We are pleased to announce the release of phpBB 3.1.7-PL1 "The Bertie Awakens". This version is a maintenance and security release of the 3.1.x branch which fixes various smaller bugs including periodic failures with sqlite3 databases, improper handling of avatar gallery subfolder paths, and "Select All" functionality on the Edge browser in the code BBCode.
We identified a bug and a security issue in 3.1.7 prior to publically announcing the release. Thanks to landaire for reporting the security issue. Thus this release is called 3.1.7-PL1 (patch level 1) and includes a corrected database migration as well as proper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack would only have been possible if an attacker also managed to retrieve the session id of a reauthenticated administrator prior to targeting them.
The full changelog is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at https://wiki.phpbb.com/Release_Highlights/3.1.7 and a list of all issues fixed on our tracker at https://tracker.phpbb.com/issues/?filter=13594
The packages can be downloaded from our downloads page.
The development team thanks everyone who contributed code to this release: Zoddo, rxu, Richard McGirr, Jakub Senko, Wardormeur, Matt Friedman, javiexin, RMcGirr83, Kailey Truscott, Paul Sohier, DavidIQ, kasimi, CarstenF, HB, Lady_G, Max Pen, Oyabun1, Sumanai, Tobi Schäfer, cyberalien, lavigor
If you have any questions or comments, we'll be happy to address them in the discussion topic.
- The phpBB Team
Release Highlights
New Features
- Add "mark topics read" link to "View unread posts"
- Function submit_post() now takes non-default post_time into account
- Added row highlighting to extensions and style management
- Pages served from app.php can now disable update of session page
- PHP 7.0 support is now properly stated in package
- Avatar gallery subfolder paths are correctly handled now
- Handle periodic failure of sqlite3
- Properly handle "Select All" in code BBCode in Edge Browser