Latest phpBB.com announcements This feed displays the latest announcements at phpBB.com. http://www.dijvjz.live/community/viewforum.php?f=14 Latest phpBB.com announcements http://www.dijvjz.live/assets/images/images/logo_phpbb.png http://www.dijvjz.live/community/viewforum.php?f=14 Paul Mon, 23 Sep 2019 16:02:52 +0000 http://www.dijvjz.live/community/viewtopic.php?f=14&t=2523636 Server Maintenance Hello,<br> <br> Today, Monday September 23rd from 9:00 PM (UTC) until 11:00 PM (UTC) we will be performing some maintenance on the infrastructure that powers <a href="http://www.dijvjz.live" class="postlink">www.dijvjz.live</a> and several subdomains of phpbb.com. <br> <br> This downtime applies to our various sites, including, but not limited to:<br> <a href="http://www.dijvjz.live" class="postlink">http://www.dijvjz.live</a><br> <a href="https://area51.phpbb.com" class="postlink">https://area51.phpbb.com</a><br> <a href="https://tracker.phpbb.com" class="postlink">https://tracker.phpbb.com</a><br> <a href="https://wiki.phpbb.com" class="postlink">https://wiki.phpbb.com</a><br> <br> This downtime will <strong class="text-strong">not</strong> affect any other installation of the phpBB software other than <a href="http://www.dijvjz.live" class="postlink">www.dijvjz.live</a>. However, the version check in your administration control panel might give a temporary error message.<br> <br> Many thanks,<br> <br> The phpBB Team Marc Fri, 20 Sep 2019 19:09:36 +0000 http://www.dijvjz.live/community/viewtopic.php?f=14&t=2523271 phpBB 3.2.8 Release - Please Update Greetings everyone,<br> <br> Today we’re announcing the release of phpBB 3.2.8. This release is dedicated to the memory of Maria Wilhelmina Theodora 'Marian' Verhoog-Wienk [08 October 1958 - 18 September 2019], who you may know as <a href="http://www.dijvjz.live/community/memberlist.php?mode=viewprofile&u=322763" class="postlink">marian0810</a>. Rust in vrede, Marian.<br> <br> This version is a maintenance and security release of the 3.2.x branch which fixes three security issues, introduces further hardening, and resolves various issues reported in previous versions.<br> <br> Previous versions of phpBB did not properly enforce form tokens on two seperate pages which could have been used to trick users into carrying out unwanted actions. We’d like to thank kevinoclam (via HackerOne) and Yuval Kanarenstein of SecuriTeam Secure Disclosure for their report and responsible disclosure. The issues have been assigned CVE-2019-16107 and CVE-2019-13376 respectively.<br> In addition to this, improper validation of BBCode parameters allowed modifying the style attribute and injecting arbitrary CSS into the page. We’d like to thank Hanno B?ck for his report and responsible disclosure. The issue has been assigned CVE-2019-16108.<br> <br> For further hardening phpBB against potential attacks, we have integrated the Referrer-Policy header and disabled the MySQLi local infile setting. The Referrer-Policy header will prevent sending any kind of referrer information to less secure destinations or third party sites while disabling the MySQLi local infile setting will prevent MySQL servers from potentially requesting local files from the client side. These changes were introduced based on input received from Akash Methani and LoRexxar @ knownsec 404Team respectively.<br> <br> The fixed issues include, among others, multiple issues with OAuth logins, improved login form token check that should now work in all templates, restoring the ability to restore database backups, and support for newer TLS versions for SMTP connections on the latest PHP versions.<br> Searching for users by their last visit time has been modified to prevent potentially unwanted results from showing up.<br> <br> In order to help the support team in assessing issues in phpBB, we have now disabled the uninstallation of prosilver. Prosilver can however still be deactivated.<br> <br> The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at <a href="https://wiki.phpbb.com/Release_Highlights/3.2.8" class="postlink">https://wiki.phpbb.com/Release_Highlights/3.2.8</a> and a list of all issues fixed on our tracker at <a href="https://tracker.phpbb.com/issues/?filter=15090" class="postlink">https://tracker.phpbb.com/issues/?filter=15090</a><br> <br> <strong class="text-strong">The packages can be downloaded from our <a href="http://www.dijvjz.live/downloads/" class="postlink">downloads page</a>.