HTML TemplatesFlash TemplatesWordPress ThemesDrupal Themese107 ThemesFree Joomla TemplatesXOOPS ThemesphpBB StylesFree SMF ThemesMagento ThemesOpenCart ThemesosCommerce TemplatesPrestaShop TemplatesVirtueMart TemplatesZen Cart TemplatesTumblr Themes
Website Templates | Coupons | Blog | News | Reviews | Tutorials | Login

phpBB News

phpBB 3.2.4 Release - Please Update

Greetings everyone,

We are pleased to announce the release of phpBB 3.2.4 "Bertie's ‘stache". This version is a maintenance and security release of the 3.2.x branch which fixes one security issue and various issues reported in previous versions.

The security issue was discovered with a new exploitation technique called Phar deserialization. An attacker with control over a founder admin account could escalate to remote code execution by abusing PHP’s default unserialization of metadata in Phar files. More information about this technique can be found here.
In order to fix this issue we’ve removed the ability to define absolute paths in the Admin Control Panel. This resulted in the removal of setting the ImageMagick path, so make sure to have the GD image library available instead. A new event to generate thumbnails was added as replacement, so you’re able to write an extension that uses a different image library to generate thumbnails. We would like to thank Simon Scannell and Robin Peraglie of RIPS Technologies for their report and responsible disclosure. The issue has been assigned CVE-2018-19274.

The fixed issues include, among others, compatibility issues with PHP 7.2 and issues with removing users from the newly registered user group more than once.
Among the notable changes are the addition of the list-unsubscribe header to emails sent by phpBB and the ability to reset your password without entering the username.

The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at https://wiki.phpbb.com/Release_Highlights/3.2.4 and a list of all issues fixed on our tracker at https://tracker.phpbb.com/issues/?filter=14790

The packages can be downloaded from our downloads page.

We recommend following these update instructions for updating your instance of phpBB.

The development team thanks everyone who contributed code to this release: Jakub Senko, MikelAlejoBR, kasimi, Zoddo, v12mike, hubaishan, 3D-I, Matt Friedman, Kailey Truscott, Alec, Alex Miles, Andrii Afanasiev, Anssi Johansson, DSR!, Daniel, Dark❶, David Colón, Ioannis Batas, Jim Mossing Holsteyn, Serge Skripchuk, Toxyy, rxu

If you have any questions or comments, we'll be happy to address them in the discussion topic.

- The phpBB Team

Read more...

Posted November 16, 2018 | 11:58 am

phpBB 3.2.3 Release

Greetings everyone,

We are pleased to announce the release of phpBB 3.2.3 "Bertie's long summer". This version is a maintenance release of the 3.2.x branch which fixes various issues reported in previous versions.

The fixed issues include, among others, problems when submitting posts with more than one attachment, migrations failing when updating from versions prior to phpBB 3.2.2 and PHP warnings being displayed when editing signatures in the ACP.

Notable changes are the dropped support for HHVM (HipHop Virtual Machine) and more prominent links to privacy policy and the terms of use.

The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at https://wiki.phpbb.com/Release_Highlights/3.2.3 and a list of all issues fixed on our tracker at https://tracker.phpbb.com/issues/?filter=14490

The packages can be downloaded from our downloads page.

The development team thanks everyone who contributed code to this release: rxu, hubaishan, JoshyPHP, Rubén Calvo, Akbar, Anssi Johansson, Daniel Mota, Daniel Sinn, FH, GerB, Zoddo, canonknipser, scootergrisen

If you have any questions or comments, we'll be happy to address them in the discussion topic.

- The phpBB Team

Read more...

Posted September 13, 2018 | 4:52 am

Support for phpBB 3.1.x has ended

As per the previous announcement, support for phpBB 3.1.x has now ended.

The support forums have been locked, but are still available in a read-only form for reference in the phpBB Archives section of this board. All download links for phpBB 3.1.x will be removed shortly. If you still need those packages, you will be able to obtain them from SourceForge or download.phpbb.com.

While support for 3.1.x will not be available, support for converting to 3.2.x will still be available.

