Hosting phpBB

3.2.7
 (security release)
6 May - 50MBThis version is a maintenance and security release of the 3.2.x branch which fixes two security issues, introduces further hardening, and resolves various issues reported in previous versions.



Notable Bug Fixes

Cookies for domains with special chars - Added support for cookies on domains with special characters [1]

Support Q&A plugin on MySQL 5.7 - An SQL query in the Q&A plugin failed to execute while using MySQL 5.7 [2]

Form token in login forms - Some login forms were missing form tokens and older styles did not support logging in [1][2]

Inability to change topic type - A missing event dispatcher caused an internal server error when changing topic types [3]

View PM folder broken - An incorrect PM state caused an undefined index error [4]

URL links incorrectly shortened - Links were incorrectly shortened when posted inside the [url=] BBCode [5]



Notable Changes

Update dependencies to latest versions - Updated dependencies like Symfony and the TextFormatter to their latest versions [3][4]

Deny installations of 3.2 on PHP 7.3 - Due to the dependencies used in phpBB 3.2 and its minimum PHP version 5.4.7, it's currently not possible to run phpBB 3.2 on PHP 7.3 [5]



Hardening

Remove support for backup download - Removed support for downloading database backups via the ACP UI. This is to prevent the possibility of a database compromise on gaining access to a founder account [6]

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2496526






3.2.5

18 April - 50MBSecurity

[SECURITY-229] - Update to latest version of jQuery 1.x and add ajax prefilter



Highlights

Modify the topic ordering if needed

Modify the topic sort ordering from the beginning

Modify the forum ID to handle the correct display of viewtopic if needed

Add show_user_activity to display_user_activity_modify_actives

Event to add/modify MCP report details template data.

Add attachment to core.ucp_pm_view_message

Modify attachment's poster_id for get_submitted_attachment_data



Bug Fixes

Update link to user guide

Call to undefined $user in phpbb_format_quote() when BBCodes are disabled

SQL general error on DB update from 3.0 branch

MSSQL implementation crashes when upload directory > 2GB

Unapproved User(s) appearing as Guest in Team Page.

Contact form without class

PHP 7.1+ warning in ACP extensions module

BBCode parsing error (PHP fatal error)

Login keys are not reset after password update in some cases

Some JS files being called without assets version

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2496526






3.2.4
 (security release)
18 November 2018 - 50MB3.2.4



Enhancement

Updated dependencies - Updated dependencies to latest versions, e.g. Symfony, Twig

Added list-unsubscribe header - Added list-unsubscribe header to emails [1]

Username not required for "forgot password" - Specifying the username is no longer required for using the "forgot password" functionality [2]



Bug Fixes

PHP 7.2 issues - Several warnings and incompatibilities when using phpBB 3.2 on PHP 7.2 [3][4][5]

Removing users multiple times from newly registered - Fixed a bug that prevented users from being removed multiple times from newly registered user group [6]



Changes

Events can use twig syntax - Template events can now employ the twig syntax [7]



3.2.3



Highlights

Updated dependencies - Updated dependencies to latest versions, e.g. Symfony, Twig

Extension version check supports newer TLS versions - The extension version check will now also support newer TLS versions



Bug Fixes

Previewing / submitting posts with more than one attachment - Attachments were lost after re-submitting post

Sub-SELECTs in sql_build_query() - The sql_build_query() method had issues was unable to add sub-SELECTs in queries

Multiple issues with migrations added in 3.2.2 - The fix_user_styles and merge_duplicate_bbcodes migrations had multiple issues that prevented successful updates

Issues with signature edit in ACP - Mixed function parameters caused the ACP to show PHP warnings



Changes

HHVM support dropped - phpBB will no longer support HHVM

More visible links to privacy policy and terms - Links to privacy policy and terms of use are prominently displayed in the footer. Link to privacy policy can be overridden with an event

Updated Symfony and other 3rd party libraries - Symfony and other 3rd party libraries have been updated to their latest versions

