Subscribe: Latest phpBB.com announcements
http://www.phpbb.com/feeds/atom/
Added By: Feedage Forager Feedage Grade A rated
Language: English
Tags:
downloads page  https  issues  maintenance  package  phpbb release  phpbb team  phpbb  release  security  team  utc  version  versions 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Latest phpBB.com announcements

Latest phpBB.com announcements



This feed displays the latest announcements at phpBB.com.



Updated: 2018-04-19T10:29:55+00:00

 



Google Summer of Code 2018 Student Application Deadline

2018-03-25T20:56:54+00:00

GSoC.png

Hi all,

We're super excited to be participating in the Google Summer of Code program for the fifth time. The GSoC program gives students a unique opportunity to work with mentors from established open source projects over the summer months. We had a great time taking part in 2017, 2014, 2013, and 2012.

The student application deadline is coming up fast, but you still have two more days to submit or finalize a proposal! We're actively standing by to assist anyone having trouble, so please reach out to our team. The best way to do that is via IRC.

A list of suggested ideas can be found here: https://www.phpbb.com/development/gsoc/ideas/

Thanks!

The phpBB Team



[Security] phpBB 3.2.2 Packages Compromised

2018-01-27T02:57:52+00:00

Earlier today, we identified that the download URLs for two phpBB packages available on phpBB.com were redirecting to a server that did not belong to us. We immediately took down the links and launched an investigation.

The point of entry was a third-party site. Neither phpBB.com nor the phpBB software were exploited in this attack.

If you downloaded either the 3.2.2 full package or the 3.2.1 -> 3.2.2 automatic updater package between the hours of 12:02 PM UTC and 15:03 PM UTC on January 26th, you received an archive modified with a malicious payload.

During the course of our investigation, we were able to take steps that should render the malicious code completely inoperable. However, in the unlikely event that multiple versions of the packages exist or that something was missed, we are choosing to leave nothing to chance.

As the packages were live for only three hours, we believe that a very small number of users are affected. We therefore ask that you perform the following steps so that we may render personalized assistance:
  1. If you believe that you have a malicious package, please email it to security@phpbb.com so that we can check it against the version we obtained. We will likewise let you know if it is affected. You may also use the SHA256 checksum found on the downloads page to verify its validity. Do not use the potentially affected package.
  2. If you have already used the package to install or update a phpBB forum, please file an incident report on our tracker and we will assist with removal of the malicious code.
  3. The downloads currently available on the downloads page are safe. If you have any doubts whatsoever, download a fresh copy.

Our investigation is ongoing and we will provide additional information as it becomes available.


Thank you,

The phpBB Team

-----

You may discuss this announcement in it discussion topic.



Server Maintenance

2018-01-21T11:02:35+00:00

Hello,

On Tuesday January 23rd from 8:00 PM (UTC) until 12:00 AM (UTC) our hosting provider, OSUOSL, will be performing some maintenance on the infrastructure that powers www.phpbb.com.

This downtime applies to our various sites, including, but not limited to:
https://www.phpbb.com
https://area51.phpbb.com

This downtime will not affect any other installation of the phpBB software other than www.phpbb.com. However, the version check in your administration control panel might give a temporary error message.

Many thanks,

The phpBB Team



phpBB 3.2.2 Release - Please Update

2018-01-07T16:55:00+00:00

Greetings everyone,

We are pleased to announce the release of phpBB 3.2.2 "Bertie’s New Year Resolution". This version is a maintenance & security release of the 3.2.x branch which fixes one security issue, adds one minor feature addition, as well as fixing various issues reported in previous versions.

Previous versions did not limit the allowed schemes for URLs in profile fields and therefore allowed users to also specify URLs with the javascript scheme. This is now forbidden. As always, please keep in mind that external URLs can potentially be unsafe. Therefore it is recommended to not click on any URLs that might look suspicious to you. We would like to thank “aaaimg” for the disclosure of this issue to our development team.

As a minor feature addition, phpBB now also supports Memcached caching.
The fixed issues include, among others, problems when updating from phpBB versions 3.0.5 and older, incorrect image size being detected for uploaded files, blurry forum & topic icons in some browsers, and problems with deleting orphaned attachments when a high number of orphaned attachments is present.

