just for your Info
Changes since 2.0.8
Fixed one vulnerability in admin_board.php - Xore
Added checking for proper session id characters to sessions and viewtopic to prevent injections - Bartlomiej Korupczynski
Fixed injection vulnerabilities possible with linked avatars
Implemented unsetting globalised variables
Limited confirm switch to POST variable in posting
Changed IP code in common.php to prevent IP spoofing
Updated visual confirmation mod [pre-edited files]
Moved obtaining word censors in modcp out of topic generation loop [increased performance/lower query count] - spotted by R45
Added the ability to link to https/ftps sites using the img bbcode tag
Fixed user online information in admin/index.php
Fixed getting group moderator in groupcp.php if running oracle backend - spotted by pakman
Fixed use of non-existing result variable in modcp (poster_id instead of user_id)
Fixed several vulnerabilities (XSS, SQL Injection and path disclosure) only possible with register_globals enabled - Matthew C. Kavanagh, Janek Vind
Fixed problem with SID not delivered to next page in groupcp.php
http://www.phpbb.com/downloads.php