Yes, if you use the file replacement method.halil16 wrote: Tue Oct 31, 2023 4:02 am Isn't something like "Database update only..." normal? We've already changed the files, doesn't it say that because what's left is the database? I was always seeing him.
This isn't what you describe in the followingSniper_E wrote: Tue Oct 31, 2023 10:10 pm Since phpbb moved from mods to extensions I have used the 'Advanced Update' method. I would recommend this method to everyone.
This sounds as though you're using the Changed Files package rather than the Advanced Update method.Sniper_E wrote: Tue Oct 31, 2023 10:10 pm None of my core files are modified so after uploading the downloaded updated core files then the database is updated and done.
Then for the styles I download the updated prosilver and replaced all the files, unmodified also.
And on any custom styles I have, like mine, I manually edited the style changes listed for the new version.
You did mention:Sniper_E wrote: Tue Oct 31, 2023 11:47 pm ...
This is exactly what I described in my post above. How could you possibly get confused on what I posted?
Which implies that the Changed Files package is all you need.
You should be careful recommending the advanced update to everyone. Not everybody has the same skills as you and there is only limited support for modified boards as phpBB no longer supports modifications.Sniper_E wrote: Tue Oct 31, 2023 10:10 pmI have used the 'Advanced Update' method. I would recommend this method to everyone.
Advanced Update wrote: Warning: The advanced update is for expert users that have made custom edits to core files. If you have a standard installation of phpBB that only includes downloaded extensions or styles this update package is not applicable to you and SHOULD NOT be used.
Code: Select all
Found 1 security vulnerability advisory affecting 1 package:
+-------------------+----------------------------------------------------------------------------------+
| Package | symfony/http-kernel |
| CVE | CVE-2022-24894 |
| Title | CVE-2022-24894: Prevent storing cookie headers in HttpCache |
| URL | https://symfony.com/cve-2022-24894 |
| Affected versions | >=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.4.0|>=2.4.0,<2.5.0|>=2.5 |
| | .0,<2.6.0|>=2.6.0,<2.7.0|>=2.7.0,<2.8.0|>=2.8.0,<3.0.0|>=3.0.0,<3.1.0|>=3.1.0,<3 |
| | .2.0|>=3.2.0,<3.3.0|>=3.3.0,<3.4.0|>=3.4.0,<4.0.0|>=4.0.0,<4.1.0|>=4.1.0,<4.2.0| |
| | >=4.2.0,<4.3.0|>=4.3.0,<4.4.0|>=4.4.0,<4.4.50|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5. |
| | 2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.20|>=6.0.0,<6.0.20|>=6.1.0,<6.1.12|>=6.2. |
| | 0,<6.2.6 |
| Reported at | 2023-02-01T08:00:00+00:00 |
+-------------------+----------------------------------------------------------------------------------+
Found 3 abandoned packages:
+---------------------------------+---------------------------------+
| Abandoned Package | Suggested Replacement |
+---------------------------------+---------------------------------+
| symfony/debug | symfony/error-handler |
| zendframework/zend-code | laminas/laminas-code |
| zendframework/zend-eventmanager | laminas/laminas-eventmanager |
+---------------------------------+---------------------------------+
phpBB does not use the code that is affected by this issue and hence is also not affected by the mentioned issue. The target version for the next major release of phpBB will be Symfony 6.4.calvi wrote: Sat Nov 04, 2023 2:52 pm After doing to upgrade from 3.3.10 to 3.3.11, I ran "composer audit" with the following result:That security vulnerability is fixed in symfony/http-kernel 4.4, but I couldn't get the forum to work after updating all symfony components to 4.4. Is a fix for this in hand?Code: Select all
Found 1 security vulnerability advisory affecting 1 package: +-------------------+----------------------------------------------------------------------------------+ | Package | symfony/http-kernel | | CVE | CVE-2022-24894 | | Title | CVE-2022-24894: Prevent storing cookie headers in HttpCache | | URL | https://symfony.com/cve-2022-24894 | | Affected versions | >=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.4.0|>=2.4.0,<2.5.0|>=2.5 | | | .0,<2.6.0|>=2.6.0,<2.7.0|>=2.7.0,<2.8.0|>=2.8.0,<3.0.0|>=3.0.0,<3.1.0|>=3.1.0,<3 | | | .2.0|>=3.2.0,<3.3.0|>=3.3.0,<3.4.0|>=3.4.0,<4.0.0|>=4.0.0,<4.1.0|>=4.1.0,<4.2.0| | | | >=4.2.0,<4.3.0|>=4.3.0,<4.4.0|>=4.4.0,<4.4.50|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5. | | | 2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.20|>=6.0.0,<6.0.20|>=6.1.0,<6.1.12|>=6.2. | | | 0,<6.2.6 | | Reported at | 2023-02-01T08:00:00+00:00 | +-------------------+----------------------------------------------------------------------------------+ Found 3 abandoned packages: +---------------------------------+---------------------------------+ | Abandoned Package | Suggested Replacement | +---------------------------------+---------------------------------+ | symfony/debug | symfony/error-handler | | zendframework/zend-code | laminas/laminas-code | | zendframework/zend-eventmanager | laminas/laminas-eventmanager | +---------------------------------+---------------------------------+