phpBB Forum Software

Greetings everyone, We are pleased to announce the release of phpBB 3.3.5 “Ich bin ein Bertie”. This version is a maintenance release of the 3.3.x branch which introduces a new helper function lang_js() for twig templates and resolves various issues ... [More] reported in previous versions. The fixes include, among others, further improvements on PHP 8 compatibility as well as some issues with migrations when upgrading or converting a board to the latest version of phpBB. In addition to that, some issues with the database handling for PostgreSQL, e.g. during backups, were also resolved. We also introduced a bit of hardening in the form of disallowing specific UTF8 whitespace characters with zero or near zero width in usernames. These characters could cause some usernames to be confused with each other and hence we decided to specifically filter these. The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release below and a list of all issues fixed on our tracker at https://tracker.phpbb.com/issues/?filter=15890 The packages can be downloaded from our downloads page. The development team thanks everyone who contributed code to this release: 3D-I, rxu, Alec, Patrick Webster, Prosk8er, v12mike, Alfredo Ramos, David Colón, Matt Friedman, MichaIng, William Desportes, Paul, toxyy If you have any questions or comments, we'll be happy to address them in the discussion topic. - The phpBB Team [Less]

Greetings everyone, We are pleased to announce the release of phpBB 3.3.4 "Bertie’s garden work". This version is a maintenance release of the 3.3.x branch which adds support for WebP images, improves the wording in email templates, and resolves ... [More] various issues reported in previous versions. The fixes include, among others, further improvements on PHP 8 compatibility as well as an issue with database names containing a dash that could prevent some admins from accessing the Administration Control Panel (ACP). A small change that was also introduced is the possibility for CAPTCHAs to define a custom message that is displayed when a CAPTCHA is shown due to exceeding the maximum allowable number of login attempts. The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at https://wiki.phpbb.com/Release_Highlights/3.3.4 and a list of all issues fixed on our tracker at https://tracker.phpbb.com/issues/?filter=15690 The packages can be downloaded from our downloads page. The development team thanks everyone who contributed code to this release: 3D-I, Christian Schnegelberger, Dark❶, DinHere, rxu, Matt Friedman, Alfredo Ramos If you have any questions or comments, we'll be happy to address them in the discussion topic. - The phpBB Team [Less]

Greetings everyone, We are pleased to announce the release of phpBB 3.3.4 "Bertie’s garden work". This version is a maintenance release of the 3.3.x branch which adds support for WebP images, improves the wording in email templates, and resolves ... [More] various issues reported in previous versions. The fixes include, among others, further improvements on PHP 8 compatibility as well as an issue with database names containing a dash that could prevent some admins from accessing the Administration Control Panel (ACP). A small change that was also introduced is the possibility for CAPTCHAs to define a custom message that is displayed when a CAPTCHA is shown due to exceeding the maximum allowable number of login attempts. The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at https://wiki.phpbb.com/Release_Highlights/3.3.4 and a list of all issues fixed on our tracker at https://tracker.phpbb.com/issues/?filter=15690 The packages can be downloaded from our downloads page. The development team thanks everyone who contributed code to this release: 3D-I, Christian Schnegelberger, Dark❶, DinHere, rxu, Matt Friedman, Alfredo Ramos If you have any questions or comments, we'll be happy to address them in the discussion topic. - The phpBB Team Release Highlights Improvements Increased compatibility with PHP 8 PHPBB3-16696 PHPBB3-16705 PHPBB3-16719 PHPBB3-16740 PHPBB3-16743 PHPBB3-16735 Support for WEBP images PHPBB3-16710 PHPBB3-16712 Improved wording of email templates PHPBB3-16589 Notable Changes Support for custom error messages in CAPTCHAs PHPBB3-16655 Notable Bugfixes SQL error in ACP if database name contains a dash PHPBB3-16685 [Less]

