We are pleased to announce the release of phpBB 3.1.7-PL1 "The Bertie Awakens". This version is a maintenance and security release of the 3.1.x branch which fixes various smaller bugs including periodic failures with sqlite3 databases, improper handling of avatar gallery subfolder paths, and "Select All" functionality on the Edge browser in the code BBCode.
We identified a bug and a security issue in 3.1.7 prior to publically announcing the release. Thanks to landaire for reporting the security issue. Thus this release is called 3.1.7-PL1 (patch level 1) and includes a corrected database migration as well as proper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack would only have been possible if an attacker also managed to retrieve the session id of a reauthenticated administrator prior to targeting them.
The full changelog is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at https://wiki.phpbb.com/Release_Highlights/3.1.7
and a list of all issues fixed on our tracker at https://tracker.phpbb.com/issues/?filter=13594
The packages can be downloaded from our downloads page.
The development team thanks everyone who contributed code to this release: Zoddo, rxu, Richard McGirr, Jakub Senko, Wardormeur, Matt Friedman, javiexin, RMcGirr83, Kailey Truscott, Paul Sohier, DavidIQ, kasimi, CarstenF, HB, Lady_G, Max Pen, Oyabun1, Sumanai, Tobi Schäfer, cyberalien, lavigor
If you have any questions or comments, we'll be happy to address them in the discussion topic
- The phpBB Team