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2492206






3.2.2
 (security release)
10 January 2018 - 50MBHighlights

PHP 7.2 supported - PHP 7.2 is now officially supported by phpBB 3.2

Minimum expected PHP version changed to 5.4.7

Memcached support - phpBB now supports memcached caching



Enhancements

Updated dependencies - Updated dependencies to latest versions, e.g. Symfony, Twig



Bug Fixes

Password updater working with PostgreSQL - The cron for updating legacy password hashes was running invalid queries on PostgreSQL

Deleting orphaned attachments w/ large number of orphaned attachments - Orphaned attachment deletion was improved to be able to delete them when a large number of orphaned attachments exist

Multiple bugfixes for retrieving image size - Multiple issues with retrieving the image size of JPEGs & temporary files were resolved

Issues with updating from phpBB < 3.0.6 - Inconsistencies in the way parent modules were treated caused issues with updating from older phpBB 3.0 versions

Forum / topic icon blurriness - Fixed issues with forum and topic icons looking blurry on some browsers

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2453381



display more versions




3.2.1

1 August 2017 - 15MBNew Features

Version check supports branches - Both the phpBB and extension version check now support branches



Enhancements

Updated dependencies - Updated dependencies to latest versions, e.g. Symfony, Twig



Notable Bug Fixes

Invalid constructor in FTP file updater - The invalid constructor prevented using the FTP file updater

Multiple issues in text formatter - This caused e.g. issues with some smilies and BBCodes

Fix migration dependency preventing update from before phpBB 3.0.6 - Migration to 3.2.0 didn't check dependency correctly for upgrades from pre 3.0.6 versions



Notable Changes

High-res icons in prosilver - prosilver is now using higher res images for the imageset icons

Read more: https://wiki.phpbb.com/Release_Highlights/3.2.1






3.2.0
 (major version)
10 January 2017 - 15MBThe new phpBB 3.2 Rhea builds upon 3.1 Ascraeus, upgrading the experience for users, administrators, and developers. The new BBCode parser adds support for all the emojis you've been using on mobile devices, the new font awesome integration adds retina quality icons to prosilver, and the quoting feature has been enhanced. Together with Symfony 2.8, an improved integration of the twig template engine, and full support for both PHP 7.0 and 7.1, we have increased extensibility of phpBB 3.2 while reducing development time.
Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2399606






3.1.12
 (security release)
10 January 2018 - 15MBHighlights

Memcached support - phpBB now supports memcached caching



Bug Fixes

Password updater working with PostgreSQL - The cron for updating legacy password hashes was running invalid queries on PostgreSQL

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2453376






3.1.11

2 August 2017 - 15MBNew Features

Version check supports branches - Both the phpBB and extension version check now support branches



Notable Changes

Words in topic title found after topic split - Words in topic title can now be searched for directly after splitting topics

Pagination for IP tables and post info - Added pagination to IP tables and post info on postdetails page



Notable Bug Fixes

Prevent duplicate migrations due to invalid names - Some migrations incorrectly specified leading backslashes. These are now properly handled.

Ensure query start is always set - This previously prevented updates from earlier versions using PostgreSQL

Invalid ORDER_BY definition in PMs - The UCP PM view folder page was using an invalid ORDER_BY definition that resulted in missing PM ordering.

Read more: https://wiki.phpbb.com/Release_Highlights/3.1.11






3.1.10
 (security release)
26 October 2016 - 15MBThis version is a maintenance and security release of the 3.1.x branch which fixes one trivial security issue and various smaller bugs. The security issue only affects users using no longer supported versions of browsers as well as improperly setup webservers (thanks to Lukas Reschke of Nextcloud for reporting this). The bugfixes address the Q&A captcha logging errors when it was solved, fatal errors when upgrading from 3.0.x in certain cases, and database transactions not being rolled back with incorrect notification settings. Other changes include an improved migrator and hardened form checking in the Admin Control Panel.



