phpBB

phpBB

phpBB is an open source forum application. Initially released in 2000, phpBB is currently the most used free forum application with millions of people using the application every day.

1 click installation phpBB

1 click installation

Easy update phpBB

Easy update

Backup and restoration phpBB

Backup and restoration

Information

Application
forum
Category
Community Building
Current version
3.1.10
Last update
26 October 2016
Languages
English + 25 others

System Requirements

Installation size
15 MB
Database
mysql
Licence
open source
Overview
What's new
Showcase

3.1.10

(security release)
26 October - 15MBThis version is a maintenance and security release of the 3.1.x branch which fixes one trivial security issue and various smaller bugs. The security issue only affects users using no longer supported versions of browsers as well as improperly setup webservers (thanks to Lukas Reschke of Nextcloud for reporting this). The bugfixes address the Q&A captcha logging errors when it was solved, fatal errors when upgrading from 3.0.x in certain cases, and database transactions not being rolled back with incorrect notification settings. Other changes include an improved migrator and hardened form checking in the Admin Control Panel.

New Features
  • Check phpBB version constant against config version - Display a warning in the ACP if the version constant (files) does not match the phpbb_config version
  • Support extensions in UI tests - UI tests now also support installing extensions and testing their behavior

Notable Changes
  • Improved migrator - The migrator will now properly prevent timeouts and infinite loops. It will no longer unexpectedly try to revert update_data() implementations using "if": https://www.phpbb.com/community/viewtopic.php?f=461&t=2383821
  • Dropped support for MySQL versions improperly implementing FULLTEXT support - Some MySQL versions used improper implementations of FULLTEXT support. Versions with correct support are now required: https://github.com/phpbb/phpbb/pull/4426
  • Users removed from newly registered group when limit set to 0 posts - Users will now be able to exit the newly registered users group when the limit is set to according to the setting's definition in the ACP.
  • Further hardened checking links and form submissions - Added link hashes and form keys to all forms in the ACP that were still relying on global ACP form protections.

Notable Bug Fixes
  • Prevent MySQL error when looking at your posts - Wrong column was selected in certain cases.
  • Q&A CAPTCHA no longer logs error when solved - A change in 3.1.9 caused the CAPTCHA to log an error even though it was solved.
  • Min/max form values no longer preventing update of avatar settings - The newly introduced form validation on the html side will no longer report invalid min/max settings when updating avatar settings.
  • Fixed fatal error when upgrading from 3.0.x - Fixed error when upgrading from version with softdelete MOD installed.
  • Limit prunes per cron for large forums - Prunes on large forums were not limited. This could cause the prune query to fail at an unspecified point in time and leave topics unpruned.
  • Rollback transactions in notifications manager - Fixed issues with not rolled back transactions when using non-existent notification types

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2389426

3.1.9


17 April - 15MBThis version is a maintenance release of the 3.1.x branch which fixes various smaller bugs including improper column defaults for new table columns in MSSQL, issues with the updater while using caches that are not file based, as well as duplicate emails being sent by the email queue due to opcache, and attached images not being displayed in the expected order when adding them inline. It also adds support for X-Forwarded headers for upgrading non-SSL connections to SSL and allows extension authors to disable sending headers on Extension pages served via app.php.

New Features
  • Respect X-Forwarded-Headers for upgrading non-SSL to SSL connection - Proxy's request to upgrade users to using SSL instead of non-SSL communication will be correctly respected (e.g. when using HAproxy). This requires default ports for SSL and can only be used for upgrading from non-SSL to SSL and not to downgrade from SSL to non-SSL.
  • Disable sending headers - Extension authors can disable sending headers in the page_header() function and the controller helper's render() method

Notable Changes
  • Q&A fallback to non-default language questions - Q&A will try to fall back to Q&A combos that are not the current or default language if it's enabled and no valid Q&A set for the current or default language are set. If this is not possible, the captcha system will throw an error and prevent registrations without filling out the captcha caused by the invalid setup and misconfiguration.

Notable Bug Fixes
  • Removed automatic approve of unapproved posts - Editing an unapproved post as a moderator will no longer automatically approve it.
  • Email queue not cached by opcache - Email queue won't be cached by opcache anymore. This caused issues with dulicate emails.
  • Correct column default in MSSQL - Database column default will no longer be incorrectly escaped in MSSQL (caused upgrade issues for 3.0.x to 3.1.x)
  • Modified since for files served with download/file.php - The modified since header was not correctly served
  • File update when using non-file based cache - Admins updating when using caches like memcache no longer see the comparing files page over and over again when looking at file changes
  • Attachments display according to the correct BBCode ID - Attachments displayed now correctly correspond to the ones defined by the attachment BBCodes that were added using the frontend

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2368586

3.1.8


24 February - 15MBThis version is a maintenance release of the 3.1.x branch which fixes various smaller bugs including users not automatically being removed from the Newly Registered Users group and permanent deletion of posts not working from View Topic pages. It also adds support for using https in the Extensions version check.

