Hosting phpBB

3.3.1
 (security release)
7 August - 50MBThis version is a maintenance and security release of the 3.3.x branch which fixes one security issue.



Security

Previous versions of phpBB did allow limiting the dimensions of images posted. This could however also be used to e.g. check for the existence of services that should only be accessible from the internal network.



Improvements

Enable/disable mechanism for new profilefield types - Added new enable & disable mechanism for profile field types

Only one email notification per topic - Reduced emails sent as notifications when not having visited topic



Bug Fixes

Slow search on PostgreSQL - Full text search on PostgreSQL was very slow due to accidentally disabled index

Emoji isues - Issues with using emojis in multiple text fields

Delete marked PMs in UCP - Improper form token check resulted in users being unable to delete marked PMs

File lock issues - Failure while acquiring locks on some storage backends resulted in errors while installing phpBB

Reset password error - Resetting a password resulted in an PHP fatal error being thrown



Event Changes

Modify the SQL query that fetches the smilies

This event allows you to modify post data displayed in the MCP

Modify message rows before displaying the history in private messages

Allow filtering the $notify_users array by $notification_type_name for a notification that is about to be sent.

Here, $notify_users is already filtered from users who've already been notified.

Modify error messages generated by the s9e\TextFormatter's logger

Event to modify the SQL query before listing of friends

Event to modify the template before listing of friends

Event to perform additional actions before ucp_notifications is displayed

Event to perform additional actions before ucp_notifications is submitted

Alter the row of the post being quoted when composing a private message

Modify private message

Modify private message data before it is prepared to be displayed

Event to modify the SQL query before obtaining topics/stickies

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2562636






3.3.0
 (major version)
7 January - 50MBThe new phpBB 3.3 Proteus builds upon 3.2 Rhea and is a big step towards a more modern base while maintaining a clear update path.



Highlights

The minimum supported PHP version has been increased to PHP 7.1.3.

Fixed security issues in 3.2.9 are part of this release as well.

[Emoji] Thanks to our BBCode parser your users can now make use of the entire Emoji keyboard when posting on your board. From a lovely grin to a pink unicorn, Emoji can liven up all posts on your board! With phpBB 3.3, support for Emojis has been extended further to also support them in other parts like topic titles.

[PHP 7 Support] PHP 7 works twice as fast as previous PHP versions. We have modified phpBB to now completely support the latest releases of PHP (7.1 to 7.4) so you can enjoy all these performance advantages.

[Clever Quotes] We've improved the quoting system to show a link to the quoted post and post author. The full time and date of the quoted post is now also available to get all the information in one glance. 

[Notifications] With us completely refactoring the notifications system in phpBB 3.2, notifications now work faster and more efficiently. This change also reduces the posting time to be almost instantaneous. 

[Icons] Using CSS driven icons from FontAwesome, we now have more intuitive icons with retina quality all across phpBB as well as considerably improving the speed of page loads. 

[Symfony] Having introduced Symfony components in our previous releases, phpBB 3.3 has now upgraded to be built on Symfony 3.4 allowing us to use their latest cutting-edge developments.

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2534541






3.2.8
 (security release)
22 September 2019 - 50MBThis version is a maintenance and security release of the 3.2.x branch.



Security Issue

CSS injection via BBCode tag

Missing form token check when handling attachments

Missing form token check when managing BBCodes

Disable MySQLi local infile to prevent local file inclusion

Add Referrer-Policy header



Bug Fixes

Permission settings do not take affect when set using All YES/NO/NEVER

PHP error (Array to string conversion) on new user registration if email address is banned and " Reason shown to the banned" is empty

Missing word in 'AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED'

External accounts can be linked to more than one local account

Check language input for group

Emoji characters in forum name causing SQL errors

Group rank not displaying on memberlist_body

Unicode Characters in Attachment Comment Causes mySQL Error

Users can delete their attachments in the UCP, even if the post is locked

SMTP support for TLS is forcing use of deprecated TLS 1.0

The link "Back to previous page" can redirect to another page, not the previous one

Changing account settings without changing password resets user_passchg

Q&A captcha plug-in still throws PHP 7.2.x countable warning

Post count not updated when deleting only post in topic

Recognize number of Template Event instances in events.md file

Topic Icon with space in filename isn't displayed by viewforum_body.html

Unable to restore any backup from ACP

PHP warning in MCP banning tab on PHP 7.2+

BBCodes using {TEXT} in HTML tags no longer work

Style templates no longer able to login "from any page."