</strong><br> <br> The development team thanks everyone who contributed code to this release: 3D-I, Dark?, Jakub Senko, mrgoldy, rxu, Christian Schnegelberger, EA117, kasimi, JoshyPHP, Casey Peel, Nekstati, Nuno Lopes, cclauss, espipj, kinerity<br> <br> If you have any questions or comments, we'll be happy to address them in the <a href="http://www.dijvjz.live/community/viewtopic.php?f=64&t=2523281" class="postlink">discussion topic</a>.<br> <br> - The phpBB Team Marc Sun, 05 May 2019 08:18:21 +0000 http://www.dijvjz.live/community/viewtopic.php?f=14&t=2510666 phpBB 3.2.7 Release Greetings everyone,<br> <br> We are pleased to announce the release of phpBB 3.2.7 "Bertie’s Force Field". This version is a maintenance release of the 3.2.x branch which resolves issues reported in previous versions.<br> <br> The fixed issues include, among others, issues with form token validation during login, the inability to change topic types after posting, an issue with viewing private message folders, and potentially incorrectly shortened URL links when using the <code class="inline">[url=]</code> BBCode.<br> Full backwards compatibility for styles released before phpBB 3.2.6 has been introduced, which will enable logins even though these styles have not yet been updated with the latest style changes.<br> <br> The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at <a href="https://wiki.phpbb.com/Release_Highlights/3.2.7" class="postlink">https://wiki.phpbb.com/Release_Highlights/3.2.7</a> and a list of all issues fixed on our tracker at <a href="https://tracker.phpbb.com/issues/?filter=14993" class="postlink">Issues fixed in 3.2.7</a><br> <br> <strong class="text-strong">The packages can be downloaded from our <a href="http://www.dijvjz.live/downloads/" class="postlink">downloads page</a>.</strong><br> <br> The development team thanks everyone who contributed code to this release: JoshyPHP, Matt Friedman, mrgoldy, EA117<br> <br> If you have any questions or comments, we'll be happy to address them in the <a href="http://www.dijvjz.live/community/viewtopic.php?f=64&t=2510671" class="postlink">discussion topic</a>.<br> <br> - The phpBB Team Marc Mon, 29 Apr 2019 07:45:15 +0000 http://www.dijvjz.live/community/viewtopic.php?f=14&t=2509941 phpBB 3.2.6 Release - Please Update Greetings everyone,<br> <br> We are pleased to announce the release of phpBB 3.2.6 "You Know Nothing, Bertie Snow". This version is a maintenance and security release of the 3.2.x branch which fixes two security issues, introduces further hardening, and resolves various issues reported in previous versions.<br> <br> Previous versions of phpBB allowed users to run searches that might result in long execution times and load on larger boards when using the fulltext native search engine. To combat this, we have now introduced further restrictions on search queries. We’d like to thank Snover for his report and responsible disclosure. The issue has been assigned CVE-2019-9826.<br> In addition to this, another edge case that allowed testing for the existence of files and services on the local network of the host using the remote avatar functionality was resolved. Due to the nature of the remote avatar functionality, it’s not possible to cover all potential accesses to the local network. Therefore we have decided to deactivate this feature in this update and admins will be shown a warning of the potential side effects in the Admin Control Panel if they want to re-enable it. The functionality itself will be removed in the next minor feature release. We’d like to thank Do Ha Anh of Viettel Cyber Security for his report and responsible disclosure.<br> <br> The hardening introduced are among others the removal of the functionality to download database backups, further validation on administrative input in the Admin Control Panel, and the addition of form tokens to the login box. Most of these changes have been introduced to reduce the potential impact of admin account compromises or rogue administrators.<br> <br> In our endeavours to deliver the most secure forum solution we have decided to further our reach in the security industry by joining the security platform <a href="https://www.hackerone.com/" class="postlink">HackerOne</a>.