phpBB 3.0.2 released

Read me first before posting anywhere!
Subscribe to the feed, available in Image Atom or Image RSS format.
Get Involved
Post Reply
Acyd Burn
Posts: 5830
Joined: Wed Dec 05, 2001 8:31 pm
Location: Behind You
Name: Meik Sievertsen

phpBB 3.0.2 released

Post by Acyd Burn »


We are very pleased to announce the availability of the phpBB 3.0.2 package. This version has seen numerous stability fixes, performance tweaks and general bugs fixed. Additionally one minor security-related bug was fixed.

With this release, we also re-introduced the code changes tutorial. Due to the different codebase in phpBB3, these are a lot bigger and a lot more complicated than they ever were in phpBB2 - also the reason why we introduced the automatic update package and automatic updater in phpBB, which is able to handle modded boards too by merging differences. We do not recommend the use of the code changes tutorial - those are meant for professional users and support teams to help assist users having problems while updating.

Please note that we urge you to update. The versions we currently support here are phpBB 2.0.23 and phpBB 3.0.2.

Important changes since 3.0.1:
  • [Fix] Ability to set permissions on non-mysql dbms (Bug #24955)
  • [Fix] Fixed blank style on setups having no username defined within config.php (Bug #25065)
  • [Fix] Made the compress_tar class tolerate archives that do not properly have their archived contents listed (Bug #14429 / thanks to JRSweets for his patch)
  • [Fix] Moved topics should not count towards the number of topics in a forum (Bug #14648 / thanks to Schumi for his patch)
  • [Fix] Properly check for invalid characters in MySQL DB prefixes during install (Bug #18775)
  • [Fix] Bring the PostgreSQL backup system back to working order (Bug #22385)
  • [Fix] Update correct theme for cached styles in style.php (Bug #25805)
  • [Fix] Correctly determine safe mode for temp file creation in functions_upload.php (Bug #23525)
  • [Fix] Correctly sort by rank in memberlist (Bug #24435)
  • [Fix] Purge cache after database restore (Bug #24245)
  • [Fix] Correctly display subforum read/unread icons from RTL in FF3, Konqueror and Safari3+. (thanks arod-1 for the fix, related to Bug #14830)
  • [Fix] Added missing form token in acp (thanks NBBN).
  • [Fix] Do not remove whitespace in front of url containing the boards url and no relative path appended (Bug #27355)
  • [Fix] reset forum notifications in viewtopic (Bug #28025)
  • [Fix] corrected link for searching post author's other posts (Bug #26455)
  • [Fix] HTTP Authentication supports UTF-8 usernames now (Bug #21135)
  • [Fix] Topic searches by author no longer return invalid results (Bug #11777)
  • [Fix] Delete drafts and bookmarks when deleting an user. (#27585, thanks Schumi for the fix)
  • [Fix] Set last_post_subject for new topics. (#23945)
  • [Fix] Allow moving posts to invisible forums. (#27325)
  • [Fix] Don't allow promoting unapproved group members (#16124)
  • [Fix] Correctly fetch server name if using non-standard port (#27395)
  • [Fix] Regular expression for email matching in posts will no longer die on long words.
  • [Fix] Do not display ban message if direct call to cron. (thanks Dog Cow for reporting)
  • [Fix] Correctly display double-colon on special conditions within highlighted php source (Bug #26795)
  • [Fix] Increase storage capacity of titles/subjects due to specialchared content (Bug #25235)
  • [Fix] Catch invalid username wildcard ban (we do not support these) (Bug #29305)
  • [Fix] Fix (email)-domain checks for those having DNS prefixes set (Bug #29635)
  • [Change] Adjust truncate_string() to be able to adjust the maximum storage length.
  • [Change] Sort the tables at the database table backup screen
  • [Change] For determining the maximum number of private messages in one box, use the biggest value from all groups the user is a member of (Bug #24665)
  • [Change] Show email ban reason on registration. Additionally allow custom errors properly returned if using validate_data(). (Bug #26885)
  • [Change] Don't allow redirects to different domains. (thanks nookieman)
  • [Feature] Added optional referer validation of POST requests as additional CSRF protection.
  • [Feature] Added optional stricter upload validation to avoid mime sniffing in addition to the safeguards provided by file.php. (thanks to Nicolas Grekas for compiling the list).
  • [Feature] Streamlined banning via the MCP by adding a ban link to the user profile. Also pre-fills ban fields as far as possible.
  • [Feature] Added ACP logout to reset an admin session.
  • [Sec] Only allow urls gone through redirect() being used within login_box(). (thanks nookieman)
Please refer to the changelog for a complete list of fixes since 3.0.1: ... &version=3

