Weak point closed in phpBB
The developers of phpBB have released version 2.0.22 of the forum software, which, in addition to making some cosmetic improvements, closes some security holes.
The new version of the software takes a closer look at the avatar upload directory and changes the criteria for bad redirection targets. The programmers have also closed a cross-site scripting hole in the display of private messages and sessions checks have been added to various forms.
The developers recommend that all users update their phpBB as quickly as possible. They also remind administrators to execute the database update script to complete the update.