l.i. Changes since 2.0.17

* [Fix] incorrect handling of password resets if admin activation is enabled (Bug #88)
* [Fix] retrieving category rows in index.php (Bug #90)
* [Fix] improved index performance by determining the permissions before iterating through all forums (Bug #91)
* [Fix] wrong topic redirection after login redirect (Bug #94)
* [Fix] improved handling of username lists in admin_ug_auth.php (Bug #98)
* [Fix] incorrect removal of bbcode_uid values if bbcode has been turned off (Bug #100)
* [Fix] correctly preview signature if editing other users posts (Bug #101)
* [Fix] incorrect alt tag on generated search images in groupcp.php, viewtopic.php and usercp_viewprofile.php (Bug #102)
* [Fix] consistent forum ordering in all dropdown boxes (Bug #106)
* [Fix] correctly get compression status in page_tail.php and page_footer_admin.php (Bug #117)
* [Fix] set page title on summary page of groupcp.php (bug #125)
* [Fix] correctly test style and avatar in usercp_register.php (bug #129 and #317)
* [Fix] handling of reactivation notifications if admin activation is enabled (Bug #145)
* [Fix] handling of both forms of translation information used in language packs (Bug #159)
* [Fix] key length for activation keys fixed in usercp_sendpassword.php (Bug #171)
* [Fix] use GENERAL_MESSAGE constant in message_die instead of MESSAGE (Bug #176)
* [Fix] incorrect handling of move stubs (Bug #179)
* [Fix] wrong mode_type in memberlist (Bug #187)
* [Fix] SQL errors when setting maximum PMs to 0 (Bug #188)
* [Fix] removed unused variable from topic_notify email template (Bug #210)
* [Fix] removed unset variable from smilies popup window title (Bug #224)
* [Fix] removed duplicate template assignment from admin_board.php (Bug #226)
* [Fix] incorrect search link for guest posts in modcp.php (Bug #254)
* [Fix] all users removed from topics watch table on special occassions (Bug #271)
* [Fix] correctly check returned value from strpos in append_sid function (Bug #275)
* [Fix] correctly display username in private message notification (Bug #278)
* [Fix] fixed "var-by-ref" errors (Bug #322)
* [Fix] changed redirection to installation (Bug #325)
* [Fix] added timout of 10 seconds to version check (Bug #348)
* [Fix] fixed user_level default in postgresql schema file (Bug #444)
* [Fix] multiple minor HTML issues with subSilver
* [Change] deprecated the use of some PHP 3 compatability functions in favour of the native equivalents
* [Change] added 60 days limit for grabbing unread topics in index.php
* [Sec] backport of session keys system from olympus
* [Sec] fixed email bans to use the same pattern as email validation and allow wildcard domain bans
* [Sec] fixed validation of topic type when posting
* [Sec] unset database password once it is no longer needed
* [Sec] fixed potential to select images outside the specified path as avatars or smilies
* [Sec] fix globals de-registration code for PHP5 - (Stefan Esser/Matt Kavanagh)
* [Sec] changed avatar gallery code sections to prevent possible injection points (AnthraX101)
* [Sec] signature field is not properly sanitised for user input when an error occurs while accessing the avatar gallery (AnthraX101)
* [Sec] check to_username and ownership when editing a PM (AnthraX101)
* [Sec] fixed ability to edit PM's you did not send (depablo84)
* [Sec] compare imagetype on avatar uploading to match the file extension from uploaded file

l.ii. Changes since 2.0.16

* Added extra checks to the deletion code in privmsg.php - reported by party_fan
* Fixed XSS issue in IE using the url BBCode
* Fixed admin activation so that you must have administrator rights to activate accounts in this mode - reported by ieure
* Fixed get_username returning wrong row for usernames beginning with numerics - reported by Ptirhiik
* Pass username through phpbb_clean_username within validate_username function - AnthraX101
* Fixed PHP error in message_die function
* Fixed incorrect generation of {postrow.SEARCH_IMG} tag in viewtopic.php - reported by Double_J
* Also fixed above issue in usercp_viewprofile.php
* Fixed incorrect setting of user_level on pending members if a group is granted moderator rights - reported by halochat
* Fixed ordering of forums on admin_ug_auth.php to be consistant with other pages
* Correctly set username on posts when deleting a user from the admin panel

l.iii. Changes since 2.0.15

* Fixed critical issue with highlighting - Discovered and fix provided by Ron van Daal
* Url descriptions able to be wrapped over more than one line again
* Fixed bug with eAccelerator in admin_ug_auth.php
* Check new_forum_id for existence in modcp.php - alessnet
* Prevent uploading avatars with no dimensions - Xpert
* Fixed bug in usercp_register.php, forcing avatar file removal without updating avatar informations within the database - HenkPoley
* Fixed bug in admin re-authentication redirect for servers not having index.php as one of their default files set

l.iv. Changes since 2.0.14

* Fixed moderator status removal in groupcp.php
* Removed newlines after ?> on some files - Thoul
* Added admin re-authentication (admin needs to login seperatly to access the ACP) - backported from Olympus
* Fixed vulnerability in url/bbcode handling functions - PapaDos and Paul/Zhen-Xjell from CastleCops
* Fixed issue in admin/admin_forums.php
* Suppressed warning message for fsockopen in /includes/smtp.php - Thoul
* Fixed bug in admin/admin_smilies.php (admin is able to add empty smilies) - Exy
* Adjusted documents to reflect the urgent need to update the files too (not only running the database update script)
* Updated the readme file
* Added one new language variable
* Added general error if accessing profile for a non-existent user
* Changed session id generation to be more unique - Henno Joosep
* Fixed bug in highlight code to escape characters correctly
* Reversed the 2.0.14 fix for postgresql because it produced more problems than it solves.
* Added reference to article written by R45 about case-sensitivity in postgreSQL to the readme file
* Fixed bypassing of validate_username on registration - Yen
* Empty url/img bbcodes no longer get parsed

l.v. Changes since 2.0.13

* Hardened author and keyword search a bit to not allow very server intensive searches
* Fixed full path disclosure in bad word parsing
* Resetting complete userdata array in session code if authentication fails
* Fixed bug in moderator control panel where certain parameters could lead to an "error creating new session" sql error
* Fixed bug in session code where empty page ids could lead to an "error creating new session" sql error
* Fixed html handling in signatures if html is turned off globally
* Fixed install.php problem with PHP5 register_long_arrays option turned off
* Fixed potential issues with styling system
* Added correct class to login_body template file
* Removed file db/oracle.php from package
* Removed version number from message body page in /admin (if user is not an admin) - mikelbeck
* Fixed case-sensitivity issues in postgres7.php - R45

wow this is worthless

(you better add BBCode syntax highlighting to SC2!)