Greetings everyone, We are pleased to announce the release of phpBB 3.3.3 "Bertie Triple Distilled". This version is a maintenance release of the 3.3.x branch which adds support for MySQL 8 and PHP 8, and resolves various issues reported in previous ... [More] versions. Starting with this release we will officially support installations of phpBB when using MySQL8 and/or PHP 8. Please ensure that any installed Extension is also compatible before attempting an upgrade to either of these. The fixed issues include, among others, an SQL error occurring on empty data in profile fields of type number, and dropdowns not working correctly in mobile view. In addition to that, we have started to use GitHub Actions for running our automated tests as part of our Continuous Integration (CI) process. Our Customisations Team has prepared instructions on how to use GitHub Actions to test Extensions in order to assist Extensions developers with setting up their own CI. Another change that might affect Extension authors is the switch to using Composer 2 in phpBB. Due to the way autoloaders are included from Extensions, it’s currently not possible to also use Composer 2 inside Extensions. Until this issue has been resolved, please keep using Composer 1 for your Extensions. The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at https://wiki.phpbb.com/Release_Highlights/3.3.3 and a list of all issues fixed on our tracker at https://tracker.phpbb.com/issues/?filter=15590 The packages can be downloaded from our downloads page. The development team thanks everyone who contributed code to this release: rxu, 3D-I, Alec, JoshyPHP, Billy Noah, G-T-I, Joshua Angnoe, Mark D. Hamill, Matt Friedman, Toxyy, Oliver Tseng, kasimi, pasha, teokolo If you have any questions or comments, we'll be happy to address them in the discussion topic. - The phpBB Team Release Highlights Improvements Increased compatibility with PHP 8 PHPBB3-16636 PHPBB3-16641 PHPBB3-16670 PHPBB3-16629 PHPBB3-16549 Increased compatibility with MySQL 8 PHPBB3-16535 PHPBB3-16538 Notable Changes Update to Composer 2 PHPBB3-16632 Use Github Actions as CI PHPBB3-16659 Notable Bugfixes SQL error on empty data in numbers profile field PHPBB3-16582 Dropdowns not working in mobile view PHPBB3-16677 [Less]

Greetings everyone, We are pleased to announce the release of phpBB 3.3.3 "Bertie Triple Distilled". This version is a maintenance release of the 3.3.x branch which adds support for MySQL 8 and PHP 8, and resolves various issues reported in previous ... [More] versions. Starting with this release we will officially support installations of phpBB when using MySQL8 and/or PHP 8. Please ensure that any installed Extension is also compatible before attempting an upgrade to either of these. The fixed issues include, among others, an SQL error occurring on empty data in profile fields of type number, and dropdowns not working correctly in mobile view. In addition to that, we have started to use GitHub Actions for running our automated tests as part of our Continuous Integration (CI) process. Our Customisations Team has prepared instructions on how to use GitHub Actions to test Extensions in order to assist Extensions developers with setting up their own CI. Another change that might affect Extension authors is the switch to using Composer 2 in phpBB. Due to the way autoloaders are included from Extensions, it’s currently not possible to also use Composer 2 inside Extensions. Until this issue has been resolved, please keep using Composer 1 for your Extensions. The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at https://wiki.phpbb.com/Release_Highlights/3.3.3 and a list of all issues fixed on our tracker at https://tracker.phpbb.com/issues/?filter=15590 The packages can be downloaded from our downloads page. The development team thanks everyone who contributed code to this release: rxu, 3D-I, Alec, JoshyPHP, Billy Noah, G-T-I, Joshua Angnoe, Mark D. Hamill, Matt Friedman, Toxyy, Oliver Tseng, kasimi, pasha, teokolo If you have any questions or comments, we'll be happy to address them in the discussion topic. - The phpBB Team [Less]

