Latest phpBB.com announcements This feed displays the latest announcements at phpBB.com. http://www.dijvjz.live/community/viewforum.php?f=14 Latest phpBB.com announcements http://www.dijvjz.live/assets/images/images/logo_phpbb.png http://www.dijvjz.live/community/viewforum.php?f=14 Marc Mon, 06 Jan 2020 11:54:38 +0000 http://www.dijvjz.live/community/viewtopic.php?f=14&t=2534541 phpBB 3.3 Proteus Feature Release Published <a href="http://www.dijvjz.live/about/launch/" class="postlink"><img src="http://www.dijvjz.live/assets/images/images/about/launch/proteus_featured_header.png" class="postimage" alt="Image"></a><br> <br> Today is a big day for the entire phpBB community and we hope that you're as excited as we are! With the help of over one hundred volunteers, we have improved and extended phpBB to provide the new and improved phpBB 3.3 Proteus.<br> <br> The <a href="http://www.dijvjz.live/about/launch/" class="postlink">new phpBB 3.3 Proteus</a> builds upon 3.2 Rhea and is a big step towards a more modern base while maintaining a clear update path. It is now shipped with Symfony 3.4, Twig 2, and jQuery 3.4. The improvements include, among others, support for Invisible reCAPTCHA, Argon2i and Argon2id password hashing, improved reset password functionality, and minor changes to the UI.<br> The minimum supported PHP version has been increased to PHP 7.1.3 while support for PHP 7.3 and PHP 7.4 has been added. Fixed security issues in 3.2.9 are part of this release as well.<br> <br> Check out further highlights of the new version on our <a href="http://www.dijvjz.live/about/launch/" class="postlink">Proteus Launch Page</a> or a more detailed breakdown on our <a href="http://www.dijvjz.live/about/features/" class="postlink">Features Page</a>. As always, phpBB 3.3 Proteus and update packages for previous versions are available in the <a href="http://www.dijvjz.live/downloads/" class="postlink">downloads section</a>.<br> <br> The phpBB community has been working hard to get this release prepared and work on phpBB 4.0 is already underway!<br> <br> We would like to thank everyone for working hard to make today possible! The following people contributed code to the 3.3 Proteus release: Marc Alexander, Jakub Senko, Tristan Darricau, 3D-I, rxu, Rubén Calvo, javiexin, mrgoldy, kasimi, Oliver Schramm, JoshyPHP, Máté Bartus, Derky, hubaishan, Matt Friedman, Dark?, David Colón, v12mike, nomind60s, Christian Schnegelberger, Mikel Alejo, amalnaeem, Michael Miday, Alfredo Ramos, EA117, Zoddo, Vishal Pandey, Alec, Louis7777, Vinny, battye, Daniel Sinn, Jim Mossing Holsteyn, Sophist, DSR!, Daniel Mota, Erwan Nader, Fran?ois-Xavier de Guillebon, GanstaZ, PayBas, Kailey Truscott, Richard McGirr, Soeren D. Schulze, brunoais, jasonmarlin, oxcom, stevendegroote, AJ Quick, Anssi Johansson, Jagoba Los Arcos, KYPREO, MichaelC, Nuno Lopes, Rishabh04-02, Saeed Hubaishan, Serge Skripchuk, abyssmedia, david63, dhruveshk, lavigor, vinny, Agris, Akbar, Alex Miles, Andrii Afanasiev, Casey Peel, Daniel, FH, GerB, Ioannis Batas, Julien Tant, Mukesh Kumar Kharita, Nekstati, Paul Sohier, Sage Pointer, TarantinoMariachi, Toxyy, canonknipser, cclauss, espipj, ftc2, kitsiosk, lr94, luzpaz, scootergrisen, tas2580, upstrocker<br> <br> Please discuss this topic in its <a href="http://www.dijvjz.live/community/viewtopic.php?f=64&t=2534591" class="postlink">discussion topic</a>. Marc Mon, 06 Jan 2020 11:53:15 +0000 http://www.dijvjz.live/community/viewtopic.php?f=14&t=2534536 phpBB 3.2.9 Release - Please Update Greetings everyone,<br> <br> We are pleased to announce the release of phpBB 3.2.9 "The Rise of Bertie". This version is a maintenance and security release of the 3.2.x branch which fixes two minor security issues, introduces further hardening, and resolves various issues reported in previous versions.<br> <br> Previous versions of phpBB did not properly enforce form tokens on changing group avatars and handling pending group memberships which could have been used to trick users into carrying out unwanted actions. Both of these issues have been found as part of an internal code audit prior to the release of phpBB 3.3. The issues have been assigned CVE-2020-5501 and CVE-2020-5502 respectively.<br> <br> The fixed issues include, among others, multiple issues with default Nginx and Sphinx configuration files supplied in the phpBB package as well as an issue with calculating the chunk size while using plupload. In addition to that, the fallback on invalid styles data has been improved and emoji support has been added to forum names and topic titles.