phpBB 3.1.7-PL1 Release

Read me first before posting anywhere!
Subscribe to the feed, available in Image Atom or Image RSS format.
Scam Warning
Post Reply
User avatar
naderman
Consultant
Consultant
Posts: 3754
Joined: Fri Aug 01, 2003 10:06 pm
Location: Berlin, Germany
Name: Nils Adermann
Contact:

phpBB 3.1.7-PL1 Release

Post by naderman »

Greetings all,

We are pleased to announce the release of phpBB 3.1.7-PL1 "The Bertie Awakens". This version is a maintenance and security release of the 3.1.x branch which fixes various smaller bugs including periodic failures with sqlite3 databases, improper handling of avatar gallery subfolder paths, and "Select All" functionality on the Edge browser in the code BBCode.

We identified a bug and a security issue in 3.1.7 prior to publically announcing the release. Thanks to landaire for reporting the security issue. Thus this release is called 3.1.7-PL1 (patch level 1) and includes a corrected database migration as well as proper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack would only have been possible if an attacker also managed to retrieve the session id of a reauthenticated administrator prior to targeting them.

The full changelog is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at https://wiki.phpbb.com/Release_Highlights/3.1.7 and a list of all issues fixed on our tracker at https://tracker.phpbb.com/issues/?filter=13594

The packages can be downloaded from our downloads page.

The development team thanks everyone who contributed code to this release: Zoddo, rxu, Richard McGirr, Jakub Senko, Wardormeur, Matt Friedman, javiexin, RMcGirr83, Kailey Truscott, Paul Sohier, DavidIQ, kasimi, CarstenF, HB, Lady_G, Max Pen, Oyabun1, Sumanai, Tobi Schäfer, cyberalien, lavigor

If you have any questions or comments, we'll be happy to address them in the discussion topic.

- The phpBB Team



Release Highlights

New Features
  • Add "mark topics read" link to "View unread posts"
  • Function submit_post() now takes non-default post_time into account
  • Added row highlighting to extensions and style management
Notable Changes
  • Pages served from app.php can now disable update of session page
  • PHP 7.0 support is now properly stated in package
Notable Bug Fixes
  • Avatar gallery subfolder paths are correctly handled now
  • Handle periodic failure of sqlite3
  • Properly handle "Select All" in code BBCode in Edge Browser
I appreciate gifts from my Amazon wishlist.
naderman.de twitter: @naderman
Post Reply

Return to “Announcements”