[CentOS-devel] Forums
Jeff Sheltren
jeff at tag1consulting.comWed Aug 8 19:12:27 UTC 2012
- Previous message: [CentOS-devel] Forums
- Next message: [CentOS-devel] Forums
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, Aug 8, 2012 at 12:07 PM, Karanbir Singh <mail-lists at karan.org> wrote: > On 08/08/2012 08:01 PM, John R. Dennison wrote: >> phpBB has one of the worst track records for forum packages with regards >> to security issues and they have, as Les mentioned, been promising to >> "fix" the heart of the problem for many, many years now. Quite a few >> years ago I grew tired of the "phpBB security hole of the week" game, >> transitioned everything to SMF, and never once looked back. I routinely >> turn down gigs that want phpBB if I am unable to convince them to go >> with SMF - it's just not worth the headaches. > > Is it possible to quantify this phpbb security issue ? > Yes, CVEs and looking at release history seems like a way to quantify it. As I understand it, this was really more of an issue with older 1.x, 2.x versions. phpBB 3.x underwent an external (to the phpBB team) security review, and as far as I've seen, they've not had a lot of problems since, and are pretty good/fast about addressing any potential security issues. -Jeff
- Previous message: [CentOS-devel] Forums
- Next message: [CentOS-devel] Forums
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS-devel mailing list