<br> <br> As phpBB 3.3 provides a clear update path with minimal breaking changes, phpBB 3.2 will directly enter a reduced maintenance mode during which it will only receive changes for major issues as well as any security issues. The timetable for maintenance and security fixes is as follows: <ul> <li>End of Maintenance (EOM): April 6th, 2020</li> <li>End of Life (EOL): July 6th, 2020</li> </ul> <br> The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at <a class="postlink">https://wiki.phpbb.com/Release_Highlights/3.2.9</a> and a list of all issues fixed on our tracker at <a class="postlink">https://tracker.phpbb.com/issues/?filter=15193</a><br> <br> <strong class="text-strong">The packages can be downloaded from our <a href="http://www.dijvjz.live/downloads/" class="postlink">downloads page</a>.</strong><br> <br> The development team thanks everyone who contributed code to this release: 3D-I, Jakub Senko, mrgoldy, EA117, Alfredo Ramos, JoshyPHP, kasimi, rxu, DSR!, oxcom, stevendegroote, KYPREO, v12mike, Matt Friedman<br> <br> If you have any questions or comments, we'll be happy to address them in the <a href="http://www.dijvjz.live/community/viewtopic.php?f=64&t=2534586" class="postlink">discussion topic</a>.<br> <br> - The phpBB Team Marc Mon, 23 Dec 2019 20:56:38 +0000 http://www.dijvjz.live/community/viewtopic.php?f=14&t=2533081 phpBB 3.3.0-RC1 released Greetings everyone,<br> <br> We are pleased to announce the release of phpBB 3.3.0-RC1 "Bertie's holiday preparations". This is the first release candidate of the upcoming phpBB 3.3.0 feature release and introduces minor changes and new functionality.<br> <br> Among the biggest changes are the updated third party dependencies like Symfony that result in the minimum supported PHP version increasing to PHP 7.1 while also adding support for PHP 7.3 and 7.4. New features include increased Emoji support, support for the latest Argon2id and Argon2i password hashing, as well as refactoring of the OAuth implementation and small UI adjustments like an updated phpBB logo.<br> <br> The full changelog is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release candidate on the wiki at <a class="postlink">https://wiki.phpbb.com/Release_Highlights/3.3.0-RC1</a> and a list of all issues fixed on our tracker at <a class="postlink">https://tracker.phpbb.com/issues/?filter=15192</a><br> <br> <strong class="text-strong">The packages can be downloaded from our <a class="postlink">Area51 downloads site</a> and our <a class="postlink">package archive</a>.</strong><br> <br> The development team thanks everyone who contributed code to this release: rxu, 3D-I, JoshyPHP, mrgoldy, Alfredo Ramos, Matt Friedman, KYPREO, Sage Pointer<br> <br> If you have any questions or comments, we'll be happy to address them in the <a href="http://www.dijvjz.live/community/viewtopic.php?f=64&t=2533091" class="postlink">discussion topic</a>.<br> <br> - The phpBB Team Paul Mon, 23 Sep 2019 16:02:52 +0000 http://www.dijvjz.live/community/viewtopic.php?f=14&t=2523636 Server Maintenance Hello,<br> <br> Today, Monday September 23rd from 9:00 PM (UTC) until 11:00 PM (UTC) we will be performing some maintenance on the infrastructure that powers <a href="http://www.dijvjz.live" class="postlink">www.dijvjz.live</a> and several subdomains of phpbb.com. <br> <br> This downtime applies to our various sites, including, but not limited to:<br> <a href="http://www.dijvjz.live" class="postlink">http://www.dijvjz.live</a><br> <a class="postlink">https://area51.phpbb.com</a><br> <a class="postlink">https://tracker.phpbb.com</a><br> <a class="postlink">https://wiki.phpbb.com</a><br> <br> This downtime will <strong class="text-strong">not</strong> affect any other installation of the phpBB software other than <a href="http://www.dijvjz.live" class="postlink">www.dijvjz.live</a>. However, the version check in your administration control panel might give a temporary error message.<br> <br> Many thanks,<br> <br> The phpBB Team Marc Fri, 20 Sep 2019 19:09:36 +0000 http://www.dijvjz.live/community/viewtopic.php?f=14&t=2523271 phpBB 3.2.8 Release - Please Update Greetings everyone,<br> <br> Today we’re announcing the release of phpBB 3.2.8. This release is dedicated to the memory of Maria Wilhelmina Theodora 'Marian' Verhoog-Wienk [08 October 1958 - 18 September 2019], who you may know as <a href="http://www.dijvjz.live/community/memberlist.php?mode=viewprofile&u=322763" class="postlink">marian0810</a>. Rust in vrede, Marian.<br> <br> This version is a maintenance and security release of the 3.2.x branch which fixes three security issues, introduces further hardening, and resolves various issues reported in previous versions.