Unable to login using Oauth via Forums, topics or posts

Migrator never drops unique indexes

board_dst config value is not removed from config table after conversion

Banned or suspended user receives "The submitted form was invalid. Try submitting again."

Undefined index for custom attachments groups

Fix warning in ACP version check

Twemoji -fe0f sequence not rendering

PM filter “sent to my default usergroup” triggers array to string conversion warning

Warnings When a Style exists on database but not on FTP

Attach row template always gets displayed with JS disabled

MySQL full text search always uses MyISAM limits

Incorrect users search by last visit time in memberlist.php

AppVeyor builds fail due to chocolatey being unable to install PHP



Improvements

Exclude group leaders on group member purge

Hardcoded lang in credit line

Group helper functions

Add event - core.posting_modify_row_data

Unambiguous wording in user activation request email to Admin/Moderator

Use of 'Cache-Control: public' for serving files

Provide link to PHP Date Function in both ACP and UCP

Do not prevent username changes in ACP

Deny prosilver's uninstallation

Add core.topic_review_modify_sql_ary

Add 2 template events *_author_username_{append/prepend}

ACP Private Messages: Wording could be better

Remove sudo required from travis config

Undefined index: user_ip in oauth.php

Incorrect docblock parameter types

Remove support for WebSTAR and Xitami

Use chrome webdriver for UI tests

Add core.confirm_box_ajax_before

Add core.viewtopic_gen_sort_selects_before

Add core.posting_modify_post_subject

Add core.pm_modify_message_subject

Add core.mcp_main_before

Add mcp_move_destination_forum_before|after

Add topiclist_row_topic_by_author_before|after

Custom Profile Field visibility is incorrectly explained

Add core.message_history_modify_sql_ary

Add core.mcp_topic_modify_sql_ary

Add 2 mcp_topic_post_author_full_{append/prepend}

Add UI for Mass email $max_chunk_size

The attachment's ALT tag is supposed to describe the image, not the file.



Tasks

Define trusty build environment for travis builds

Update composer dependencies to latest

The text input for poll question has a too high maxlength attribute

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2523271






3.2.7
 (security release)
6 May 2019 - 50MBThis version is a maintenance and security release of the 3.2.x branch which fixes two security issues, introduces further hardening, and resolves various issues reported in previous versions.



Notable Bug Fixes

Cookies for domains with special chars - Added support for cookies on domains with special characters [1]

Support Q&A plugin on MySQL 5.7 - An SQL query in the Q&A plugin failed to execute while using MySQL 5.7 [2]

Form token in login forms - Some login forms were missing form tokens and older styles did not support logging in [1][2]

Inability to change topic type - A missing event dispatcher caused an internal server error when changing topic types [3]

View PM folder broken - An incorrect PM state caused an undefined index error [4]

URL links incorrectly shortened - Links were incorrectly shortened when posted inside the [url=] BBCode [5]



Notable Changes

Update dependencies to latest versions - Updated dependencies like Symfony and the TextFormatter to their latest versions [3][4]

Deny installations of 3.2 on PHP 7.3 - Due to the dependencies used in phpBB 3.2 and its minimum PHP version 5.4.7, it's currently not possible to run phpBB 3.2 on PHP 7.3 [5]



Hardening

Remove support for backup download - Removed support for downloading database backups via the ACP UI. This is to prevent the possibility of a database compromise on gaining access to a founder account [6]

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2496526



display more versions




3.2.5

18 April 2019 - 50MBSecurity

[SECURITY-229] - Update to latest version of jQuery 1.x and add ajax prefilter



Highlights

Modify the topic ordering if needed

Modify the topic sort ordering from the beginning

Modify the forum ID to handle the correct display of viewtopic if needed

Add show_user_activity to display_user_activity_modify_actives

Event to add/modify MCP report details template data.

Add attachment to core.ucp_pm_view_message

Modify attachment's poster_id for get_submitted_attachment_data



Bug Fixes

Update link to user guide

Call to undefined $user in phpbb_format_quote() when BBCodes are disabled

SQL general error on DB update from 3.0 branch

MSSQL implementation crashes when upload directory > 2GB

Unapproved User(s) appearing as Guest in Team Page.

