting) a new rss.php or applying the patch. rss.php can be found in the top directory of your UseBB setup.
* New rss.php
* Patch file
UseBB 1.0.11, including more changes and bug fixes to be released after testing, will have this issue fixed as well.
For questions and support, please ask at the forums.
Apologies for any inconvenience and thank you for your understanding.
UseBB Project
http://www.usebb.net
PS: If you encounter PHP (5.3) errors concerning deprecated functions, this is a different (and harmless) issue that can be fixed easily too.
Posted on 29th August 2010
UseBB 1.0.10 released
The UseBB project releases UseBB 1.0.10, the tenth maintenance release of the UseBB 1 light PHP 4 and MySQL bulletin board system.
This release fixes a quite important issue with possible infinite loops on BBCode parsing making DoS attacks possible. It also includes a major change in RSS feed generation, adding per forum and topic feeds and fixing multiple problems with feed contents.
Ofcourse, several other smaller bug fixes and changes are included:
- Fixed bug #2367: SQL error on search sorted by author.
- Fixed bug with remembering guest auth settings on adding new forum.
- Mass email in board default language and only to unique email addresses.
- Personal emails now sent in correct (recipient's) language.
- ...
As always, upgrading is recommended. Any version less or equal to 1.0.9 is now unsupported. Visit http://www.usebb.net/downloads/ for downloads. Information about upgrading is available in the docs/index.html document.
Update: PHP 5.3 issues? See this post.
Posted on 25th October 2009