phpBB 3.1.7-PL1 Release

Read me first before posting anywhere!
Subscribe to the feed, available in Image Atom or Image RSS format.
Scam Warning
Post Reply
User avatar
Posts: 3735
Joined: Fri Aug 01, 2003 10:06 pm
Location: Berlin, Germany
Name: Nils Adermann

phpBB 3.1.7-PL1 Release

Post by naderman »

Greetings all,

We are pleased to announce the release of phpBB 3.1.7-PL1 "The Bertie Awakens". This version is a maintenance and security release of the 3.1.x branch which fixes various smaller bugs including periodic failures with sqlite3 databases, improper handling of avatar gallery subfolder paths, and "Select All" functionality on the Edge browser in the code BBCode.

We identified a bug and a security issue in 3.1.7 prior to publically announcing the release. Thanks to landaire for reporting the security issue. Thus this release is called 3.1.7-PL1 (patch level 1) and includes a corrected database migration as well as proper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack would only have been possible if an attacker also managed to retrieve the session id of a reauthenticated administrator prior to targeting them.

The full changelog is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at and a list of all issues fixed on our tracker at

The packages can be downloaded from our downloads page.

The development team thanks everyone who contributed code to this release: Zoddo, rxu, Richard McGirr, Jakub Senko, Wardormeur, Matt Friedman, javiexin, RMcGirr83, Kailey Truscott, Paul Sohier, DavidIQ, kasimi, CarstenF, HB, Lady_G, Max Pen, Oyabun1, Sumanai, Tobi Schäfer, cyberalien, lavigor

If you have any questions or comments, we'll be happy to address them in the discussion topic.

- The phpBB Team
I appreciate gifts from my Amazon wishlist. twitter: @naderman
Post Reply

Return to “Announcements”