We are pleased to announce the release of phpBB 3.3.1 "Bertie’s Twenty". This version is a maintenance and security release of the 3.3.x branch which fixes one security issue, introduces further hardening, and resolves various issues reported in previous versions.
Previous versions of phpBB did allow limiting the dimensions of images posted. This could however also be used to e.g. check for the existence of services that should only be accessible from the internal network. We would like to thank FVD for reporting this issue to us via hackerone. The issue has been assigned CVE-2020-8226.
The fixed issues include, among others, issues with using Emojis in multiple text fields, the inability to delete or mark PMs read in the UCP folder view, issues with resetting a password, and a slow search on PostgreSQL. The amount of emails sent for notifications related to topics have been improved and new and improved enable and disable mechanisms for newer profile field types have been integrated. We would like to dedicate this last addition to javiexin.
The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at https://wiki.phpbb.com/Release_Highlights/3.3.1
and a list of all issues fixed on our tracker at https://tracker.phpbb.com/issues/?filter=15291
The packages can be downloaded from our downloads page.
The development team thanks everyone who contributed code to this release: 3D-I, kasimi, rxu, Dark❶, KYPREO, Alfredo Ramos, JoshyPHP, javiexin, Jakub Senko, ansavin, Bob Weinand, Kidounet, MichaIng, hubaishan, ioannisbat, phpBB España
If you have any questions or comments, we'll be happy to address them in the discussion topic
- The phpBB Team