<br> Some of the security improvements in this release are already the result of running a pilot program. We’ll soon change to a public program to allow submissions from everyone and add another way to easily report security issues. Until then security issues can be reported to the <a href="https://tracker.phpbb.com/projects/SECURITY" class="postlink">Security Tracker</a> or by emailing to security [at] phpbb.com.<br> <br> The fixed issues include, among others, support for cookies on domains with special chars, support for the Q&A plugin on MySQL 5.7, as well as preventing the installation of phpBB 3.2 on PHP 7.3. Full PHP 7.3 compatibility will be included in phpBB 3.3.<br> <br> The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at <a href="https://wiki.phpbb.com/Release_Highlights/3.2.6" class="postlink">https://wiki.phpbb.com/Release_Highlights/3.2.6</a> and a list of all issues fixed on our tracker at <a href="https://tracker.phpbb.com/issues/?filter=14992" class="postlink">https://tracker.phpbb.com/issues/?filter=14992</a><br> <br> <strong class="text-strong">The packages can be downloaded from our <a href="http://www.dijvjz.live/downloads/" class="postlink">downloads page</a>.</strong><br> <br> The development team thanks everyone who contributed code to this release: 3D-I, mrgoldy, battye, Jakub Senko, kasimi, GanstaZ, jasonmarlin, AJ Quick, Alec, JoshyPHP, dhruveshk, rxu, Alfredo Ramos, Dark?, Nuno Lopes<br> <br> If you have any questions or comments, we'll be happy to address them in the <a href="http://www.dijvjz.live/community/viewtopic.php?f=64&t=2509956" class="postlink">discussion topic</a>.<br> <br> - The phpBB Team Marc Sat, 22 Dec 2018 16:35:58 +0000 http://www.dijvjz.live/community/viewtopic.php?f=14&t=2496526 phpBB 3.2.5 Release Greetings everyone,<br> <br> We are pleased to announce the release of phpBB 3.2.5 "Bertie's Secret Santa". This version is a maintenance release of the 3.2.x branch which fixes various issues reported in previous versions.<br> <br> The fixed issues include, among others, a BBCode parsing regression in the <code class="inline">generate_text_for_display()</code> function, a missing variable cast on the ACP extensions page, as well as a fix to how the assets version gets appended to JavaScript files included via <code class="inline">INCLUDEJS</code>.<br> <br> The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at <a href="https://wiki.phpbb.com/Release_Highlights/3.2.5" class="postlink">https://wiki.phpbb.com/Release_Highlights/3.2.5</a> and a list of all issues fixed on our tracker at <a href="https://tracker.phpbb.com/issues/?filter=14890" class="postlink">https://tracker.phpbb.com/issues/?filter=14890</a><br> <br> <strong class="text-strong">The packages can be downloaded from our <a href="http://www.dijvjz.live/downloads/" class="postlink">downloads page</a>.</strong><br> <br> The development team thanks everyone who contributed code to this release: 3Di, rxu, Alec, hubaishan, Dark?, Jakub Senko, Jim Mossing Holsteyn, Vinny<br> <br> If you have any questions or comments, we'll be happy to address them in the <a href="http://www.dijvjz.live/community/viewtopic.php?f=64&t=2496571" class="postlink">discussion topic</a>.<br> <br> - The phpBB Team Marc Fri, 16 Nov 2018 19:58:15 +0000 http://www.dijvjz.live/community/viewtopic.php?f=14&t=2492206 phpBB 3.2.4 Release - Please Update Greetings everyone,<br> <br> We are pleased to announce the release of phpBB 3.2.4 "Bertie's ‘stache". This version is a maintenance and security release of the 3.2.x branch which fixes one security issue and various issues reported in previous versions.<br> <br> The security issue was discovered with a new exploitation technique called Phar deserialization. An attacker with control over a founder admin account could escalate to remote code execution by abusing PHP’s default unserialization of metadata in Phar files. More information about this technique can be found <a href="https://blog.ripstech.com/2018/new-php-exploitation-technique/" class="postlink">here</a>.<br> In order to fix this issue we’ve removed the ability to define absolute paths in the Admin Control Panel. This resulted in the removal of setting the ImageMagick path, so make sure to have the GD image library available instead. A new event to generate thumbnails was added as replacement, so you’re able to write an extension that uses a different image library to generate thumbnails. We would like to thank Simon Scannell and Robin Peraglie of RIPS Technologies for their report and responsible disclosure. The issue has been assigned CVE-2018-19274.