phpBB 3.1.3 Release - Please Update

Read me first before posting anywhere!
Subscribe to the feed, available in Image Atom or Image RSS format.
Anti-Spam Guide
Post Reply
User avatar
naderman
Consultant
Consultant
Posts: 3754
Joined: Fri Aug 01, 2003 10:06 pm
Location: Berlin, Germany
Name: Nils Adermann
Contact:

phpBB 3.1.3 Release - Please Update

Post by naderman »

Greetings all,

We are pleased to announce the release of phpBB 3.1.3 "The Bertie Strikes Back". This version is a maintenance and security release of the 3.1.x branch which fixes one security issue, a number of bugs, and adds new events as entry points for extensions to modify phpBB's behaviour.

In 3.1.x we no longer consider it acceptable for administrators to have system access through the administration control panel. It was previously possible for an administrator on a forum to use the ImageMagick binary path setting to execute code on the server.

The full changelog is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at https://wiki.phpbb.com/Release_Highlights/3.1.3 and a list of all issues fixed on our tracker at https://tracker.phpbb.com/issues/?filter=12793

The packages can be downloaded from our downloads page.

The development team thanks everyone who contributed code to this release: brunoais, Jakub Senko, rxu, MasterShredder, Matt Friedman, Oliver Schramm, omniError, Kailey Truscott, PayBas, Crizzo, Gaëtan Muller, Prosk8er, Tobi Schäfer, Wolfsblvt, kochi, lavigor, n-aleha

If you have any questions or comments, we'll be happy to address them in the discussion topic.

- The phpBB Team



Release Highlights

Security and Hardening
  • Hardening of imagick path - Existence of the path to the imagick program specified in the Administration Control Panel is now verified.
New Features
  • Events - More events have been added to the template and the php core
  • Support for IDN (IRI) Urls - Urls in BBCodes, posts and profile fields can now contain UTF8 characters
  • Migrations can now use DI - Migrations can now use the container to access additional objects
Notable Bug Fixes
  • Canonical URLs sort parameters removed - In order to produce less duplicate pages, the sort parameters have been removed from the canonical URLs
  • Multiple bugs while updating - Quite some bugs in the database update scripts have been fixed
  • Boolean profile fields on PostgreSQL - Boolean profile fields can now be created again
  • UTF8 characters in attachment names - Attachments with UTF8 characters in their file name can now be uploaded again
I appreciate gifts from my Amazon wishlist.
naderman.de twitter: @naderman
Post Reply

Return to “Announcements”