Contact form without class

PHP 7.1+ warning in ACP extensions module

BBCode parsing error (PHP fatal error)

Login keys are not reset after password update in some cases

Some JS files being called without assets version

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2496526






3.2.4
 (security release)
18 November 2018 - 50MB3.2.4



Enhancement

Updated dependencies - Updated dependencies to latest versions, e.g. Symfony, Twig

Added list-unsubscribe header - Added list-unsubscribe header to emails [1]

Username not required for "forgot password" - Specifying the username is no longer required for using the "forgot password" functionality [2]



Bug Fixes

PHP 7.2 issues - Several warnings and incompatibilities when using phpBB 3.2 on PHP 7.2 [3][4][5]

Removing users multiple times from newly registered - Fixed a bug that prevented users from being removed multiple times from newly registered user group [6]



Changes

Events can use twig syntax - Template events can now employ the twig syntax [7]



3.2.3



Highlights

Updated dependencies - Updated dependencies to latest versions, e.g. Symfony, Twig

Extension version check supports newer TLS versions - The extension version check will now also support newer TLS versions



Bug Fixes

Previewing / submitting posts with more than one attachment - Attachments were lost after re-submitting post

Sub-SELECTs in sql_build_query() - The sql_build_query() method had issues was unable to add sub-SELECTs in queries

Multiple issues with migrations added in 3.2.2 - The fix_user_styles and merge_duplicate_bbcodes migrations had multiple issues that prevented successful updates

Issues with signature edit in ACP - Mixed function parameters caused the ACP to show PHP warnings



Changes

HHVM support dropped - phpBB will no longer support HHVM

More visible links to privacy policy and terms - Links to privacy policy and terms of use are prominently displayed in the footer. Link to privacy policy can be overridden with an event

Updated Symfony and other 3rd party libraries - Symfony and other 3rd party libraries have been updated to their latest versions

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2492206






3.2.2
 (security release)
10 January 2018 - 50MBHighlights

PHP 7.2 supported - PHP 7.2 is now officially supported by phpBB 3.2

Minimum expected PHP version changed to 5.4.7

Memcached support - phpBB now supports memcached caching



Enhancements

Updated dependencies - Updated dependencies to latest versions, e.g. Symfony, Twig



Bug Fixes

Password updater working with PostgreSQL - The cron for updating legacy password hashes was running invalid queries on PostgreSQL

Deleting orphaned attachments w/ large number of orphaned attachments - Orphaned attachment deletion was improved to be able to delete them when a large number of orphaned attachments exist

Multiple bugfixes for retrieving image size - Multiple issues with retrieving the image size of JPEGs & temporary files were resolved

Issues with updating from phpBB < 3.0.6 - Inconsistencies in the way parent modules were treated caused issues with updating from older phpBB 3.0 versions

Forum / topic icon blurriness - Fixed issues with forum and topic icons looking blurry on some browsers

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2453381






3.2.1

1 August 2017 - 15MBNew Features

Version check supports branches - Both the phpBB and extension version check now support branches



Enhancements

Updated dependencies - Updated dependencies to latest versions, e.g. Symfony, Twig



Notable Bug Fixes

Invalid constructor in FTP file updater - The invalid constructor prevented using the FTP file updater

Multiple issues in text formatter - This caused e.g. issues with some smilies and BBCodes

Fix migration dependency preventing update from before phpBB 3.0.6 - Migration to 3.2.0 didn't check dependency correctly for upgrades from pre 3.0.6 versions



Notable Changes

High-res icons in prosilver - prosilver is now using higher res images for the imageset icons

Read more: https://wiki.phpbb.com/Release_Highlights/3.2.1






3.2.0
 (major version)
10 January 2017 - 15MBThe new phpBB 3.2 Rhea builds upon 3.1 Ascraeus, upgrading the experience for users, administrators, and developers. The new BBCode parser adds support for all the emojis you've been using on mobile devices, the new font awesome integration adds retina quality icons to prosilver, and the quoting feature has been enhanced. Together with Symfony 2.8, an improved integration of the twig template engine, and full support for both PHP 7.0 and 7.1, we have increased extensibility of phpBB 3.2 while reducing development time.
Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2399606






3.1.12
 (security release)
10 January 2018 - 15MBHighlights

Memcached support - phpBB now supports memcached caching



Bug Fixes

Password updater working with PostgreSQL - The cron for updating legacy password hashes was running invalid queries on PostgreSQL

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2453376






3.1.11

2 August 2017 - 15MBNew Features

Version check supports branches - Both the phpBB and extension version check now support branches



Notable Changes

Words in topic title found after topic split - Words in topic title can now be searched for directly after splitting topics

Pagination for IP tables and post info - Added pagination to IP tables and post info on postdetails page



Notable Bug Fixes

Prevent duplicate migrations due to invalid names - Some migrations incorrectly specified leading backslashes. These are now properly handled.

