phpBB 3.3.2 Release - Please Update

Read me first before posting anywhere!
Subscribe to the feed, available in Image Atom or Image RSS format.
Get Involved
User avatar
Marc
Development Team Leader
Development Team Leader
Posts: 5724
Joined: Tue Oct 30, 2007 10:57 pm
Location: Munich, Germany
Name: Marc

phpBB 3.3.2 Release - Please Update

Post by Marc »

Greetings everyone,

We are pleased to announce the release of phpBB 3.3.2 "From Bertie with Love". This version is a maintenance and security release of the 3.3.x branch which fixes one security issue, introduces further hardening, and resolves various issues reported in previous versions.

Previous versions of phpBB starting with 3.2.0 adjusted the way formatting was removed in the strip BBCode function. If this function was used in extensions it could potentially lead to HTML entities being decoded and encoded unexpectedly and therefore result in reflected XSS. We’d like to thank n0bodysec for responsibly disclosing this to us.

Further hardening has been introduced to the ACP configuration settings for the Jabber functionality. The page will no longer output the communication content while adjusting settings. We’d like to thank Cory Billington for reporting this issue to us via HackerOne.

The fixed issues include, among others, a circular dependency when cron tasks depend on the controller helper, issues with drop-down menus, inconsistent margins when using zoom inside a browser, and an error while generating backups on PostgreSQL 12+.
In addition to that, permissions will now follow a more natural ordering in the ACP and the maximum allowed attachment file size will be displayed to users.

The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at https://wiki.phpbb.com/Release_Highlights/3.3.2 and a list of all issues fixed on our tracker at https://tracker.phpbb.com/issues/?filter=15390

The packages can be downloaded from our downloads page.

The development team thanks everyone who contributed code to this release: rxu, William Desportes, Christian Schnegelberger, JoshyPHP, Matt Friedman, 3D-I, Jakub Senko, kasimi, Alfredo Ramos, MichaIng, Noxwizard, ansavin, juanse254

If you have any questions or comments, we'll be happy to address them in the discussion topic.

- The phpBB Team



Release Highlights

Improvements
  • Display maximum allowed attachment filesize PHPBB3-15300
  • Sort permissions for more natural ordering PHPBB3-16430
  • Split new topics/new posts notifications for forum subscriptions PHPBB3-16544
  • Add notifications on reporting PM, on closing PM report, on closing post report PHPBB3-16208
Notable Bug Fixes
  • Database backup generates a general error with PostgreSQL 12+ PHPBB3-16525
  • Circular dependencies when cron task depends on controller.helper PHPBB3-16565
  • Problem with drop-down menu PHPBB3-16568
  • Massive margin between posts when zoomed out in browser PHPBB3-16569
  • Reset button in create search index not working PHPBB3-16583
  • Undefined properties in create_search_index install task PHPBB3-16593
Security Issue
  • Invalid conversion of HTML entities when stripping BBCode
Hardening
  • Reduce verbosity of jabber output in ACP

Return to “Announcements”