<br> <br> The fixed issues include, among others, compatibility issues with PHP 7.2 and issues with removing users from the newly registered user group more than once.<br> Among the notable changes are the addition of the list-unsubscribe header to emails sent by phpBB and the ability to reset your password without entering the username.<br> <br> The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at <a href="https://wiki.phpbb.com/Release_Highlights/3.2.4" class="postlink">https://wiki.phpbb.com/Release_Highlights/3.2.4</a> and a list of all issues fixed on our tracker at <a href="https://tracker.phpbb.com/issues/?filter=14790" class="postlink">https://tracker.phpbb.com/issues/?filter=14790</a><br> <br> <strong class="text-strong">The packages can be downloaded from our <a href="http://www.dijvjz.live/downloads/" class="postlink">downloads page</a>.</strong><br> <br> <strong class="text-strong">We recommend following these <a href="http://www.dijvjz.live/support/docs/en/3.2/kb/article/updating-32x/" class="postlink">update instructions</a> for updating your instance of phpBB.</strong><br> <br> The development team thanks everyone who contributed code to this release: Jakub Senko, MikelAlejoBR, kasimi, Zoddo, v12mike, hubaishan, 3D-I, Matt Friedman, Kailey Truscott, Alec, Alex Miles, Andrii Afanasiev, Anssi Johansson, DSR!, Daniel, Dark?, David Colón, Ioannis Batas, Jim Mossing Holsteyn, Serge Skripchuk, Toxyy, rxu<br> <br> If you have any questions or comments, we'll be happy to address them in the <a href="http://www.dijvjz.live/community/viewtopic.php?f=64&t=2492231" class="postlink">discussion topic</a>.<br> <br> - The phpBB Team Marc Thu, 13 Sep 2018 11:52:58 +0000 http://www.dijvjz.live/community/viewtopic.php?f=14&t=2485636 phpBB 3.2.3 Release Greetings everyone,<br> <br> We are pleased to announce the release of phpBB 3.2.3 "Bertie's long summer". This version is a maintenance release of the 3.2.x branch which fixes various issues reported in previous versions.<br> <br> The fixed issues include, among others, problems when submitting posts with more than one attachment, migrations failing when updating from versions prior to phpBB 3.2.2 and PHP warnings being displayed when editing signatures in the ACP.<br> <br> Notable changes are the dropped support for HHVM (HipHop Virtual Machine) and more prominent links to privacy policy and the terms of use.<br> <br> The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at <a href="https://wiki.phpbb.com/Release_Highlights/3.2.3" class="postlink">https://wiki.phpbb.com/Release_Highlights/3.2.3</a> and a list of all issues fixed on our tracker at <a href="https://tracker.phpbb.com/issues/?filter=14490" class="postlink">https://tracker.phpbb.com/issues/?filter=14490</a><br> <br> <strong class="text-strong">The packages can be downloaded from our <a href="http://www.dijvjz.live/downloads/" class="postlink">downloads page</a>.</strong><br> <br> The development team thanks everyone who contributed code to this release: rxu, hubaishan, JoshyPHP, Rubén Calvo, Akbar, Anssi Johansson, Daniel Mota, Daniel Sinn, FH, GerB, Zoddo, canonknipser, scootergrisen<br> <br> If you have any questions or comments, we'll be happy to address them in the <a href="http://www.dijvjz.live/community/viewtopic.php?f=64&t=2485646" class="postlink">discussion topic</a>.<br> <br> - The phpBB Team Noxwizard Sun, 01 Jul 2018 18:54:17 +0000 http://www.dijvjz.live/community/viewtopic.php?f=14&t=2477551 Support for phpBB 3.1.x has ended As per the <a href="http://www.dijvjz.live/community/viewtopic.php?p=14902381#p14902381" class="postlink">previous announcement</a>, support for phpBB 3.1.x has now ended.<br> <br> The support forums have been locked, but are still available in a read-only form for reference in the phpBB Archives section of this board. All download links for phpBB 3.1.x will be removed shortly. If you still need those packages, you will be able to obtain them from <a href="https://sourceforge.net/projects/phpbb/files/phpBB%203.1/" class="postlink">SourceForge</a> or <a href="https://download.phpbb.com/pub/release/3.1/" class="postlink">download.phpbb.com</a>.<br> <br> While support for 3.1.x will not be available, support for converting to 3.2.x will still be available.