For those who receive support from an international support site, they will dictate their own support schedules and you should seek information from them.

Read more...

Posted July 1, 2018 | 11:54 am

Google Summer of Code 2018 Student Application Deadline

GSoC.png

Hi all,

We're super excited to be participating in the Google Summer of Code program for the fifth time. The GSoC program gives students a unique opportunity to work with mentors from established open source projects over the summer months. We had a great time taking part in 2017, 2014, 2013, and 2012.

The student application deadline is coming up fast, but you still have two more days to submit or finalize a proposal! We're actively standing by to assist anyone having trouble, so please reach out to our team. The best way to do that is via IRC.

A list of suggested ideas can be found here: https://www.phpbb.com/development/gsoc/ideas/

Thanks!

The phpBB Team

Read more...

Posted March 25, 2018 | 1:56 pm

[Security] phpBB 3.2.2 Packages Compromised

Earlier today, we identified that the download URLs for two phpBB packages available on phpBB.com were redirecting to a server that did not belong to us. We immediately took down the links and launched an investigation.

The point of entry was a third-party site. Neither phpBB.com nor the phpBB software were exploited in this attack.

If you downloaded either the 3.2.2 full package or the 3.2.1 -> 3.2.2 automatic updater package between the hours of 12:02 PM UTC and 15:03 PM UTC on January 26th, you received an archive modified with a malicious payload.

During the course of our investigation, we were able to take steps that should render the malicious code completely inoperable. However, in the unlikely event that multiple versions of the packages exist or that something was missed, we are choosing to leave nothing to chance.

As the packages were live for only three hours, we believe that a very small number of users are affected. We therefore ask that you perform the following steps so that we may render personalized assistance:
  1. If you believe that you have a malicious package, please email it to security@phpbb.com so that we can check it against the version we obtained. We will likewise let you know if it is affected. You may also use the SHA256 checksum found on the downloads page to verify its validity. Do not use the potentially affected package.
  2. If you have already used the package to install or update a phpBB forum, please file an incident report on our tracker and we will assist with removal of the malicious code.
  3. The downloads currently available on the downloads page are safe. If you have any doubts whatsoever, download a fresh copy.

Our investigation is ongoing and we will provide additional information as it becomes available.


Thank you,

The phpBB Team

-----

You may discuss this announcement in it discussion topic.

Read more...

Posted January 26, 2018 | 6:57 pm

Server Maintenance

Hello,

On Tuesday January 23rd from 8:00 PM (UTC) until 12:00 AM (UTC) our hosting provider, OSUOSL, will be performing some maintenance on the infrastructure that powers www.phpbb.com.

This downtime applies to our various sites, including, but not limited to:
https://www.phpbb.com
https://area51.phpbb.com

This downtime will not affect any other installation of the phpBB software other than www.phpbb.com. However, the version check in your administration control panel might give a temporary error message.

Many thanks,

The phpBB Team

Read more...

Posted January 21, 2018 | 3:02 am

phpBB 3.2.2 Release - Please Update

Greetings everyone,

We are pleased to announce the release of phpBB 3.2.2 "Bertie’s New Year Resolution". This version is a maintenance & security release of the 3.2.x branch which fixes one security issue, adds one minor feature addition, as well as fixing various issues reported in previous versions.

Previous versions did not limit the allowed schemes for URLs in profile fields and therefore allowed users to also specify URLs with the javascript scheme. This is now forbidden. As always, please keep in mind that external URLs can potentially be unsafe. Therefore it is recommended to not click on any URLs that might look suspicious to you. We would like to thank “aaaimg” for the disclosure of this issue to our development team.

As a minor feature addition, phpBB now also supports Memcached caching.
The fixed issues include, among others, problems when updating from phpBB versions 3.0.5 and older, incorrect image size being detected for uploaded files, blurry forum & topic icons in some browsers, and problems with deleting orphaned attachments when a high number of orphaned attachments is present.

