As it was recently reported
I personally think despite their theory, these issues are very vague and hard to imitate in practice. Anyway carrying about secure software, we weren't brave to ignore them and did the following updates:
1) In the Human Authorization (Captcha) add-on
, there is a minor update in addon_authorize.php
file. Please note we didn't change the version of the add-on because this issue doesn't affect any kind of the new development in this add-on. Premium customers will just need to download the version from their downloads area and overwrite this file.
2) In the miniBB core, there is update regarding bb_cookie.php
file's function called getMyCookie
(previously, there was a security fix only removing clear slashes in the username).
These issues have very low practical importance, however I hope they will be appreciated by a hacking theory followers ;-)