phpBB 3.2.9 Release - Please Update

Read me first before posting anywhere!
Subscribe to the feed, available in Image Atom or Image RSS format.
Get Involved
User avatar
Marc
Development Team Leader
Development Team Leader
Posts: 5705
Joined: Tue Oct 30, 2007 10:57 pm
Location: Munich, Germany
Name: Marc

phpBB 3.2.9 Release - Please Update

Post by Marc »

Greetings everyone,

We are pleased to announce the release of phpBB 3.2.9 "The Rise of Bertie". This version is a maintenance and security release of the 3.2.x branch which fixes two minor security issues, introduces further hardening, and resolves various issues reported in previous versions.

Previous versions of phpBB did not properly enforce form tokens on changing group avatars and handling pending group memberships which could have been used to trick users into carrying out unwanted actions. Both of these issues have been found as part of an internal code audit prior to the release of phpBB 3.3. The issues have been assigned CVE-2020-5501 and CVE-2020-5502 respectively.

The fixed issues include, among others, multiple issues with default Nginx and Sphinx configuration files supplied in the phpBB package as well as an issue with calculating the chunk size while using plupload. In addition to that, the fallback on invalid styles data has been improved and emoji support has been added to forum names and topic titles.

As phpBB 3.3 provides a clear update path with minimal breaking changes, phpBB 3.2 will directly enter a reduced maintenance mode during which it will only receive changes for major issues as well as any security issues. The timetable for maintenance and security fixes is as follows:
  • End of Maintenance (EOM): April 6th, 2020
  • End of Life (EOL): July 6th, 2020

The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at https://wiki.phpbb.com/Release_Highlights/3.2.9 and a list of all issues fixed on our tracker at https://tracker.phpbb.com/issues/?filter=15193

The packages can be downloaded from our downloads page.

The development team thanks everyone who contributed code to this release: 3D-I, Jakub Senko, mrgoldy, EA117, Alfredo Ramos, JoshyPHP, kasimi, rxu, DSR!, oxcom, stevendegroote, KYPREO, v12mike, Matt Friedman

If you have any questions or comments, we'll be happy to address them in the discussion topic.

- The phpBB Team



Release Highlights

Improvements
Notable Bug Fixes
  • Improper chunk size calculation during upload - Some conbinations of phpBB and PHP configurations resulted in invalid chunk sizes for plupload PHPBB3-16141
  • Issues with default config files - Resolved multiple issues with sample config files for nginx and sphinx search PHPBB3-16242 PHPBB3-16258 PHPBB3-16209

Return to “Announcements”