Ensure query start is always set - This previously prevented updates from earlier versions using PostgreSQL

Invalid ORDER_BY definition in PMs - The UCP PM view folder page was using an invalid ORDER_BY definition that resulted in missing PM ordering.

Read more: https://wiki.phpbb.com/Release_Highlights/3.1.11






3.1.10
 (security release)
26 October 2016 - 15MBThis version is a maintenance and security release of the 3.1.x branch which fixes one trivial security issue and various smaller bugs. The security issue only affects users using no longer supported versions of browsers as well as improperly setup webservers (thanks to Lukas Reschke of Nextcloud for reporting this). The bugfixes address the Q&A captcha logging errors when it was solved, fatal errors when upgrading from 3.0.x in certain cases, and database transactions not being rolled back with incorrect notification settings. Other changes include an improved migrator and hardened form checking in the Admin Control Panel.



New Features

Check phpBB version constant against config version - Display a warning in the ACP if the version constant (files) does not match the phpbb_config version
Support extensions in UI tests - UI tests now also support installing extensions and testing their behavior


Notable Changes

Improved migrator - The migrator will now properly prevent timeouts and infinite loops. It will no longer unexpectedly try to revert update_data() implementations using "if": https://www.phpbb.com/community/viewtopic.php?f=461&t=2383821
Dropped support for MySQL versions improperly implementing FULLTEXT support - Some MySQL versions used improper implementations of FULLTEXT support. Versions with correct support are now required: https://github.com/phpbb/phpbb/pull/4426
Users removed from newly registered group when limit set to 0 posts - Users will now be able to exit the newly registered users group when the limit is set to according to the setting's definition in the ACP.
Further hardened checking links and form submissions - Added link hashes and form keys to all forms in the ACP that were still relying on global ACP form protections.


Notable Bug Fixes

Prevent MySQL error when looking at your posts - Wrong column was selected in certain cases.
Q&A CAPTCHA no longer logs error when solved - A change in 3.1.9 caused the CAPTCHA to log an error even though it was solved.
Min/max form values no longer preventing update of avatar settings - The newly introduced form validation on the html side will no longer report invalid min/max settings when updating avatar settings.
Fixed fatal error when upgrading from 3.0.x - Fixed error when upgrading from version with softdelete MOD installed.
Limit prunes per cron for large forums - Prunes on large forums were not limited. This could cause the prune query to fail at an unspecified point in time and leave topics unpruned.
Rollback transactions in notifications manager - Fixed issues with not rolled back transactions when using non-existent notification types

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2389426






3.1.9

17 April 2016 - 15MBThis version is a maintenance release of the 3.1.x branch which fixes various smaller bugs including improper column defaults for new table columns in MSSQL, issues with the updater while using caches that are not file based, as well as duplicate emails being sent by the email queue due to opcache, and attached images not being displayed in the expected order when adding them inline. It also adds support for X-Forwarded headers for upgrading non-SSL connections to SSL and allows extension authors to disable sending headers on Extension pages served via app.php.



New Features

Respect X-Forwarded-Headers for upgrading non-SSL to SSL connection - Proxy's request to upgrade users to using SSL instead of non-SSL communication will be correctly respected (e.g. when using HAproxy). This requires default ports for SSL and can only be used for upgrading from non-SSL to SSL and not to downgrade from SSL to non-SSL.
Disable sending headers - Extension authors can disable sending headers in the page_header() function and the controller helper's render() method


Notable Changes

Q&A fallback to non-default language questions - Q&A will try to fall back to Q&A combos that are not the current or default language if it's enabled and no valid Q&A set for the current or default language are set. If this is not possible, the captcha system will throw an error and prevent registrations without filling out the captcha caused by the invalid setup and misconfiguration.