We’d also like to note that due to changes in our dependency the minimum expected PHP version is now PHP 5.4.7. PHP versions between 5.4.0 and 5.4.6 will most likely continue to work but can cause unexpected side effects. If you are affected by this you should upgrade to a newer, secure version of PHP.
In addition to that, PHP 7.2 is now supported by phpBB 3.2. Please ensure that your extensions are compatible before upgrading.

The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at https://wiki.phpbb.com/Release_Highlights/3.2.2 and a list of all issues fixed on our tracker at https://tracker.phpbb.com/issues/?filter=14391

The packages can be downloaded from our downloads page.

The development team thanks everyone who contributed code to this release: kasimi, Rubń Calvo, rxu, JoshyPHP, hubaishan, javiexin, Jakub Senko, David Colón, Sophist, Daniel Sinn, Soeren D. Schulze, Jagoba Los Arcos, Kailey Truscott, Crizzo, Daniel Mota, Jim Mossing Holsteyn, Julien Tant, Serge Skripchuk, abyssmedia, ftc2, kitsiosk, v12mike, vinny

If you have any questions or comments, we'll be happy to address them in the discussion topic.

- The phpBB Team



phpBB 3.1.12 Release - Please Update

2018-01-07T16:53:49+00:00

Greetings everyone,

We are pleased to announce the release of phpBB 3.1.12 "Bertie’s look back at Mars". This version is a security release of the 3.1.x branch which fixes one security issue and also adds one minor feature addition, as well as fixing various issues reported in previous versions.

Previous versions did not limit the allowed schemes for URLs in profile fields and therefore allowed users to also specify URLs with the javascript scheme. This is now forbidden. As always, please keep in mind that external URLs can potentially be unsafe. Therefore it is recommended to not click on any URLs that might look suspicious to you. We would like to thank “aaaimg” for the disclosure of this issue to our development team.

As a minor feature addition, phpBB now also supports Memcached caching. This was merged before the EoM (End of Maintenance) and is therefore also part of this package.

Since the End of Life (EOL) date of the phpBB 3.1 branch has been passed, this also marks the last release in the phpBB 3.1 line. It will not continue to receive any maintenance or security updates.

The fixed issues include, among others, issues with updating older password hashes on PostgreSQL, an issue when using the Sphinx search backend, and with one migration during upgrades.

The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at https://wiki.phpbb.com/Release_Highlights/3.1.12 and a list of all issues fixed on our tracker at https://tracker.phpbb.com/issues/?filter=14392

The packages can be downloaded from our downloads page.

The development team thanks everyone who contributed code to this release: abyssmedia

If you have any questions or comments, we'll be happy to address them in the discussion topic.

- The phpBB Team



Server Maintenance: Multiple days

2017-12-07T11:41:28+00:00

Hello,

Our hosting provider, OSUOSL, will be performing some maintenance on the infrastructure that powers www.phpbb.com.

During the following timeframes our sites might be temporarily unavailable:

December 12:
9:00AM - 11:00 AM PST (1700 - 1900 UTC)
December 13:
9:00AM - 11:00 AM PST (1700 - 1900 UTC)
December 14:
9:00AM - 11:00 AM PST (1700 - 1900 UTC)
December 15:
9:00AM - 11:00 AM PST (1700 - 1900 UTC)
December 19:
9:00AM - 11:00 AM PST (1700 - 1900 UTC)

This downtime applies to our various sites, including, but not limited to:
https://www.phpbb.com
https://area51.phpbb.com

This downtime will not affect any other installation of the phpBB software other than www.phpbb.com. However, the version check in your administration control panel might give a temporary error message.

Many thanks,

The phpBB Team



Reintroducing phpBB Ideas

2017-09-08T15:27:30+00:00

Greetings everyone,

We’re really glad to announce that phpBB Ideas is back. The new ideas center is an extension with a greatly improved UI, making suggesting, discussing, and voting on features a pleasant experience.

Head on over and share your ideas!

If you have any thoughts, tell us in the discussion topic.

- The phpBB Team



phpBB 3.2.1 Release - Please Update

2017-07-16T19:01:50+00:00

Greetings everyone,

We are pleased to announce the release of phpBB 3.2.1 "War for the Planet of the Berties". This version is a maintenance & security release of the 3.2.x branch which fixes three security issues, as well as adding more hardening and fixes for various bugs reported in previous versions.