<br> <br> Previous versions of phpBB did not properly enforce form tokens on two seperate pages which could have been used to trick users into carrying out unwanted actions. We’d like to thank kevinoclam (via HackerOne) and Yuval Kanarenstein of SecuriTeam Secure Disclosure for their report and responsible disclosure. The issues have been assigned CVE-2019-16107 and CVE-2019-13376 respectively.<br> In addition to this, improper validation of BBCode parameters allowed modifying the style attribute and injecting arbitrary CSS into the page. We’d like to thank Hanno B?ck for his report and responsible disclosure. The issue has been assigned CVE-2019-16108.<br> <br> For further hardening phpBB against potential attacks, we have integrated the Referrer-Policy header and disabled the MySQLi local infile setting. The Referrer-Policy header will prevent sending any kind of referrer information to less secure destinations or third party sites while disabling the MySQLi local infile setting will prevent MySQL servers from potentially requesting local files from the client side. These changes were introduced based on input received from Akash Methani and LoRexxar @ knownsec 404Team respectively.<br> <br> The fixed issues include, among others, multiple issues with OAuth logins, improved login form token check that should now work in all templates, restoring the ability to restore database backups, and support for newer TLS versions for SMTP connections on the latest PHP versions.<br> Searching for users by their last visit time has been modified to prevent potentially unwanted results from showing up.<br> <br> In order to help the support team in assessing issues in phpBB, we have now disabled the uninstallation of prosilver. Prosilver can however still be deactivated.<br> <br> The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at <a class="postlink">https://wiki.phpbb.com/Release_Highlights/3.2.8</a> and a list of all issues fixed on our tracker at <a class="postlink">https://tracker.phpbb.com/issues/?filter=15090</a><br> <br> <strong class="text-strong">The packages can be downloaded from our <a href="http://www.dijvjz.live/downloads/" class="postlink">downloads page</a>.</strong><br> <br> The development team thanks everyone who contributed code to this release: 3D-I, Dark?, Jakub Senko, mrgoldy, rxu, Christian Schnegelberger, EA117, kasimi, JoshyPHP, Casey Peel, Nekstati, Nuno Lopes, cclauss, espipj, kinerity<br> <br> If you have any questions or comments, we'll be happy to address them in the <a href="http://www.dijvjz.live/community/viewtopic.php?f=64&t=2523281" class="postlink">discussion topic</a>.<br> <br> - The phpBB Team Marc Sun, 05 May 2019 08:18:21 +0000 http://www.dijvjz.live/community/viewtopic.php?f=14&t=2510666 phpBB 3.2.7 Release Greetings everyone,<br> <br> We are pleased to announce the release of phpBB 3.2.7 "Bertie’s Force Field". This version is a maintenance release of the 3.2.x branch which resolves issues reported in previous versions.<br> <br> The fixed issues include, among others, issues with form token validation during login, the inability to change topic types after posting, an issue with viewing private message folders, and potentially incorrectly shortened URL links when using the <code class="inline">[url=]</code> BBCode.<br> Full backwards compatibility for styles released before phpBB 3.2.6 has been introduced, which will enable logins even though these styles have not yet been updated with the latest style changes.<br> <br> The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at <a class="postlink">https://wiki.phpbb.com/Release_Highlights/3.2.7</a> and a list of all issues fixed on our tracker at <a class="postlink">Issues fixed in 3.2.7</a><br> <br> <strong class="text-strong">The packages can be downloaded from our <a href="http://www.dijvjz.live/downloads/" class="postlink">downloads page</a>.</strong><br> <br> The development team thanks everyone who contributed code to this release: JoshyPHP, Matt Friedman, mrgoldy, EA117<br> <br> If you have any questions or comments, we'll be happy to address them in the <a href="http://www.dijvjz.live/community/viewtopic.php?f=64&t=2510671" class="postlink">discussion topic</a>.<br> <br> - The phpBB Team Marc Mon, 29 Apr 2019 07:45:15 +0000 http://www.dijvjz.live/community/viewtopic.php?f=14&t=2509941 phpBB 3.2.6 Release - Please Update Greetings everyone,<br> <br> We are pleased to announce the release of phpBB 3.2.6 "You Know Nothing, Bertie Snow". This version is a maintenance and security release of the 3.2.x branch which fixes two security issues, introduces further hardening, and resolves various issues reported in previous versions.