Notable Bug Fixes

Removed automatic approve of unapproved posts - Editing an unapproved post as a moderator will no longer automatically approve it.
Email queue not cached by opcache - Email queue won't be cached by opcache anymore. This caused issues with dulicate emails.
Correct column default in MSSQL - Database column default will no longer be incorrectly escaped in MSSQL (caused upgrade issues for 3.0.x to 3.1.x)
Modified since for files served with download/file.php - The modified since header was not correctly served
File update when using non-file based cache - Admins updating when using caches like memcache no longer see the comparing files page over and over again when looking at file changes
Attachments display according to the correct BBCode ID - Attachments displayed now correctly correspond to the ones defined by the attachment BBCodes that were added using the frontend

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2368586






3.1.8

24 February 2016 - 15MBThis version is a maintenance release of the 3.1.x branch which fixes various smaller bugs including users not automatically being removed from the Newly Registered Users group and permanent deletion of posts not working from View Topic pages. It also adds support for using https in the Extensions version check.



Notable Changes

Extension Version Check now supports https


Notable Bug Fixes

Users were not removed from Newly Registered Users group
Permanent deletion of posts did not work

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2360031






3.1.7-PL1

11 January 2016 - 15MBThis version is a maintenance and security release of the 3.1.x branch which fixes various smaller bugs including periodic failures with sqlite3 databases, improper handling of avatar gallery subfolder paths, and "Select All" functionality on the Edge browser in the code BBCode.



Security and Hardening

Includes proper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack would only have been possible if an attacker also managed to retrieve the session id of a reauthenticated administrator prior to targeting them.


New Features

Add "mark topics read" link to "View unread posts"
Function submit_post() now takes non-default post_time into account
Added row highlighting to extensions and style management


Notable Changes

Pages served from app.php can now disable update of session page
PHP 7.0 support is now properly stated in package


Notable Bug Fixes

Avatar gallery subfolder paths are correctly handled now
Handle periodic failure of sqlite3
Properly handle "Select All" in code BBCode in Edge Browser

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2352606






3.1.6
 (security release)
12 September 2015 - 15MBThis version is a maintenance and security release of the 3.1.x branch which fixes various smaller bugs including jumping to specific pages in long topics, problems with using Content Delivery Networks for static assets, and notably updates the embedded Twig and PLUpload libraries.



Security and Hardening

Update Twig and PLUpload to the newest minor versions.


New Features

Automatically remove inner quotes when the nesting is too deep
Add links to the Customisation Database to the Extensions, Styles and Language tab in the ACP


Notable Bug Fixes

Fix jump to page option
Fix missing fonts when using the CDN option

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2335426






3.1.5
 (security release)
17 June 2015 - 15MBThis version is a maintenance and security release of the 3.1.x branch which fixes one content permission issue and a number of bugs, as well as adds new events as entry points for extensions to modify phpBB's behaviour.



Security and Hardening

Hardening: Use autocomplete=off for password fields
Hardening: Do not populate password fields in the ACP settings with the old password - Thanks Fortify Open Source Review for suggesting
Content Permissons: Post subjects from protected subforums were listed incorrectly on the forum index in the following two scenarios: 1. Forum that has no forum password has a subforum with a password. 2. Forum with read permissions has a subforum without read permissions "Can read forum", but with list permissions "Can see forum" - Thanks 5hocK for suggesting


New Features

Events - More events have been added to the template and the php core


Notable Bug Fixes

Printing topics with webkit - Properly display background images when printing with webkit browser
Language files for xCP modules - Adding multiple language files for acp/mcp/ucp modules was incorrectly handled for extensions
Several Controller Fixes - AJAX responses did not support exceptions messages, AJAX responses did not support meta_refresh and redirect

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2321676






3.1.4
 (security release)
4 May 2015 - 15MBThis version is a maintenance and security release of the 3.1.x branch which fixes one minor security issue and a number of bugs.



Security and Hardening

Security: An insufficient check allowed users of the Google Chrome browser to be redirected to external domains (e.g. on login). Thanks to Mathias Karlsson (avlidienbrunn) for bringing this to our attention.
Hardening: The HTTP protocol version received via SERVER_PROTOCOL is now verifed to have the expected format. See PHPBB3-13765.


New Features

Events: More events have been added to the template and the php core


Notable Bug Fixes

Version check of extensions: File caching of extensions' version check file doesn't work
Fix links from /board: Append page name to base url if it doesn't contain it and the path ends without a trailing slash

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2313941






3.1.3
 (security release)
1 February 2015 - 15MBThis version is a maintenance and security release of the 3.1.x branch which fixes one security issue, a number of bugs, and adds new events as entry points for extensions to modify phpBB's behaviour.