We’d also like to note that due to changes in our dependency the minimum expected PHP version is now PHP 5.4.7. PHP versions between 5.4.0 and 5.4.6 will most likely continue to work but can cause unexpected side effects. If you are affected by this you should upgrade to a newer, secure version of PHP.
In addition to that, PHP 7.2 is now supported by phpBB 3.2. Please ensure that your extensions are compatible before upgrading.

The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at https://wiki.phpbb.com/Release_Highlights/3.2.2 and a list of all issues fixed on our tracker at https://tracker.phpbb.com/issues/?filter=14391

The packages can be downloaded from our downloads page.

The development team thanks everyone who contributed code to this release: kasimi, Rubń Calvo, rxu, JoshyPHP, hubaishan, javiexin, Jakub Senko, David Colón, Sophist, Daniel Sinn, Soeren D. Schulze, Jagoba Los Arcos, Kailey Truscott, Crizzo, Daniel Mota, Jim Mossing Holsteyn, Julien Tant, Serge Skripchuk, abyssmedia, ftc2, kitsiosk, v12mike, vinny

If you have any questions or comments, we'll be happy to address them in the discussion topic.

- The phpBB Team

Read more...

Posted January 7, 2018 | 8:55 am

phpBB 3.1.12 Release - Please Update

Greetings everyone,

We are pleased to announce the release of phpBB 3.1.12 "Bertie’s look back at Mars". This version is a security release of the 3.1.x branch which fixes one security issue and also adds one minor feature addition, as well as fixing various issues reported in previous versions.

Previous versions did not limit the allowed schemes for URLs in profile fields and therefore allowed users to also specify URLs with the javascript scheme. This is now forbidden. As always, please keep in mind that external URLs can potentially be unsafe. Therefore it is recommended to not click on any URLs that might look suspicious to you. We would like to thank “aaaimg” for the disclosure of this issue to our development team.

As a minor feature addition, phpBB now also supports Memcached caching. This was merged before the EoM (End of Maintenance) and is therefore also part of this package.

Since the End of Life (EOL) date of the phpBB 3.1 branch has been passed, this also marks the last release in the phpBB 3.1 line. It will not continue to receive any maintenance or security updates.

The fixed issues include, among others, issues with updating older password hashes on PostgreSQL, an issue when using the Sphinx search backend, and with one migration during upgrades.

The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at https://wiki.phpbb.com/Release_Highlights/3.1.12 and a list of all issues fixed on our tracker at https://tracker.phpbb.com/issues/?filter=14392

The packages can be downloaded from our downloads page.

The development team thanks everyone who contributed code to this release: abyssmedia

If you have any questions or comments, we'll be happy to address them in the discussion topic.

- The phpBB Team

Read more...

Posted January 7, 2018 | 8:53 am

Server Maintenance: Multiple days

Hello,

Our hosting provider, OSUOSL, will be performing some maintenance on the infrastructure that powers www.phpbb.com.

During the following timeframes our sites might be temporarily unavailable:

December 12:
9:00AM - 11:00 AM PST (1700 - 1900 UTC)
December 13:
9:00AM - 11:00 AM PST (1700 - 1900 UTC)
December 14:
9:00AM - 11:00 AM PST (1700 - 1900 UTC)
December 15:
9:00AM - 11:00 AM PST (1700 - 1900 UTC)
December 19:
9:00AM - 11:00 AM PST (1700 - 1900 UTC)

This downtime applies to our various sites, including, but not limited to:
https://www.phpbb.com
https://area51.phpbb.com

This downtime will not affect any other installation of the phpBB software other than www.phpbb.com. However, the version check in your administration control panel might give a temporary error message.

Many thanks,

The phpBB Team

Read more...

Posted December 7, 2017 | 3:41 am

Reintroducing phpBB Ideas

Greetings everyone,

We’re really glad to announce that phpBB Ideas is back. The new ideas center is an extension with a greatly improved UI, making suggesting, discussing, and voting on features a pleasant experience.

Head on over and share your ideas!

If you have any thoughts, tell us in the discussion topic.

- The phpBB Team

Read more...

Posted September 8, 2017 | 8:27 am
About | Contact | FAQ | Privacy Policy | Terms of Use

© 2006-2018 ├╝berbytes LLC