Notable Changes
  • Extension Version Check now supports https

Notable Bug Fixes
  • Users were not removed from Newly Registered Users group
  • Permanent deletion of posts did not work

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2360031

3.1.7-PL1


11 January - 15MBThis version is a maintenance and security release of the 3.1.x branch which fixes various smaller bugs including periodic failures with sqlite3 databases, improper handling of avatar gallery subfolder paths, and "Select All" functionality on the Edge browser in the code BBCode.

Security and Hardening
  • Includes proper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack would only have been possible if an attacker also managed to retrieve the session id of a reauthenticated administrator prior to targeting them.

New Features
  • Add "mark topics read" link to "View unread posts"
  • Function submit_post() now takes non-default post_time into account
  • Added row highlighting to extensions and style management

Notable Changes
  • Pages served from app.php can now disable update of session page
  • PHP 7.0 support is now properly stated in package

Notable Bug Fixes
  • Avatar gallery subfolder paths are correctly handled now
  • Handle periodic failure of sqlite3
  • Properly handle "Select All" in code BBCode in Edge Browser

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2352606

display more versions

3.1.6

(security release)
12 September 2015 - 15MBThis version is a maintenance and security release of the 3.1.x branch which fixes various smaller bugs including jumping to specific pages in long topics, problems with using Content Delivery Networks for static assets, and notably updates the embedded Twig and PLUpload libraries.

Security and Hardening
  • Update Twig and PLUpload to the newest minor versions.

New Features
  • Automatically remove inner quotes when the nesting is too deep
  • Add links to the Customisation Database to the Extensions, Styles and Language tab in the ACP

Notable Bug Fixes
  • Fix jump to page option
  • Fix missing fonts when using the CDN option

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2335426

3.1.5

(security release)
17 June 2015 - 15MBThis version is a maintenance and security release of the 3.1.x branch which fixes one content permission issue and a number of bugs, as well as adds new events as entry points for extensions to modify phpBB's behaviour.

Security and Hardening
  • Hardening: Use autocomplete=off for password fields
  • Hardening: Do not populate password fields in the ACP settings with the old password - Thanks Fortify Open Source Review for suggesting
  • Content Permissons: Post subjects from protected subforums were listed incorrectly on the forum index in the following two scenarios: 1. Forum that has no forum password has a subforum with a password. 2. Forum with read permissions has a subforum without read permissions "Can read forum", but with list permissions "Can see forum" - Thanks 5hocK for suggesting

New Features
  • Events - More events have been added to the template and the php core

Notable Bug Fixes
  • Printing topics with webkit - Properly display background images when printing with webkit browser
  • Language files for xCP modules - Adding multiple language files for acp/mcp/ucp modules was incorrectly handled for extensions
  • Several Controller Fixes - AJAX responses did not support exceptions messages, AJAX responses did not support meta_refresh and redirect

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2321676

3.1.4

(security release)
4 May 2015 - 15MBThis version is a maintenance and security release of the 3.1.x branch which fixes one minor security issue and a number of bugs.

Security and Hardening
  • Security: An insufficient check allowed users of the Google Chrome browser to be redirected to external domains (e.g. on login). Thanks to Mathias Karlsson (avlidienbrunn) for bringing this to our attention.
  • Hardening: The HTTP protocol version received via SERVER_PROTOCOL is now verifed to have the expected format. See PHPBB3-13765.

New Features
  • Events: More events have been added to the template and the php core

Notable Bug Fixes
  • Version check of extensions: File caching of extensions' version check file doesn't work
  • Fix links from /board: Append page name to base url if it doesn't contain it and the path ends without a trailing slash

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2313941

3.1.3

(security release)
1 February 2015 - 15MBThis version is a maintenance and security release of the 3.1.x branch which fixes one security issue, a number of bugs, and adds new events as entry points for extensions to modify phpBB's behaviour.

In 3.1.x we no longer consider it acceptable for administrators to have system access through the administration control panel. It was previously possible for an administrator on a forum to use the ImageMagick binary path setting to execute code on the server.

Security and Hardening
  • Hardening of imagick path - Existence of the path to the imagick program specified in the Administration Control Panel is now verified.

