Hi, 3.2.8 appears to have addressed some serious security issues CVE-2019-16107 and CVE-2019-13376.
We will upgrade (from 3.2.3) ASAP but will take quite some time due to our extensive customizations (because some requested changes could not be done just by adding hooks but that's another topic).
In the mean time, is there some sort of "hotfix" that can be quickly applied to fix these security issues?
I compared codes and found something about 'add_form_key' added to includes/functions.php .
But not sure if that's all. So would really appreciate if someone can help!
We don't give out patches for security issues as these might not apply correctly depending on which version one is updating from and changes between releases themselves (e.g. RC1 to final). You can try to compare the versions on our github repository (e.g. https://github.com/phpbb/phpbb/compare/ ... ease-3.2.8) to apply these manually but we'd rather recommend using the released packages.