In 3.1.x we no longer consider it acceptable for administrators to have system access through the administration control panel. It was previously possible for an administrator on a forum to use the ImageMagick binary path setting to execute code on the server.



Security and Hardening

Hardening of imagick path - Existence of the path to the imagick program specified in the Administration Control Panel is now verified.


New Features

Events - More events have been added to the template and the php core
Support for IDN (IRI) Urls - Urls in BBCodes, posts and profile fields can now contain UTF8 characters
Migrations can now use DI - Migrations can now use the container to access additional objects


Notable Bug Fixes

Canonical URLs sort parameters removed - In order to produce less duplicate pages, the sort parameters have been removed from the canonical URLs
Multiple bugs while updating - Quite some bugs in the database update scripts have been fixed
Boolean profile fields on PostgreSQL - Boolean profile fields can now be created again
UTF8 characters in attachment names - Attachments with UTF8 characters in their file name can now be uploaded again

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2293451






3.1.2
 (addendum 1)
10 December 2014 - 15MBApplications:

Install, Update and Edit: Updated languages for phpBB 3.1.x: Arabic, Catalan, Danish, Dutch, German, Spanish, French, Gaelic, Italian, Portuguese, Russian, Turkish, Chinese Simplified, and Chinese Traditional.






3.1.2
 (security release)
25 November 2014 - 15MBThis release includes a number of improvements as well as fixes for two minor security vulnerabilities that we identified ourselves. Please update your phpBB 3.1 installation as soon as possible.



We resolved problems with redirects to incorrect URLs following confirmation screens that we introduced with the security fix in 3.1.1. A large number of the bug fixes and improvements relate to the update process from phpBB 3.0 Olympus to 3.1 Ascraeus and we are confident that the process now works more smoothly for anyone looking to update.



Through specifically crafted requests with an XMLHttpRequest header it was possible to trigger an infinite loop in a phpBB routine which may end up consuming a large amount of resources on a server running phpBB 3.1.1. Further, once you installed an extension, its authors were able to load additional HTML in the extensions administration interface through the version check file which would only be exploitable by malicious extension authors. Independent of this particular problem we recommend you only install extensions made available in the extension database on http://www.phpbb.com as they go through a security audit by the extensions team before they are published.
Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2278081






3.1.1
 (security release)
3 November 2014 - 15MBThis release addresses a minor vulnerability as well as several usability issues that have been brought to our attention. If you installed phpBB 3.1.0, please update to 3.1.1.



Firstly, despite our best efforts and a full security audit of the 3.1 codebase by SektionEins, Dingjie Yang of Qualys, Inc. discovered an XSS vulnerability that may be utilized against users of older browsers. Our tests indicate that this does not seem to affect major browsers released after 2009, making all browsers officially supported by phpBB 3.1 immune and around 99.9% of phpBB.com visitors unaffected. Nevertheless, we are not taking any chances and urge everyone to update. Thanks to Mr. Yang for bringing this to our attention.



Secondly, we are removing the "Send a copy of this email to yourself" feature from the contact page for guests to avoid it being used for sending undesired emails from the board.



Lastly, we are fixing several usability issues that were preventing some users from having a smooth experience while updating from 3.0 to 3.1. The notable ones are:

If a user's selected style no longer exists, attempt to reset to an existing style.
Fix auth provider errors for forums that migrated from other forum software.
Improve and correct update instructions and documentation.

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2270766






3.1.0
 (major version)
29 October 2014 - 15MBWith the help of hundreds of volunteers, we have created the best and most modern version of phpBB yet: 3.1 Ascraeus. It features many improvements for users, administrators, and developers alike. Its new responsive theme takes phpBB into the modern mobile world, OAuth logins and Gravatars improve phpBB's integration into the social web, and a new notification system makes it easy to keep apprised of all that's going on.



What's New

Extensions
Simplified Updating
Responsive Theme
Notification System

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2268866






3.0.14
 (security release)
4 May 2015 - 15MBThis version is a maintenance release fixing one security issue and various bugs.



Security and Hardening

Security: An insufficient check allowed users of the Google Chrome browser to be redirected to external domains (e.g. on login). Thanks to Mathias Karlsson (avlidienbrunn) for bringing this to our attention.
Hardening: The HTTP protocol version received via SERVER_PROTOCOL is now verifed to have the expected format. See PHPBB3-13765.


