phpBB 3.1.2 Release - Please Update

Read me first before posting anywhere!
Subscribe to the feed, available in Image Atom or Image RSS format.
Scam Warning
Post Reply
User avatar
naderman
Consultant
Consultant
Posts: 3735
Joined: Fri Aug 01, 2003 10:06 pm
Location: Berlin, Germany
Name: Nils Adermann
Contact:

phpBB 3.1.2 Release - Please Update

Post by naderman » Tue Nov 25, 2014 2:16 pm

Today, we are publishing phpBB 3.1.2 in order to address over 30 discovered issues since the release of 3.1.0: a number of improvements as well as two minor security vulnerabilities that we identified ourselves. Please update your phpBB 3.1 installation as soon as possible.

We resolved problems with redirects to incorrect URLs following confirmation screens that we introduced with the security fix in 3.1.1. A large number of the bug fixes and improvements relate to the update process from phpBB 3.0 Olympus to 3.1 Ascraeus and we are confident that the process now works more smoothly for anyone looking to update.

Through specifically crafted requests with an XMLHttpRequest header it was possible to trigger an infinite loop in a phpBB routine which may end up consuming a large amount of resources on a server running phpBB 3.1.1. Further, once you installed an extension, its authors were able to load additional HTML in the extensions administration interface through the version check file which would only be exploitable by malicious extension authors. Independent of this particular problem we recommend you only install extensions made available in the extension database on http://www.phpbb.com as they go through a security audit by the extensions team before they are published.

The packages can be downloaded from our downloads page.

If you have any questions or comments, we'll be happy to address them in the discussion topic

- The phpBB Team
I appreciate gifts from my Amazon wishlist.
naderman.de twitter: @naderman

Post Reply

Return to “Announcements”

Who is online

Users browsing this forum: oBot and 24 guests