New Features

Check phpBB version constant against config version - Display a warning in the ACP if the version constant (files) does not match the phpbb_config version
Support extensions in UI tests - UI tests now also support installing extensions and testing their behavior


Notable Changes

Improved migrator - The migrator will now properly prevent timeouts and infinite loops. It will no longer unexpectedly try to revert update_data() implementations using "if": https://www.phpbb.com/community/viewtopic.php?f=461&t=2383821
Dropped support for MySQL versions improperly implementing FULLTEXT support - Some MySQL versions used improper implementations of FULLTEXT support. Versions with correct support are now required: https://github.com/phpbb/phpbb/pull/4426
Users removed from newly registered group when limit set to 0 posts - Users will now be able to exit the newly registered users group when the limit is set to according to the setting's definition in the ACP.
Further hardened checking links and form submissions - Added link hashes and form keys to all forms in the ACP that were still relying on global ACP form protections.


Notable Bug Fixes

Prevent MySQL error when looking at your posts - Wrong column was selected in certain cases.
Q&A CAPTCHA no longer logs error when solved - A change in 3.1.9 caused the CAPTCHA to log an error even though it was solved.
Min/max form values no longer preventing update of avatar settings - The newly introduced form validation on the html side will no longer report invalid min/max settings when updating avatar settings.
Fixed fatal error when upgrading from 3.0.x - Fixed error when upgrading from version with softdelete MOD installed.
Limit prunes per cron for large forums - Prunes on large forums were not limited. This could cause the prune query to fail at an unspecified point in time and leave topics unpruned.
Rollback transactions in notifications manager - Fixed issues with not rolled back transactions when using non-existent notification types

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2389426






3.1.9

17 April 2016 - 15MBThis version is a maintenance release of the 3.1.x branch which fixes various smaller bugs including improper column defaults for new table columns in MSSQL, issues with the updater while using caches that are not file based, as well as duplicate emails being sent by the email queue due to opcache, and attached images not being displayed in the expected order when adding them inline. It also adds support for X-Forwarded headers for upgrading non-SSL connections to SSL and allows extension authors to disable sending headers on Extension pages served via app.php.



New Features

Respect X-Forwarded-Headers for upgrading non-SSL to SSL connection - Proxy's request to upgrade users to using SSL instead of non-SSL communication will be correctly respected (e.g. when using HAproxy). This requires default ports for SSL and can only be used for upgrading from non-SSL to SSL and not to downgrade from SSL to non-SSL.
Disable sending headers - Extension authors can disable sending headers in the page_header() function and the controller helper's render() method


Notable Changes

Q&A fallback to non-default language questions - Q&A will try to fall back to Q&A combos that are not the current or default language if it's enabled and no valid Q&A set for the current or default language are set. If this is not possible, the captcha system will throw an error and prevent registrations without filling out the captcha caused by the invalid setup and misconfiguration.


Notable Bug Fixes

Removed automatic approve of unapproved posts - Editing an unapproved post as a moderator will no longer automatically approve it.
Email queue not cached by opcache - Email queue won't be cached by opcache anymore. This caused issues with dulicate emails.
Correct column default in MSSQL - Database column default will no longer be incorrectly escaped in MSSQL (caused upgrade issues for 3.0.x to 3.1.x)
Modified since for files served with download/file.php - The modified since header was not correctly served
File update when using non-file based cache - Admins updating when using caches like memcache no longer see the comparing files page over and over again when looking at file changes
Attachments display according to the correct BBCode ID - Attachments displayed now correctly correspond to the ones defined by the attachment BBCodes that were added using the frontend

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2368586






3.1.8

24 February 2016 - 15MBThis version is a maintenance release of the 3.1.x branch which fixes various smaller bugs including users not automatically being removed from the Newly Registered Users group and permanent deletion of posts not working from View Topic pages. It also adds support for using https in the Extensions version check.



Notable Changes

Extension Version Check now supports https


Notable Bug Fixes

Users were not removed from Newly Registered Users group
Permanent deletion of posts did not work

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2360031






3.1.7-PL1

11 January 2016 - 15MBThis version is a maintenance and security release of the 3.1.x branch which fixes various smaller bugs including periodic failures with sqlite3 databases, improper handling of avatar gallery subfolder paths, and "Select All" functionality on the Edge browser in the code BBCode.



