phpBB 3.1.1 Release - Please Update

Read me first before posting anywhere!
Subscribe to the feed, available in Image Atom or Image RSS format.
Scam Warning
Post Reply
User avatar
naderman
Consultant
Consultant
Posts: 3735
Joined: Fri Aug 01, 2003 10:06 pm
Location: Berlin, Germany
Name: Nils Adermann
Contact:

phpBB 3.1.1 Release - Please Update

Post by naderman » Sat Nov 01, 2014 10:34 pm

Today, we are making available phpBB 3.1.1 in order to address a minor vulnerability as well as several usability issues that have been brought to our attention. If you installed phpBB 3.1.0, please update to 3.1.1.

Firstly, despite our best efforts and a full security audit of the 3.1 codebase by SektionEins, Dingjie Yang of Qualys, Inc. discovered an XSS vulnerability that may be utilized against users of older browsers. Our tests indicate that this does not seem to affect major browsers released after 2009, making all browsers officially supported by phpBB 3.1 immune and around 99.9% of phpBB.com visitors unaffected. Nevertheless, we are not taking any chances and urge everyone to update. Thanks to Mr. Yang for bringing this to our attention.

Secondly, we are removing the "Send a copy of this email to yourself" feature from the contact page for guests to avoid it being used for sending undesired emails from the board.

Lastly, we are fixing several usability issues that were preventing some users from having a smooth experience while updating from 3.0 to 3.1. The notable ones are:
  • If a user's selected style no longer exists, attempt to reset to an existing style.
  • Fix auth provider errors for forums that migrated from other forum software.
  • Improve and correct update instructions and documentation.
The packages can be downloaded from our downloads page.

If you have any questions or comments, we'll be happy to address them in the discussion topic

- The phpBB Team
I appreciate gifts from my Amazon wishlist.
naderman.de twitter: @naderman

Post Reply

Return to “Announcements”

Who is online

Users browsing this forum: oBot and 14 guests