Greetings all,
We are pleased to announce the releases of phpBB 3.0.14 "Securing the thermal exhaust port" and phpBB 3.1.4 "May the fourth be with you". These versions are maintenance and security releases of both the 3.0.x and the 3.1.x branches which fix one minor security issue and a number of bugs. The 3.1.4 release additionally adds new events that act as entry points for extensions to modify phpBB's behaviour.
Thanks to Mathias Karlsson (avlidienbrunn) for bringing the security issue to our attention. An insufficient check allowed users of the Google Chrome browser to be redirected to external domains (e.g. on login) when provided with a malicious URL from a third party. This is no longer possible in 3.0.14 and 3.1.4.
The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at
https://wiki.phpbb.com/Release_Highlights/3.1.4 (3.1.4) and
https://wiki.phpbb.com/Release_Highlights/3.0.14 (3.0.14) and a list of all issues fixed on our tracker at
https://tracker.phpbb.com/browse/PHPBB3 ... lter=12991 (3.1.4) and
https://tracker.phpbb.com/browse/PHPBB3 ... lter=13094 (3.0.14).
The latest packages can be downloaded from our downloads page (
3.1.4) (
3.0.14).
The development team thanks everyone who contributed code to these releases: brunoais, RMcGirr83, rxu, Jakub Senko, Wolfsblvt, cyberalien, kasimi, Dragos-Valentin Radulescu, Kailey Truscott, paulsohier, Crizzo, JoshyPHP, Kevin Roy, Matt Friedman, n-aleha, Raphaël M, Robert Heim, Scout4all, kamijoutouma
If you have any questions or comments, we'll be happy to address them in the
discussion topic.
- The phpBB Team