Security and Hardening

Includes proper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack would only have been possible if an attacker also managed to retrieve the session id of a reauthenticated administrator prior to targeting them.


New Features

Add "mark topics read" link to "View unread posts"
Function submit_post() now takes non-default post_time into account
Added row highlighting to extensions and style management


Notable Changes

Pages served from app.php can now disable update of session page
PHP 7.0 support is now properly stated in package


Notable Bug Fixes

Avatar gallery subfolder paths are correctly handled now
Handle periodic failure of sqlite3
Properly handle "Select All" in code BBCode in Edge Browser

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2352606






3.1.6
 (security release)
12 September 2015 - 15MBThis version is a maintenance and security release of the 3.1.x branch which fixes various smaller bugs including jumping to specific pages in long topics, problems with using Content Delivery Networks for static assets, and notably updates the embedded Twig and PLUpload libraries.



Security and Hardening

Update Twig and PLUpload to the newest minor versions.


New Features

Automatically remove inner quotes when the nesting is too deep
Add links to the Customisation Database to the Extensions, Styles and Language tab in the ACP


Notable Bug Fixes

Fix jump to page option
Fix missing fonts when using the CDN option

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2335426






3.1.5
 (security release)
17 June 2015 - 15MBThis version is a maintenance and security release of the 3.1.x branch which fixes one content permission issue and a number of bugs, as well as adds new events as entry points for extensions to modify phpBB's behaviour.



Security and Hardening

Hardening: Use autocomplete=off for password fields
Hardening: Do not populate password fields in the ACP settings with the old password - Thanks Fortify Open Source Review for suggesting
Content Permissons: Post subjects from protected subforums were listed incorrectly on the forum index in the following two scenarios: 1. Forum that has no forum password has a subforum with a password. 2. Forum with read permissions has a subforum without read permissions "Can read forum", but with list permissions "Can see forum" - Thanks 5hocK for suggesting


New Features

Events - More events have been added to the template and the php core


Notable Bug Fixes

Printing topics with webkit - Properly display background images when printing with webkit browser
Language files for xCP modules - Adding multiple language files for acp/mcp/ucp modules was incorrectly handled for extensions
Several Controller Fixes - AJAX responses did not support exceptions messages, AJAX responses did not support meta_refresh and redirect

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2321676






3.1.4
 (security release)
4 May 2015 - 15MBThis version is a maintenance and security release of the 3.1.x branch which fixes one minor security issue and a number of bugs.



Security and Hardening

Security: An insufficient check allowed users of the Google Chrome browser to be redirected to external domains (e.g. on login). Thanks to Mathias Karlsson (avlidienbrunn) for bringing this to our attention.
Hardening: The HTTP protocol version received via SERVER_PROTOCOL is now verifed to have the expected format. See PHPBB3-13765.


New Features

Events: More events have been added to the template and the php core


Notable Bug Fixes

Version check of extensions: File caching of extensions' version check file doesn't work
Fix links from /board: Append page name to base url if it doesn't contain it and the path ends without a trailing slash

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2313941






3.1.3
 (security release)
1 February 2015 - 15MBThis version is a maintenance and security release of the 3.1.x branch which fixes one security issue, a number of bugs, and adds new events as entry points for extensions to modify phpBB's behaviour.



In 3.1.x we no longer consider it acceptable for administrators to have system access through the administration control panel. It was previously possible for an administrator on a forum to use the ImageMagick binary path setting to execute code on the server.



Security and Hardening

Hardening of imagick path - Existence of the path to the imagick program specified in the Administration Control Panel is now verified.