Greetings everyone, We are pleased to announce the release of phpBB 3.3.2 "From Bertie with Love". This version is a maintenance and security release of the 3.3.x branch which fixes one security issue, introduces further hardening, and resolves ... [More] various issues reported in previous versions. Previous versions of phpBB starting with 3.2.0 adjusted the way formatting was removed in the strip BBCode function. If this function was used in extensions it could potentially lead to HTML entities being decoded and encoded unexpectedly and therefore result in reflected XSS. We’d like to thank n0bodysec for responsibly disclosing this to us. Further hardening has been introduced to the ACP configuration settings for the Jabber functionality. The page will no longer output the communication content while adjusting settings. We’d like to thank Cory Billington for reporting this issue to us via HackerOne. The fixed issues include, among others, a circular dependency when cron tasks depend on the controller helper, issues with drop-down menus, inconsistent margins when using zoom inside a browser, and an error while generating backups on PostgreSQL 12+. In addition to that, permissions will now follow a more natural ordering in the ACP and the maximum allowed attachment file size will be displayed to users. The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at https://wiki.phpbb.com/Release_Highlights/3.3.2 and a list of all issues fixed on our tracker at https://tracker.phpbb.com/issues/?filter=15390 The packages can be downloaded from our downloads page. The development team thanks everyone who contributed code to this release: rxu, William Desportes, Christian Schnegelberger, JoshyPHP, Matt Friedman, 3D-I, Jakub Senko, kasimi, Alfredo Ramos, MichaIng, Noxwizard, ansavin, juanse254 If you have any questions or comments, we'll be happy to address them in the discussion topic. - The phpBB Team [Less]

Greetings everyone, We are pleased to announce the release of phpBB 3.3.2 "From Bertie with Love". This version is a maintenance and security release of the 3.3.x branch which fixes one security issue, introduces further hardening, and resolves ... [More] various issues reported in previous versions. Previous versions of phpBB starting with 3.2.0 adjusted the way formatting was removed in the strip BBCode function. If this function was used in extensions it could potentially lead to HTML entities being decoded and encoded unexpectedly and therefore result in reflected XSS. We’d like to thank n0bodysec for responsibly disclosing this to us. Further hardening has been introduced to the ACP configuration settings for the Jabber functionality. The page will no longer output the communication content while adjusting settings. We’d like to thank Cory Billington for reporting this issue to us via HackerOne. The fixed issues include, among others, a circular dependency when cron tasks depend on the controller helper, issues with drop-down menus, inconsistent margins when using zoom inside a browser, and an error while generating backups on PostgreSQL 12+. In addition to that, permissions will now follow a more natural ordering in the ACP and the maximum allowed attachment file size will be displayed to users. The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at https://wiki.phpbb.com/Release_Highlights/3.3.2 and a list of all issues fixed on our tracker at https://tracker.phpbb.com/issues/?filter=15390 The packages can be downloaded from our downloads page. The development team thanks everyone who contributed code to this release: rxu, William Desportes, Christian Schnegelberger, JoshyPHP, Matt Friedman, 3D-I, Jakub Senko, kasimi, Alfredo Ramos, MichaIng, Noxwizard, ansavin, juanse254 If you have any questions or comments, we'll be happy to address them in the discussion topic. - The phpBB Team Release Highlights Improvements Display maximum allowed attachment filesize PHPBB3-15300 Sort permissions for more natural ordering PHPBB3-16430 Split new topics/new posts notifications for forum subscriptions PHPBB3-16544 Add notifications on reporting PM, on closing PM report, on closing post report PHPBB3-16208 Notable Bug Fixes Database backup generates a general error with PostgreSQL 12+ PHPBB3-16525 Circular dependencies when cron task depends on controller.helper PHPBB3-16565 Problem with drop-down menu PHPBB3-16568 Massive margin between posts when zoomed out in browser PHPBB3-16569 Reset button in create search index not working PHPBB3-16583 Undefined properties in create_search_index install task PHPBB3-16593 Security Issue Invalid conversion of HTML entities when stripping BBCode Hardening Reduce verbosity of jabber output in ACP [Less]