<br> <br> Previous versions of phpBB allowed users to run searches that might result in long execution times and load on larger boards when using the fulltext native search engine. To combat this, we have now introduced further restrictions on search queries. We’d like to thank Snover for his report and responsible disclosure. The issue has been assigned CVE-2019-9826.<br> In addition to this, another edge case that allowed testing for the existence of files and services on the local network of the host using the remote avatar functionality was resolved. Due to the nature of the remote avatar functionality, it’s not possible to cover all potential accesses to the local network. Therefore we have decided to deactivate this feature in this update and admins will be shown a warning of the potential side effects in the Admin Control Panel if they want to re-enable it. The functionality itself will be removed in the next minor feature release. We’d like to thank Do Ha Anh of Viettel Cyber Security for his report and responsible disclosure.<br> <br> The hardening introduced are among others the removal of the functionality to download database backups, further validation on administrative input in the Admin Control Panel, and the addition of form tokens to the login box. Most of these changes have been introduced to reduce the potential impact of admin account compromises or rogue administrators.<br> <br> In our endeavours to deliver the most secure forum solution we have decided to further our reach in the security industry by joining the security platform <a class="postlink">HackerOne</a>.<br> Some of the security improvements in this release are already the result of running a pilot program. We’ll soon change to a public program to allow submissions from everyone and add another way to easily report security issues. Until then security issues can be reported to the <a class="postlink">Security Tracker</a> or by emailing to security [at] phpbb.com.<br> <br> The fixed issues include, among others, support for cookies on domains with special chars, support for the Q&A plugin on MySQL 5.7, as well as preventing the installation of phpBB 3.2 on PHP 7.3. Full PHP 7.3 compatibility will be included in phpBB 3.3.<br> <br> The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at <a class="postlink">https://wiki.phpbb.com/Release_Highlights/3.2.6</a> and a list of all issues fixed on our tracker at <a class="postlink">https://tracker.phpbb.com/issues/?filter=14992</a><br> <br> <strong class="text-strong">The packages can be downloaded from our <a href="http://www.dijvjz.live/downloads/" class="postlink">downloads page</a>.</strong><br> <br> The development team thanks everyone who contributed code to this release: 3D-I, mrgoldy, battye, Jakub Senko, kasimi, GanstaZ, jasonmarlin, AJ Quick, Alec, JoshyPHP, dhruveshk, rxu, Alfredo Ramos, Dark?, Nuno Lopes<br> <br> If you have any questions or comments, we'll be happy to address them in the <a href="http://www.dijvjz.live/community/viewtopic.php?f=64&t=2509956" class="postlink">discussion topic</a>.<br> <br> - The phpBB Team Marc Sat, 22 Dec 2018 16:35:58 +0000 http://www.dijvjz.live/community/viewtopic.php?f=14&t=2496526 phpBB 3.2.5 Release Greetings everyone,<br> <br> We are pleased to announce the release of phpBB 3.2.5 "Bertie's Secret Santa". This version is a maintenance release of the 3.2.x branch which fixes various issues reported in previous versions.<br> <br> The fixed issues include, among others, a BBCode parsing regression in the <code class="inline">generate_text_for_display()</code> function, a missing variable cast on the ACP extensions page, as well as a fix to how the assets version gets appended to JavaScript files included via <code class="inline">INCLUDEJS</code>.<br> <br> The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at <a class="postlink">https://wiki.phpbb.com/Release_Highlights/3.2.5</a> and a list of all issues fixed on our tracker at <a class="postlink">https://tracker.phpbb.com/issues/?filter=14890</a><br> <br> <strong class="text-strong">The packages can be downloaded from our <a href="http://www.dijvjz.live/downloads/" class="postlink">downloads page</a>.</strong><br> <br> The development team thanks everyone who contributed code to this release: 3Di, rxu, Alec, hubaishan, Dark?, Jakub Senko, Jim Mossing Holsteyn, Vinny<br> <br> If you have any questions or comments, we'll be happy to address them in the <a href="http://www.dijvjz.live/community/viewtopic.php?f=64&t=2496571" class="postlink">discussion topic</a>.