Christoph Feddersen

During a security audit of ubb.threads I discovered several potential security issues in the software.
Infopop is now aware of the problem but their time schedule for a new release is rather unspecific.
All they said is that it will take several weeks…
As the security flaws can be used to compromise your server, gain admin rights etc. I came up with modification that should protect you from possible attacks.

I encourage all owners of ubb.threads to install this modifcation. Currently this modification works for ubb.threads 6.3.x and 6.5.x.
Please not that all versions of ubb.threads are vulnerable!

Feel free to contact me if you have questions about this modification or need a working version for ubb.threads 6.4.x.

Today Infopop released a security fix for ubb.threads.
It fixes a security vulnerability that was reported some days ago. All owners of ubb.threads should update as fast as possible.

Release notes

Infopop finally released the long awaited bugfix release of ubb.threads.
According to the release notes the bugs in the new post tracking have been resolved.

Note that this will probably the last release before the new generation product that has been announced by Infopop a while ago.