phpBB 3.0.14 and 3.1.4 Release - Please Update

Read me first before posting anywhere!
Subscribe to the feed, available in Image Atom or Image RSS format.
Scam Warning
Post Reply
User avatar
naderman
Consultant
Consultant
Posts: 3741
Joined: Fri Aug 01, 2003 10:06 pm
Location: Berlin, Germany
Name: Nils Adermann
Contact:

phpBB 3.0.14 and 3.1.4 Release - Please Update

Post by naderman »

Greetings all,

We are pleased to announce the releases of phpBB 3.0.14 "Securing the thermal exhaust port" and phpBB 3.1.4 "May the fourth be with you". These versions are maintenance and security releases of both the 3.0.x and the 3.1.x branches which fix one minor security issue and a number of bugs. The 3.1.4 release additionally adds new events that act as entry points for extensions to modify phpBB's behaviour.

Thanks to Mathias Karlsson (avlidienbrunn) for bringing the security issue to our attention. An insufficient check allowed users of the Google Chrome browser to be redirected to external domains (e.g. on login) when provided with a malicious URL from a third party. This is no longer possible in 3.0.14 and 3.1.4.

The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at https://wiki.phpbb.com/Release_Highlights/3.1.4 (3.1.4) and https://wiki.phpbb.com/Release_Highlights/3.0.14 (3.0.14) and a list of all issues fixed on our tracker at https://tracker.phpbb.com/browse/PHPBB3 ... lter=12991 (3.1.4) and https://tracker.phpbb.com/browse/PHPBB3 ... lter=13094 (3.0.14).

The latest packages can be downloaded from our downloads page (3.1.4) (3.0.14).

The development team thanks everyone who contributed code to these releases: brunoais, RMcGirr83, rxu, Jakub Senko, Wolfsblvt, cyberalien, kasimi, Dragos-Valentin Radulescu, Kailey Truscott, paulsohier, Crizzo, JoshyPHP, Kevin Roy, Matt Friedman, n-aleha, Raphaël M, Robert Heim, Scout4all, kamijoutouma

If you have any questions or comments, we'll be happy to address them in the discussion topic.

- The phpBB Team



Release Highlights phpBB 3.1.4

Security and Hardening
  • Security: An insufficient check allowed users of the Google Chrome browser to be redirected to external domains (e.g. on login). Thanks to Mathias Karlsson (avlidienbrunn) for bringing this to our attention.
  • Hardening: The HTTP protocol version received via SERVER_PROTOCOL is now verifed to have the expected format. See PHPBB3-13765.
New Features
  • Events - More events have been added to the template and the php core
Notable Bug Fixes
  • Version check of extensions - File caching of extensions' version check file doesn't work
  • Fix links from /board - Append page name to base url if it doesn't contain it and the path ends without a trailing slash


Release Highlights 3.0.14

Security and Hardening
  • Security: An insufficient check allowed users of the Google Chrome browser to be redirected to external domains (e.g. on login). Thanks to Mathias Karlsson (avlidienbrunn) for bringing this to our attention.
  • Hardening: The HTTP protocol version received via SERVER_PROTOCOL is now verifed to have the expected format. See PHPBB3-13765.
Notable Changes and Bug Fixes
  • The path to imagick is now correctly verified as an absolute path instead of a relative path. See PHPBB3-13568.
  • download/file.php no longer sends a Content-Length header when issuing "304 Not Modified". See PHPBB3-13414.
I appreciate gifts from my Amazon wishlist.
naderman.de twitter: @naderman
Post Reply

Return to “Announcements”