<br> <br> - The phpBB Team Marc Fri, 16 Nov 2018 19:58:15 +0000 http://www.dijvjz.live/community/viewtopic.php?f=14&t=2492206 phpBB 3.2.4 Release - Please Update Greetings everyone,<br> <br> We are pleased to announce the release of phpBB 3.2.4 "Bertie's ‘stache". This version is a maintenance and security release of the 3.2.x branch which fixes one security issue and various issues reported in previous versions.<br> <br> The security issue was discovered with a new exploitation technique called Phar deserialization. An attacker with control over a founder admin account could escalate to remote code execution by abusing PHP’s default unserialization of metadata in Phar files. More information about this technique can be found <a class="postlink">here</a>.<br> In order to fix this issue we’ve removed the ability to define absolute paths in the Admin Control Panel. This resulted in the removal of setting the ImageMagick path, so make sure to have the GD image library available instead. A new event to generate thumbnails was added as replacement, so you’re able to write an extension that uses a different image library to generate thumbnails. We would like to thank Simon Scannell and Robin Peraglie of RIPS Technologies for their report and responsible disclosure. The issue has been assigned CVE-2018-19274.<br> <br> The fixed issues include, among others, compatibility issues with PHP 7.2 and issues with removing users from the newly registered user group more than once.<br> Among the notable changes are the addition of the list-unsubscribe header to emails sent by phpBB and the ability to reset your password without entering the username.<br> <br> The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at <a class="postlink">https://wiki.phpbb.com/Release_Highlights/3.2.4</a> and a list of all issues fixed on our tracker at <a class="postlink">https://tracker.phpbb.com/issues/?filter=14790</a><br> <br> <strong class="text-strong">The packages can be downloaded from our <a href="http://www.dijvjz.live/downloads/" class="postlink">downloads page</a>.</strong><br> <br> <strong class="text-strong">We recommend following these <a href="http://www.dijvjz.live/support/docs/en/3.2/kb/article/updating-32x/" class="postlink">update instructions</a> for updating your instance of phpBB.</strong><br> <br> The development team thanks everyone who contributed code to this release: Jakub Senko, MikelAlejoBR, kasimi, Zoddo, v12mike, hubaishan, 3D-I, Matt Friedman, Kailey Truscott, Alec, Alex Miles, Andrii Afanasiev, Anssi Johansson, DSR!, Daniel, Dark?, David Colón, Ioannis Batas, Jim Mossing Holsteyn, Serge Skripchuk, Toxyy, rxu<br> <br> If you have any questions or comments, we'll be happy to address them in the <a href="http://www.dijvjz.live/community/viewtopic.php?f=64&t=2492231" class="postlink">discussion topic</a>.<br> <br> - The phpBB Team Marc Thu, 13 Sep 2018 11:52:58 +0000 http://www.dijvjz.live/community/viewtopic.php?f=14&t=2485636 phpBB 3.2.3 Release Greetings everyone,<br> <br> We are pleased to announce the release of phpBB 3.2.3 "Bertie's long summer". This version is a maintenance release of the 3.2.x branch which fixes various issues reported in previous versions.<br> <br> The fixed issues include, among others, problems when submitting posts with more than one attachment, migrations failing when updating from versions prior to phpBB 3.2.2 and PHP warnings being displayed when editing signatures in the ACP.<br> <br> Notable changes are the dropped support for HHVM (HipHop Virtual Machine) and more prominent links to privacy policy and the terms of use.<br> <br> The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at <a class="postlink">https://wiki.phpbb.com/Release_Highlights/3.2.3</a> and a list of all issues fixed on our tracker at <a class="postlink">https://tracker.phpbb.com/issues/?filter=14490</a><br> <br> <strong class="text-strong">The packages can be downloaded from our <a href="http://www.dijvjz.live/downloads/" class="postlink">downloads page</a>.</strong><br> <br> The development team thanks everyone who contributed code to this release: rxu, hubaishan, JoshyPHP, Rubén Calvo, Akbar, Anssi Johansson, Daniel Mota, Daniel Sinn, FH, GerB, Zoddo, canonknipser, scootergrisen<br> <br> If you have any questions or comments, we'll be happy to address them in the <a href="http://www.dijvjz.live/community/viewtopic.php?f=64&t=2485646" class="postlink">discussion topic</a>.<br> <br> - The phpBB Team 五分彩平台