A server-side request forgery (SSRF) exploit was discovered in the remote avatar functionality which could be used to perform service discovery on internal and external networks as well as retrieve images which are usually restricted to local access (thanks to SEC Consult for the report). Additionally, a cross-site scripting vulnerability via version check files was discovered internally (thanks Derk Ruitenbeek). This could have been used to trick users into clicking on javascript: links. The third fixed issue concerned potential high load scenarios that could be caused by specially crafted search queries while using MySQL fulltext search.

The bugfixes address issues with migration dependencies preventing updates from phpBB 3.0.6 or older, multiple issues with the new text formatter, make the FTP update method functional again, as well as issues with updating from earlier versions using PostgreSQL. Notable changes include new, higher resolution images for the imageset icons, pagination for IP tables and post info, and added search indexing for topics after splitting a topic. The version check now also supports branches which will result in more helpful information about new versions on other branches.

The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at https://wiki.phpbb.com/Release_Highlights/3.2.1 and a list of all issues fixed on our tracker at https://tracker.phpbb.com/issues/?filter=14100

The packages can be downloaded from our downloads page.

The development team thanks everyone who contributed code to this release: javiexin, rxu, Rubén Calvo, nomind60s, David Colón, Jakub Senko, hanakin, Matt Friedman, JoshyPHP, Louis7777, kasimi, Vinny, Erwan Nader, Richard McGirr, hubaishan, Daniel Mota, Jim Mossing Holsteyn, Rishabh04-02, Saeed Hubaishan, david63, lavigor, Agris, Christian Schnegelberger, Daniel Sinn, Mukesh Kumar Kharita, TarantinoMariachi, lr94, tas2580, upstrocker

If you have any questions or comments, we'll be happy to address them in the discussion topic.

- The phpBB Team



phpBB 3.1.11 Release - Please Update

2017-07-16T15:04:32+00:00

Greetings everyone,

We are pleased to announce the release of phpBB 3.1.11 "Bertie's Cassini hitchhike". This version is a maintenance & security release of the 3.1.x branch which fixes three security issues, as well as adding more hardening and fixes for various bugs reported in previous versions.
A server-side request forgery (SSRF) exploit was discovered in the remote avatar functionality which could be used to perform service discovery on internal and external networks as well as retrieve images which are usually restricted to local access (thanks to SEC Consult for the report). Additionally, a cross-site scripting vulnerability via version check files was discovered internally (thanks Derk Ruitenbeek). This could have been used to trick users into clicking on javascript: links. The third fixed issue concerned potential high load scenarios that could be caused by specially crafted search queries while using MySQL fulltext search.
Please note that this is the last maintenance release for phpBB 3.1 as it has now reached end of maintenance (EOM). It will continue to receive security updates until December 2017.

The bugfixes address issues with duplicate entries for migrations that could result in extensions not properly installing or uninstalling, an invalid definition in an SQL query that prevents ordering of PMs, as well as issues with updating from earlier versions using PostgreSQL.
Notable changes are pagination for IP tables and post info and added search indexing for topics after splitting a topic. The version check now also supports branches which will result in more helpful information about new versions on other branches.

The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at https://wiki.phpbb.com/Release_Highlights/3.1.11 and a list of all issues fixed on our tracker at https://tracker.phpbb.com/issues/?filter=14092

The packages can be downloaded from our downloads page.

The development team thanks everyone who contributed code to this release: javiexin, Jakub Senko, rxu, Matt Friedman, Rubén Calvo, Daniel Sinn, kasimi, Erwan Nader, nomind60s, Victor A. Safronov, Daniel Mota, David Colón, Jmz, david63, hanakin, Christian Schnegelberger, Jim Mossing Holsteyn, Joas Schilling, MIkhail Gulyaev, Michael Cullum, Mukesh Kumar Kharita, Richard McGirr, TarantinoMariachi, hubaishan, lavigor, upstrocker

If you have any questions or comments, we'll be happy to address them in the discussion topic.

- The phpBB Team



Server Maintenance: Wednesday 7th June

2017-06-05T18:58:34+00:00

Hello,

Our hosting provider, OSUOSL, will be performing some maintenance on the infrastructure that powers www.phpbb.com on Wednesday 7th June at 5pm PDT (1am 8th June UTC). It is estimated to take a maximum of one hour, however only a few minutes of downtime is expected.

During this time our various sites may be unavailable, including, but not limited to:
https://www.phpbb.com
https://area51.phpbb.com

This downtime will not affect any other installation of the phpBB software other than www.phpbb.com.

Many thanks,

The phpBB Team