Notable Changes and Bug Fixes

The path to imagick is now correctly verified as an absolute path instead of a relative path. See PHPBB3-13568.
download/file.php no longer sends a Content-Length header when issuing "304 Not Modified". See PHPBB3-13414.

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2313941






3.0.12

28 September 2013 - 15MBThis version is a maintenance release fixing various bugs but not adding any new features. We have updated the list of bots/spiders, further improved compatibility with recent PHP versions, and support MySQL fulltext search on InnoDB for those MySQL versions which provide it. The custom BBCode token LOCAL_URL has been modified to operate closer to its description. If you have any custom BBCodes using the token you should test if the custom BBCode still functions correctly or if you need to replace the token with the new RELATIVE_URL token. Moderators are no longer exempt from post approval, instead the permission "Can post without approval" is applied as it is for all other users. We now reject very long password inputs immediately to save on resources during password checks.



Improvements

[PHPBB3-8743] - New topic / reply notifications do not contain author's name.
[PHPBB3-10050] - subsilver2: Do not show "Mark topics as read" when there are no topics
[PHPBB3-10205] - More informative reporting of errors when database connection fails (MySQL and others)
[PHPBB3-10716] - PHP-parse all php files as part of the test suite
[PHPBB3-10841] - Disable style and language selectors if there's only one installed.
[PHPBB3-10854] - sql server drop default constraint when dropping column
[PHPBB3-10865] - Updated and Added to docs/./../support/documents.php?mode=install&version=3&sid=17847f32a6ffaa391bf94218dcfa0635
[PHPBB3-10873] - Change language entry for deleted PMs
[PHPBB3-10981] - Upgrade Goutte and use Composer for Installation
[PHPBB3-11131] - Phrasing and semantics of Board settings
[PHPBB3-11162] - Get rid of $db->sql_return_on_error(true) trickery when splitting/merging topics
[PHPBB3-11192] - Add Tebibyte to get_formatted_filesize()
[PHPBB3-11202] - Add response status checks to functional tests
[PHPBB3-11220] - Improve tooltip explaining the [list=] - BBcode
[PHPBB3-11238] - Specify goutte version
[PHPBB3-11285] - Use more granularity in dependency checks in compress test
[PHPBB3-11293] - Prefer mysqli over mysql due to php 5.5 alpha 2 deprecating mysql
[PHPBB3-11294] - Update extension list in running tests doc
[PHPBB3-11368] - Latest pm reports row count
[PHPBB3-11583] - InnoDB supports FULLTEXT index since MySQL 5.6.4.
[PHPBB3-11740] - Update link in FAQ to Ideas Centre
[PHPBB3-11873] - Prevent expensive hash computation in phpbb_check_hash() by rejecting very long passwords

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2200921






3.0.11

25 August 2012 - 15MB





3.0.10

2 January 2012 - 15MB





3.0.9

11 July 2011 - 15MB





3.0.8

20 November 2010 - 15MB





3.0.7-PL1

6 March 2010 - 15MB





3.0.7

1 March 2010 - 3MB





3.0.6

20 November 2009 - 3MB





3.0.5

1 June 2009 - 3MB





3.0.4

15 December 2008 - 3MB





3.0.3

12 November 2008 - 3MB





3.0.2

15 July 2008 - 3MB





3.0.1

12 April 2008 - 3MB





3.0.0
 (major version)
1 February 2008 - 3MB





2.0.23

27 February 2008 - 3MB





2.0.22

28 December 2006 - 3MB





2.0.21

11 June 2006 - 3MB





2.0.20

7 April 2006 - 3MB





2.0.19

2 November 2005 - 3MB





2.0.18b

1 November 2005 - 3MB





2.0.17b

15 September 2005 - 3MB





2.0.17

29 July 2005 - 3MB





2.0.16

29 June 2005 - 2MB





2.0.15

8 May 2005 - 1MB





2.0.14

24 April 2005 - 1MB





2.0.13

18 March 2005 - 1MB





2.0.11

9 January 2005 - 1MB





2.0.10

24 July 2004 - 1MB





2.0.9

3 April 2004 - 1MB





2.0.8a

3 April 2004 - 2MB





2.0.7

3 April 2004 - 2MB