We are pleased to announce the release of phpBB 3.2.10 "Bertie’s look back at Rhea". This version is a maintenance and security release of the 3.2.x branch which fixes one security issue, introduces further hardening, and resolves various issues reported in previous versions.
Previous versions of phpBB did allow limiting the dimensions of images posted. This could however also be used to e.g. check for the existence of services that should only be accessible from the internal network. We would like to thank FVD for reporting this issue to us via HackerOne. The issue has been assigned CVE-2020-8226.
The fixed issues include, among others, issues with using Emojis in multiple text fields, the inability to delete or mark PMs read in the UCP folder view, and a slow search on PostgreSQL. In addition to that, new and improved enable and disable mechanisms for newer profile field types have also been integrated. We would like to dedicate this addition to javiexin.
We have decided to extend the timeframe board admins have to upgrade to phpBB 3.3. This means that today is the End of Maintenance date for the 3.2 branch and we will provide an additional 3 months of security updates for phpBB 3.2, setting the End of Life date to November 7th, 2020.
We recommend everyone to upgrade to phpBB 3.3 as soon as possible. To assist this, phpBB 3.2 will now inform users about the PHP requirements in phpBB 3.3.
The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at https://wiki.phpbb.com/Release_Highlights/3.2.10 and a list of all issues fixed on our tracker at https://tracker.phpbb.com/issues/?filter=15202
The packages can be downloaded from our downloads page.
The development team thanks everyone who contributed code to this release: 3D-I, kasimi, Dark❶, rxu, KYPREO, javiexin, ansavin, Alfredo Ramos, Kidounet, MichaIng, ioannisbat, phpBB España
If you have any questions or comments, we'll be happy to address them in the discussion topic.
- The phpBB Team
- Enable/disable mechanism for new profilefield types - Added new enable & disable mechanism for profile field types PHPBB3-13867
- Inform about future PHP requirements - Inform users of phpBB 3.2. about PHP requirements in phpBB 3.3 PHPBB3-16328
- Slow search on PostgreSQL - Full text search on PostgreSQL was very slow due to accidentally disabled index PHPBB3-15395
- Mark PMs in UCP - Unable to delete or mark PMs in UCP folder view PHPBB3-16296
- Emoji isues - Issues with using emojis in multiple text fields PHPBB3-16399 PHPBB3-15712 PHPBB3-16480 PHPBB3-16485