New Features

Events - More events have been added to the template and the php core
Support for IDN (IRI) Urls - Urls in BBCodes, posts and profile fields can now contain UTF8 characters
Migrations can now use DI - Migrations can now use the container to access additional objects


Notable Bug Fixes

Canonical URLs sort parameters removed - In order to produce less duplicate pages, the sort parameters have been removed from the canonical URLs
Multiple bugs while updating - Quite some bugs in the database update scripts have been fixed
Boolean profile fields on PostgreSQL - Boolean profile fields can now be created again
UTF8 characters in attachment names - Attachments with UTF8 characters in their file name can now be uploaded again

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2293451






3.1.2
 (addendum 1)
10 December 2014 - 15MBApplications:

Install, Update and Edit: Updated languages for phpBB 3.1.x: Arabic, Catalan, Danish, Dutch, German, Spanish, French, Gaelic, Italian, Portuguese, Russian, Turkish, Chinese Simplified, and Chinese Traditional.






3.1.2
 (security release)
25 November 2014 - 15MBThis release includes a number of improvements as well as fixes for two minor security vulnerabilities that we identified ourselves. Please update your phpBB 3.1 installation as soon as possible.



We resolved problems with redirects to incorrect URLs following confirmation screens that we introduced with the security fix in 3.1.1. A large number of the bug fixes and improvements relate to the update process from phpBB 3.0 Olympus to 3.1 Ascraeus and we are confident that the process now works more smoothly for anyone looking to update.



Through specifically crafted requests with an XMLHttpRequest header it was possible to trigger an infinite loop in a phpBB routine which may end up consuming a large amount of resources on a server running phpBB 3.1.1. Further, once you installed an extension, its authors were able to load additional HTML in the extensions administration interface through the version check file which would only be exploitable by malicious extension authors. Independent of this particular problem we recommend you only install extensions made available in the extension database on http://www.phpbb.com as they go through a security audit by the extensions team before they are published.
Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2278081






3.1.1
 (security release)
3 November 2014 - 15MBThis release addresses a minor vulnerability as well as several usability issues that have been brought to our attention. If you installed phpBB 3.1.0, please update to 3.1.1.



Firstly, despite our best efforts and a full security audit of the 3.1 codebase by SektionEins, Dingjie Yang of Qualys, Inc. discovered an XSS vulnerability that may be utilized against users of older browsers. Our tests indicate that this does not seem to affect major browsers released after 2009, making all browsers officially supported by phpBB 3.1 immune and around 99.9% of phpBB.com visitors unaffected. Nevertheless, we are not taking any chances and urge everyone to update. Thanks to Mr. Yang for bringing this to our attention.



Secondly, we are removing the "Send a copy of this email to yourself" feature from the contact page for guests to avoid it being used for sending undesired emails from the board.



Lastly, we are fixing several usability issues that were preventing some users from having a smooth experience while updating from 3.0 to 3.1. The notable ones are:

If a user's selected style no longer exists, attempt to reset to an existing style.
Fix auth provider errors for forums that migrated from other forum software.
Improve and correct update instructions and documentation.

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2270766






3.1.0
 (major version)
29 October 2014 - 15MBWith the help of hundreds of volunteers, we have created the best and most modern version of phpBB yet: 3.1 Ascraeus. It features many improvements for users, administrators, and developers alike. Its new responsive theme takes phpBB into the modern mobile world, OAuth logins and Gravatars improve phpBB's integration into the social web, and a new notification system makes it easy to keep apprised of all that's going on.



What's New

Extensions
Simplified Updating
Responsive Theme
Notification System

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2268866






3.0.14
 (security release)
4 May 2015 - 15MBThis version is a maintenance release fixing one security issue and various bugs.



Security and Hardening

Security: An insufficient check allowed users of the Google Chrome browser to be redirected to external domains (e.g. on login). Thanks to Mathias Karlsson (avlidienbrunn) for bringing this to our attention.
Hardening: The HTTP protocol version received via SERVER_PROTOCOL is now verifed to have the expected format. See PHPBB3-13765.


Notable Changes and Bug Fixes

The path to imagick is now correctly verified as an absolute path instead of a relative path. See PHPBB3-13568.
download/file.php no longer sends a Content-Length header when issuing "304 Not Modified". See PHPBB3-13414.