Greetings everyone, We are pleased to announce the release of phpBB 3.2.11 "The Name of the Bertie". This version is a security release of the 3.2.x branch which fixes one security issue, and introduces further hardening. Previous versions of phpBB ... [More] starting with 3.2.0 adjusted the way formatting was removed in the strip BBCode function. If this function was used in extensions it could potentially lead to HTML entities being decoded and encoded unexpectedly and therefore result in reflected XSS. We’d like to thank n0bodysec for responsibly disclosing this to us. Further hardening has been introduced to the ACP configuration settings for the Jabber functionality. The page will no longer output the communication content while adjusting settings. We’d like to thank Cory Billington for reporting this issue to us via HackerOne. As you might be aware, the 3.2 branch has almost approached its End of Life and will not receive further security updates after November 7th, 2020. We’d like to remind everyone to upgrade to phpBB 3.3 as soon as possible. The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at https://wiki.phpbb.com/Release_Highlights/3.2.11 and a list of all issues fixed on our tracker at https://tracker.phpbb.com/issues/?filter=15490 The packages can be downloaded from our downloads page. If you have any questions or comments, we'll be happy to address them in the discussion topic. - The phpBB Team Release Highlights Security Issue Invalid conversion of HTML entities when stripping BBCode Hardening Reduce verbosity of jabber output in ACP [Less]

Greetings everyone, We are pleased to announce the release of phpBB 3.2.11 "The Name of the Bertie". This version is a security release of the 3.2.x branch which fixes one security issue, and introduces further hardening. Previous versions of phpBB ... [More] starting with 3.2.0 adjusted the way formatting was removed in the strip BBCode function. If this function was used in extensions it could potentially lead to HTML entities being decoded and encoded unexpectedly and therefore result in reflected XSS. We’d like to thank n0bodysec for responsibly disclosing this to us. Further hardening has been introduced to the ACP configuration settings for the Jabber functionality. The page will no longer output the communication content while adjusting settings. We’d like to thank Cory Billington for reporting this issue to us via HackerOne. As you might be aware, the 3.2 branch has almost approached its End of Life and will not receive further security updates after November 7th, 2020. We’d like to remind everyone to upgrade to phpBB 3.3 as soon as possible. The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at https://wiki.phpbb.com/Release_Highlights/3.2.11 and a list of all issues fixed on our tracker at https://tracker.phpbb.com/issues/?filter=15490 The packages can be downloaded from our downloads page. If you have any questions or comments, we'll be happy to address them in the discussion topic. - The phpBB Team [Less]

Greetings everyone, We are pleased to announce the release of phpBB 3.3.1 "Bertie’s Twenty". This version is a maintenance and security release of the 3.3.x branch which fixes one security issue, introduces further hardening, and resolves various ... [More] issues reported in previous versions. Previous versions of phpBB did allow limiting the dimensions of images posted. This could however also be used to e.g. check for the existence of services that should only be accessible from the internal network. We would like to thank FVD for reporting this issue to us via hackerone. The issue has been assigned CVE-2020-8226. The fixed issues include, among others, issues with using Emojis in multiple text fields, the inability to delete or mark PMs read in the UCP folder view, issues with resetting a password, and a slow search on PostgreSQL. The amount of emails sent for notifications related to topics have been improved and new and improved enable and disable mechanisms for newer profile field types have been integrated. We would like to dedicate this last addition to javiexin. The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release below and a list of all issues fixed on our tracker at https://tracker.phpbb.com/issues/?filter=15291 The packages can be downloaded from our downloads page. The development team thanks everyone who contributed code to this release: 3D-I, kasimi, rxu, Dark❶, KYPREO, Alfredo Ramos, JoshyPHP, javiexin, Jakub Senko, ansavin, Bob Weinand, Kidounet, MichaIng, hubaishan, ioannisbat, phpBB España If you have any questions or comments, we'll be happy to address them in the discussion topic. - The phpBB Team Release Highlights Improvements Enable/disable mechanism for new profilefield types - Added new enable & disable mechanism for profile field types PHPBB3-13867 Only one email notification per topic - Reduced emails sent as notifications when not having visited topic PHPBB3-14754 Notable Bug Fixes Slow search on PostgreSQL - Full text search on PostgreSQL was very slow due to accidentally disabled index PHPBB3-15395 Emoji isues - Issues with using emojis in multiple text fields PHPBB3-16399 PHPBB3-15712 PHPBB3-16480 PHPBB3-16485 Delete marked PMs in UCP - Improper form token check resulted in users being unable to delete marked PMs PHPBB3-16296 File lock issues - Failure while acquiring locks on some storage backends resulted in errors while installing phpBB PHPBB3-16325 Reset password error - Resetting a password resulted in an PHP fatal error being thrown PHPBB3-16308 [Less]