phpBB • Free and Open Source Forum Software

RSS Facebook Twitter
Menu

hotfix for security issues addressed in 3.2.8?

Get help with installation and running phpBB 3.2.x here. Please do not post bug reports, feature requests, or extension related questions here.
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations
Post Reply
curiouly
Registered User
Posts: 3
Joined: Sun Sep 22, 2019 11:55 pm

hotfix for security issues addressed in 3.2.8?

Post by curiouly »

Hi, 3.2.8 appears to have addressed some serious security issues CVE-2019-16107 and CVE-2019-13376.

We will upgrade (from 3.2.3) ASAP but will take quite some time due to our extensive customizations (because some requested changes could not be done just by adding hooks but that's another topic).

In the mean time, is there some sort of "hotfix" that can be quickly applied to fix these security issues?

I compared codes and found something about 'add_form_key' added to includes/functions.php .

But not sure if that's all. So would really appreciate if someone can help!

Thanks,
Top
User avatar
Marc
Development Team Leader
Development Team Leader
Posts: 5657
Joined: Tue Oct 30, 2007 10:57 pm
Location: Munich, Germany
Name: Marc
Contact:
Contact Marc

Re: hotfix for security issues addressed in 3.2.8?

Post by Marc »

We don't give out patches for security issues as these might not apply correctly depending on which version one is updating from and changes between releases themselves (e.g. RC1 to final). You can try to compare the versions on our github repository (e.g. https://github.com/phpbb/phpbb/compare/ ... ease-3.2.8) to apply these manually but we'd rather recommend using the released packages.
Top
Post Reply

Return to “[3.2.x] Support Forum”