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2313941






3.0.12

28 September 2013 - 15MBThis version is a maintenance release fixing various bugs but not adding any new features. We have updated the list of bots/spiders, further improved compatibility with recent PHP versions, and support MySQL fulltext search on InnoDB for those MySQL versions which provide it. The custom BBCode token LOCAL_URL has been modified to operate closer to its description. If you have any custom BBCodes using the token you should test if the custom BBCode still functions correctly or if you need to replace the token with the new RELATIVE_URL token. Moderators are no longer exempt from post approval, instead the permission "Can post without approval" is applied as it is for all other users. We now reject very long password inputs immediately to save on resources during password checks.



Improvements

[PHPBB3-8743] - New topic / reply notifications do not contain author's name.
[PHPBB3-10050] - subsilver2: Do not show "Mark topics as read" when there are no topics
[PHPBB3-10205] - More informative reporting of errors when database connection fails (MySQL and others)
[PHPBB3-10716] - PHP-parse all php files as part of the test suite
[PHPBB3-10841] - Disable style and language selectors if there's only one installed.
[PHPBB3-10854] - sql server drop default constraint when dropping column
[PHPBB3-10865] - Updated and Added to docs/./../support/documents.php?mode=install&version=3&sid=17847f32a6ffaa391bf94218dcfa0635
[PHPBB3-10873] - Change language entry for deleted PMs
[PHPBB3-10981] - Upgrade Goutte and use Composer for Installation
[PHPBB3-11131] - Phrasing and semantics of Board settings
[PHPBB3-11162] - Get rid of $db->sql_return_on_error(true) trickery when splitting/merging topics
[PHPBB3-11192] - Add Tebibyte to get_formatted_filesize()
[PHPBB3-11202] - Add response status checks to functional tests
[PHPBB3-11220] - Improve tooltip explaining the [list=] - BBcode
[PHPBB3-11238] - Specify goutte version
[PHPBB3-11285] - Use more granularity in dependency checks in compress test
[PHPBB3-11293] - Prefer mysqli over mysql due to php 5.5 alpha 2 deprecating mysql
[PHPBB3-11294] - Update extension list in running tests doc
[PHPBB3-11368] - Latest pm reports row count
[PHPBB3-11583] - InnoDB supports FULLTEXT index since MySQL 5.6.4.
[PHPBB3-11740] - Update link in FAQ to Ideas Centre
[PHPBB3-11873] - Prevent expensive hash computation in phpbb_check_hash() by rejecting very long passwords

Read more: https://www.phpbb.com/community/viewtopic.php?f=14&t=2200921






3.0.11

25 August 2012 - 15MB





3.0.10

2 January 2012 - 15MB





3.0.9

11 July 2011 - 15MB





3.0.8

20 November 2010 - 15MB





3.0.7-PL1

6 March 2010 - 15MB





3.0.7

1 March 2010 - 3MB





3.0.6

20 November 2009 - 3MB





3.0.5

1 June 2009 - 3MB





3.0.4

15 December 2008 - 3MB





3.0.3

12 November 2008 - 3MB





3.0.2

15 July 2008 - 3MB





3.0.1

12 April 2008 - 3MB





3.0.0
 (major version)
1 February 2008 - 3MB





2.0.23

27 February 2008 - 3MB





2.0.22

28 December 2006 - 3MB





2.0.21

11 June 2006 - 3MB





2.0.20

7 April 2006 - 3MB





2.0.19

2 November 2005 - 3MB





2.0.18b

1 November 2005 - 3MB





2.0.17b

15 September 2005 - 3MB





2.0.17

29 July 2005 - 3MB





2.0.16

29 June 2005 - 2MB





2.0.15

8 May 2005 - 1MB





2.0.14

24 April 2005 - 1MB





2.0.13

18 March 2005 - 1MB





2.0.11

9 January 2005 - 1MB





2.0.10

24 July 2004 - 1MB





2.0.9

3 April 2004 - 1MB





2.0.8a

3 April 2004 - 2MB





2.0.7

3 April 2004 - 2MB