<br> <br> For those who receive support from an <a href="http://www.dijvjz.live/support/intl/" class="postlink">international support site</a>, they will dictate their own support schedules and you should seek information from them. Marshalrusty Sun, 25 Mar 2018 20:56:54 +0000 http://www.dijvjz.live/community/viewtopic.php?f=14&t=2465631 Google Summer of Code 2018 Student Application Deadline <div class="inline-attachment"><!-- ia0 -->GSoC.png<!-- ia0 --></div> <br> Hi all,<br> <br> <a href="https://summerofcode.withgoogle.com/organizations/6276403641712640/" class="postlink">We're super excited to be participating</a> in the <a href="https://summerofcode.withgoogle.com" class="postlink">Google Summer of Code program</a> for the fifth time. The GSoC program gives students a unique opportunity to work with mentors from established open source projects over the summer months. We had a great time taking part in <a href="http://www.dijvjz.live/community/viewtopic.php?f=14&t=2413581" class="postlink">2017</a>, <a href="http://www.dijvjz.live/community/viewtopic.php?f=14&t=2231996" class="postlink">2014</a>, <a href="http://www.dijvjz.live/community/viewtopic.php?f=14&t=2179054" class="postlink">2013</a>, and <a href="http://www.dijvjz.live/community/viewtopic.php?f=14&t=2153062" class="postlink">2012</a>.<br> <br> The student application deadline is coming up fast, but you still have two more days to submit or finalize a proposal! We're actively standing by to assist anyone having trouble, so please reach out to our team. The best way to do that is via <a href="http://www.dijvjz.live/support/irc/" class="postlink">IRC</a>.<br> <br> A list of suggested ideas can be found here: <a href="http://www.dijvjz.live/development/gsoc/ideas/" class="postlink">http://www.dijvjz.live/development/gsoc/ideas/</a><br> <br> Thanks!<br> <br> The phpBB Team Marshalrusty Sat, 27 Jan 2018 02:57:52 +0000 http://www.dijvjz.live/community/viewtopic.php?f=14&t=2456896 [Security] phpBB 3.2.2 Packages Compromised Earlier today, we identified that the download URLs for two phpBB packages available on phpBB.com were redirecting to a server that did not belong to us. We immediately took down the links and launched an investigation.<br> <br> The point of entry was a third-party site. <strong class="text-strong">Neither phpBB.com nor the phpBB software were exploited in this attack.</strong><br> <br> If you downloaded either the 3.2.2 full package or the 3.2.1 -> 3.2.2 automatic updater package between the hours of <strong class="text-strong">12:02 PM UTC and 15:03 PM UTC on January 26th</strong>, you received an archive modified with a malicious payload. <br> <br> During the course of our investigation, we were able to take steps that should render the malicious code completely inoperable. However, in the unlikely event that multiple versions of the packages exist or that something was missed, we are choosing to leave nothing to chance.<br> <br> As the packages were live for only three hours, we believe that a very small number of users are affected. We therefore ask that you perform the following steps so that we may render personalized assistance:<br> <ol style="list-style-type:decimal"><li>If you believe that you have a malicious package, please email it to <a href="mailto:security@phpbb.com">security@phpbb.com</a> so that we can check it against the version we obtained. We will likewise let you know if it is affected. You may also use the SHA256 checksum found on the <a href="http://www.dijvjz.live/downloads/" class="postlink">downloads page</a> to verify its validity. Do not use the potentially affected package.</li> <li>If you have already used the package to install or update a phpBB forum, please <a href="https://tracker.phpbb.com/projects/INCIDENT/" class="postlink">file an incident report on our tracker</a> and we will assist with removal of the malicious code.</li> <li>The downloads currently available on the <a href="http://www.dijvjz.live/downloads/" class="postlink">downloads page</a> are safe. If you have any doubts whatsoever, download a fresh copy.</li></ol> <br> Our investigation is ongoing and we will provide additional information as it becomes available.<br> <br> <br> Thank you,<br> <br> The phpBB Team<br> <br> -----<br> <br> You may discuss this announcement in it <a href="http://www.dijvjz.live/community/viewtopic.php?f=64&t=2456891" class="postlink">discussion topic</a>. 五分彩平台