On the 10th of March the hxp CTF competition was held, where one of the tasks was to hack AsmBB.
Out of 181 teams participating in the competition, only 8 managed to solve this task. And in doing so, they did the AsmBB project a huge favor.
Several XSS vulnerabilities and one serious RCE were disclosed.
Of course, the disclosed vulnerabilities are now fixed. Thanks to Zeyu for the great writeup and to Sisu who noticed me about this challenge.
So, I recommend everyone to upgrade to the latest version of trunk.
I'll wait a week or so to see if any new bug reports appear and plan to issue an official v2.10 release.
P.S. Unfortunately I am still too busy with a RL projects, but I hope to find some free time in the coming months to work more actively on this and other free projects.