New Features
  • Events - More events have been added to the template and the php core
  • Support for IDN (IRI) Urls - Urls in BBCodes, posts and profile fields can now contain UTF8 characters
  • Migrations can now use DI - Migrations can now use the container to access additional objects

Notable Bug Fixes
  • Canonical URLs sort parameters removed - In order to produce less duplicate pages, the sort parameters have been removed from the canonical URLs
  • Multiple bugs while updating - Quite some bugs in the database update scripts have been fixed
  • Boolean profile fields on PostgreSQL - Boolean profile fields can now be created again
  • UTF8 characters in attachment names - Attachments with UTF8 characters in their file name can now be uploaded again

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2293451

3.1.2

(addendum 1)
10 December 2014 - 15MBApplications:
  • Install, Update and Edit: Updated languages for phpBB 3.1.x: Arabic, Catalan, Danish, Dutch, German, Spanish, French, Gaelic, Italian, Portuguese, Russian, Turkish, Chinese Simplified, and Chinese Traditional.

3.1.2

(security release)
25 November 2014 - 15MBThis release includes a number of improvements as well as fixes for two minor security vulnerabilities that we identified ourselves. Please update your phpBB 3.1 installation as soon as possible.

We resolved problems with redirects to incorrect URLs following confirmation screens that we introduced with the security fix in 3.1.1. A large number of the bug fixes and improvements relate to the update process from phpBB 3.0 Olympus to 3.1 Ascraeus and we are confident that the process now works more smoothly for anyone looking to update.

Through specifically crafted requests with an XMLHttpRequest header it was possible to trigger an infinite loop in a phpBB routine which may end up consuming a large amount of resources on a server running phpBB 3.1.1. Further, once you installed an extension, its authors were able to load additional HTML in the extensions administration interface through the version check file which would only be exploitable by malicious extension authors. Independent of this particular problem we recommend you only install extensions made available in the extension database on http://www.phpbb.com as they go through a security audit by the extensions team before they are published.
Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2278081

3.1.1

(security release)
3 November 2014 - 15MBThis release addresses a minor vulnerability as well as several usability issues that have been brought to our attention. If you installed phpBB 3.1.0, please update to 3.1.1.

Firstly, despite our best efforts and a full security audit of the 3.1 codebase by SektionEins, Dingjie Yang of Qualys, Inc. discovered an XSS vulnerability that may be utilized against users of older browsers. Our tests indicate that this does not seem to affect major browsers released after 2009, making all browsers officially supported by phpBB 3.1 immune and around 99.9% of phpBB.com visitors unaffected. Nevertheless, we are not taking any chances and urge everyone to update. Thanks to Mr. Yang for bringing this to our attention.

Secondly, we are removing the "Send a copy of this email to yourself" feature from the contact page for guests to avoid it being used for sending undesired emails from the board.

Lastly, we are fixing several usability issues that were preventing some users from having a smooth experience while updating from 3.0 to 3.1. The notable ones are:
  • If a user's selected style no longer exists, attempt to reset to an existing style.
  • Fix auth provider errors for forums that migrated from other forum software.
  • Improve and correct update instructions and documentation.

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2270766

3.1.0

(major version)
29 October 2014 - 15MBWith the help of hundreds of volunteers, we have created the best and most modern version of phpBB yet: 3.1 Ascraeus. It features many improvements for users, administrators, and developers alike. Its new responsive theme takes phpBB into the modern mobile world, OAuth logins and Gravatars improve phpBB's integration into the social web, and a new notification system makes it easy to keep apprised of all that's going on.

What's New
  • Extensions
  • Simplified Updating
  • Responsive Theme
  • Notification System

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2268866

Our Web hostings are compatible with
phpBB

Web

Only the Web hosting

100% SSD Web Hosting
100 GB and +
Multisite management
Free SSL certificates
Anti-DDoS protection
10 GB of VOD


Learn more

from 5.75 € / month

Classic

The complete Web+Mail offer

100% SSD Web Hosting
100 GB and +
Multisite management
Free SSL certificates
Anti-DDoS protection
10 GB of VOD


Professional messaging
25 email addresses with unlimited storage


WorkSpace
Online messaging
Instant messaging
Syncing contacts and calendars


Learn more

from 7.42 € / month

Cloud Server

Managed

100% SSD Web Hosting
100 GB and +
Multi-hostings and multisites
Free SSL certificates
Anti-DDoS protection
10 GB of VOD


Power
2 CPU and +
6 Gb (RAM) and +
100% SSD
100% dedicated resources


Management
Infomaniak manages your server


Learn more

from 29 € / month

Prices in EUR incl. tax