FluxBB is an open source forum application. Forked from PunBB in 2008, FluxBB is a popular lightweight forum application, powering forums for Arch Linux and μTorrent.
Backup and restoration
21 June 2016 - 3MBThis release fixes a security vulnerability as well as several bugs, and also contains several small improvements.
In addition, this release contains some minor improvements in the area of CSS and usability, and fixes several smaller bugs.
- bug #792: Profile and signature img
- bug #1012: Incorrect coding login.php
- bug #1017: fix CSS
- bug #1056: Invalidate only feed caches
- bug #1058: hash_equals(): Expected known_string to be a string, null given
- bug #1059: No csrf_token in unsubscibe link of subscription email
- bug #1062: Edit.php and checkboxes
- bug #1068: Wrong description for BBCode
- bug #1072: The DB class for SQLite doesn't maintain string values by default?
- bug #1075: Empty PHP_SELF somewhere
- bug #1078: InnoDB check failed
- bug #1082: Custom title overrides "Banned"
- enhancement #1019: Refactor/move forum_list_plugins to common_admin.php
- enhancement #1025: Display error message inline with login form
- enhancement #1027: Change htmlspecialchars to pun_htmlspecialchars
- enhancement #1064: error() function, PUN_DEBUG and security
- enhancement #1066: For long nicknames
Read more: http://fluxbb.org/forums/viewtopic.php?id=8856
10 November 2015 - 3MBThis release fixes two security issues: The first one allowed attackers to trick moderators into e.g. locking or stickying other topics without noticing. The second change prevents sophisticated timing attacks targeted at e.g. password hashes.
Other changes in this release include several fixes of regressions introduced in the last release, fixes related to the handling of several esoteric HTTP headers, and a fix for a quote bug that broke the forum layout. Finally, if you want to embed your forum in another web page, the relevant HTTP header is now configurable.
Read more: http://fluxbb.org/forums/viewtopic.php?id=8203
24 January 2015 - 3MBThis release fixes a minor security issue in install.php. The installer could be tricked into loading and executing any file named install.php. Abuse of this vulnerability could have only been possible in combination with other security issues that would have allowed an attacker to create files with that name.
As a special present, in this release we made it super-easy to install anti-spam modifications by providing a few hooks where these modifications can hook into. All you will need to do to install this new generation of anti-spam tools is to copy one or two files into certain folders of your FluxBB installation. We hope this change encourages the community to create a broad range of more diverse antispam tools, so that spammers will hit unpredictable obstacles when targetting FluxBB. As an example, I have created a modification that adds Google's new reCAPTCHA system to your registration page. Expect more documentation in the next days.
This release also brings some security hardening, fine-tuning, several small features and usability improvements to your forum.
- Clickjacking attacks should now be prevented by modern browsers
- Direct links to certain actions from notification emails
- Quickly promote users to the next group
- New moderator permission for promoting users
- Streamlined forum creation process
- Improved default styles and dropped support for Internet Explorer 6
- bug #925: Scrollbar in chrome fluxbb1.5.5
- bug #949: Use \r\n for SMTP, FORUM_EOL for others
- bug #951: [url][img] patch doesn't work.
- bug #963: Add rel="prev", rel="next" and rel="canonical"
- bug #969: New TLDs not allowed as valid URLs
- bug #996: Prevent clickjacking attacks
- bug #998: Bug in validate_redirect() function
- bug #1001: Remove setting of values in quickpostform
- bug #1006: [HTB23246] File Inclusion in install.php
- enhancement #57: Making a new forum is a 2 step process
- enhancement #810: Improve unread forums tracking
- enhancement #935: Auto-promotion improvements
- enhancement #936: Add new group permission to allow moderators to promote users
- enhancement #941: Remove obsolete global variables
- enhancement #944: Remove "page 1" when thread or forum has just one page
- enhancement #947: Improve Air/Earth/Fire design
- enhancement #948: Require passwords with at least 6 characters
- enhancement #959: Quick actions from registration email
- enhancement #965: Avoid double redirect when no new posts are found
- enhancement #976: [PATCH] Invalidate updated cache files from PHP's Opcache
- enhancement #992: Drop IE6 support
- enhancement #997: Make random passwords longer
- enhancement #1007: Antispam hooks
- enhancement #1008: Please delete your install.php file
- task #942: Remove obsolete language strings
- task #966: Optimize images in FluxBB core
Read more: http://fluxbb.org/forums/viewtopic.php?id=8203
20 October 2014 - 3MBThis release fixes a critical security vulnerability that could potentially allow clever attackers to take over other user accounts on a FluxBB forum. We also fixed another less severe issue related to redirects in login.php.
- bug #961: Open Redirection Vulnerability
- bug #990: SQL injection in profile.php
Read more: http://fluxbb.org/forums/viewtopic.php?id=8001
display more versions
8 January 2014 - 3MB
- bug #923: Redeclared method error when changing usernames
- bug #940: Cross-site request forgery issues with FluxBB
- enhancement #913: Adding subject if someone hits the preview button
- enhancement #927: Split thread function is... "splitted"
- enhancement #929: Textarea resize
- enhancement #930: Allow non array page titles
- enhancement #934: HTML5 validation
Read more: http://fluxbb.org/forums/viewtopic.php?id=7513
18 November 2013 - 3MB
- bug #884: No horizontal scrollbar in [code]
- bug #887: URLs with user/forum/topic/post ID are broken
- bug #888: Notices in FluxBB 1.5.4
- bug #895: random_pass() might generate URL-unfriendly passwords
- bug #896: No permission without 403
- bug #897: "\r\n" breaks headers in email in certain conditions
- bug #903: UTF8 related fixes
- bug #904: Charset conversion in db_update.php doesn't work
- bug #905: Merging topics hangs when users are subscribed
- bug #911: Triple border in IE11
- enhancement #889: Excess array cell of $lang_install
- enhancement #891: Remove unused line of code in generate_quickjump_cache
- enhancement #902: Miscellaneous
- enhancement #908: Regenerate the users info cache in register.php
- enhancement #919: $page_title in admin_loader.php
- enhancement #921: Disable admin_forums.php form when no categories exist
- enhancement #922: Function do_smilies() and $pun_config
Read more: http://fluxbb.org/forums/viewtopic.php?id=7405
14 August 2013 - 3MBThese releases fix another security issue that allowed attackers to redirect forum users from the attacker's site to any URL on the internet via FluxBB's email contact form. This is a problem as the users might be redirected to a dangerous or inappropriate webpage, even though they assume to visit a trusted site (the forum). Unfortunately, we were not contacted before the vulnerability was published; I still want to thank the Zero Science Lab for the helpful communication after the issue was brought to our attention.
FluxBB 1.5.4 also brings along fixes for a bunch of smaller issues in the 1.5 branch.
Read more: http://fluxbb.org/forums/viewtopic.php?id=7217
22 February 2013 - 3MBThis release fixes a security issue that could allow skilled attackers to guess one of the random tokens that are sent out via email when users have forgotten their passwords.
Read more: http://fluxbb.org/forums/viewtopic.php?id=6916
4 February 2013 - 3MB
Our Web hostings are compatible with
100% SSD Web Hosting
100 GB and +
Free SSL certificates
10 GB of VOD
2 CPU and +
6 Gb (RAM) and +
100% dedicated resources
Infomaniak manages your server
from 29 € / month
Prices in EUR incl. tax