A short explanation of how to do a conversion, installation or update is included within the provided INSTALL.html file, please be sure to read it.

Minimum Requirements

phpBB3 has a few requirements which must be met before you are able to install and use it.
  • A webserver or web hosting account running on any major Operating System with support for PHP
  • A SQL database system, one of:
    • MySQL 3.23 or above (MySQLi supported)
    • PostgreSQL 7.3+
    • SQLite 2.8.2+
    • Firebird 2.0+
    • MS SQL Server 2000 or above (directly or via ODBC)
    • Oracle
  • PHP 4.3.3+ (>=4.3.3, >4.4.x, >5.x.x, >6.0-dev (compatible)) with support for the database you intend to use.
  • getimagesize() function need to be enabled
  • These optional presence of the following modules within PHP will provide access to additional features, but they are not required.
    • zlib Compression support
    • Remote FTP support
    • XML support
    • Imagemagick support
    • GD Support
The presence of each of these optional modules will be checked during the installation process.


Security issues found should be reported to our security tracker in the usual way.

Available packages

If you experience problems with the automatic update (white screens, timeouts, etc.) we recommend using the "changed files only" or "patch" method for updating. We do not recommend the use of the code changes tutorial - this is meant for professional users and support teams to help assist users having problems while updating.

You can of course find this download available on our downloads page. As per usual five packages are available to simplify your update.
  • Full Package
    Contains entire phpBB3 source and english language files.
  • Changed Files Only
    Contains only those files changed from previous versions of phpBB3. Please note this archive contains changed files for each previous release.
  • Patch Files
    Contains patch compatible patches from previous versions of phpBB3.
  • Automatic Update Package
    Update package for the automatic updater, containing the changes from previous release to this release. Able to update modified installations without loosing these.
  • Code Changes
    Contains the changes from previous release to this release in MOD template and MODX format.
Select whichever package is most suitable for you.

Please ensure you read the INSTALL and README documents in docs/ before proceeding with installation, updates or conversions!.

Have fun with the release,
the phpBB Team
Acyd Burn
Posts: 5830
Joined: Wed Dec 05, 2001 8:31 pm
Location: Behind You
Name: Meik Sievertsen

Re: phpBB 3.0.2 released

Post by Acyd Burn »

Discussions about the 3.0.2 release should take place within this topic.

Please use the support forum for support questions.
Security Consultant
Posts: 2141
Joined: Thu Dec 25, 2003 1:33 am
Location: United Kingdom

Re: phpBB 3.0.2 released

Post by NeoThermic »


After investigation, it is apparent that the code changes package is missing several key changes. While we investigate further, the package has been temporarily removed and we ask that you use alternative packages for the time being. Details will be posted shortly with the revised packages.

Acyd Burn
Posts: 5830
Joined: Wed Dec 05, 2001 8:31 pm
Location: Behind You
Name: Meik Sievertsen

Re: phpBB 3.0.2 released

Post by Acyd Burn »

The revised packages were uploaded 3 hours after the message by NeoThermic.

The code changes luckily only had one line missing for a change within includes/functions_user.php - details are listed within this topic.

A small side note - if you apply the changes for functions_user.php, have a close look at the line numbers, else you may end in modifying the wrong section of the code.

Thank you, and sorry for the inconvenience,
Post Reply

Return to “Announcements”