FluxBB is an open source forum application. Forked from PunBB in 2008, FluxBB is a popular lightweight forum application, powering forums for Arch Linux and ╬╝Torrent.

1 click installation FluxBB

1 click installation

Easy update FluxBB

Easy update

Backup and restoration FluxBB

Backup and restoration


Community Building
Current version
Last update
21 June 2016
English + 19 others

System Requirements

Installation size
3 MB
open source
What's new


(security release)
21 June - 3MBThis release fixes a security vulnerability as well as several bugs, and also contains several small improvements.

The vulnerability, kindly disclosed by Kacper Szurek, allowed skilled attackers to inject malicious JavaScript into the page that is shown when administrators try to view information about a user's IP address.

In addition, this release contains some minor improvements in the area of CSS and usability, and fixes several smaller bugs.

  • bug #792: Profile and signature img
  • bug #1012: Incorrect coding login.php
  • bug #1017: fix CSS
  • bug #1056: Invalidate only feed caches
  • bug #1058: hash_equals(): Expected known_string to be a string, null given
  • bug #1059: No csrf_token in unsubscibe link of subscription email
  • bug #1062: Edit.php and checkboxes
  • bug #1068: Wrong description for BBCode
  • bug #1072: The DB class for SQLite doesn't maintain string values by default?
  • bug #1075: Empty PHP_SELF somewhere
  • bug #1078: InnoDB check failed
  • bug #1082: Custom title overrides "Banned"
  • enhancement #1019: Refactor/move forum_list_plugins to common_admin.php
  • enhancement #1025: Display error message inline with login form
  • enhancement #1027: Change htmlspecialchars to pun_htmlspecialchars
  • enhancement #1064: error() function, PUN_DEBUG and security
  • enhancement #1066: For long nicknames

Read more: http://fluxbb.org/forums/viewtopic.php?id=8856


(security release)
10 November 2015 - 3MBThis release fixes two security issues: The first one allowed attackers to trick moderators into e.g. locking or stickying other topics without noticing. The second change prevents sophisticated timing attacks targeted at e.g. password hashes.

Other changes in this release include several fixes of regressions introduced in the last release, fixes related to the handling of several esoteric HTTP headers, and a fix for a quote bug that broke the forum layout. Finally, if you want to embed your forum in another web page, the relevant HTTP header is now configurable.
Read more: http://fluxbb.org/forums/viewtopic.php?id=8203


(security release)
24 January 2015 - 3MBThis release fixes a minor security issue in install.php. The installer could be tricked into loading and executing any file named install.php. Abuse of this vulnerability could have only been possible in combination with other security issues that would have allowed an attacker to create files with that name.

As a special present, in this release we made it super-easy to install anti-spam modifications by providing a few hooks where these modifications can hook into. All you will need to do to install this new generation of anti-spam tools is to copy one or two files into certain folders of your FluxBB installation. We hope this change encourages the community to create a broad range of more diverse antispam tools, so that spammers will hit unpredictable obstacles when targetting FluxBB. As an example, I have created a modification that adds Google's new reCAPTCHA system to your registration page. Expect more documentation in the next days.

This release also brings some security hardening, fine-tuning, several small features and usability improvements to your forum.

  • Clickjacking attacks should now be prevented by modern browsers
  • Direct links to certain actions from notification emails
  • Quickly promote users to the next group
  • New moderator permission for promoting users
  • Streamlined forum creation process
  • Improved default styles and dropped support for Internet Explorer 6

Full Changelog
  • bug #925: Scrollbar in chrome fluxbb1.5.5
  • bug #949: Use \r\n for SMTP, FORUM_EOL for others
  • bug #951: [url][img] patch doesn't work.
  • bug #963: Add rel="prev", rel="next" and rel="canonical"
  • bug #969: New TLDs not allowed as valid URLs
  • bug #996: Prevent clickjacking attacks
  • bug #998: Bug in validate_redirect() function
  • bug #1001: Remove setting of values in quickpostform
  • bug #1006: [HTB23246] File Inclusion in install.php
  • enhancement #57: Making a new forum is a 2 step process
  • enhancement #810: Improve unread forums tracking
  • enhancement #935: Auto-promotion improvements
  • enhancement #936: Add new group permission to allow moderators to promote users
  • enhancement #941: Remove obsolete global variables
  • enhancement #944: Remove "page 1" when thread or forum has just one page
  • enhancement #947: Improve Air/Earth/Fire design
  • enhancement #948: Require passwords with at least 6 characters
  • enhancement #959: Quick actions from registration email
  • enhancement #965: Avoid double redirect when no new posts are found
  • enhancement #976: [PATCH] Invalidate updated cache files from PHP's Opcache
  • enhancement #992: Drop IE6 support
  • enhancement #997: Make random passwords longer
  • enhancement #1007: Antispam hooks
  • enhancement #1008: Please delete your install.php file
  • task #942: Remove obsolete language strings
  • task #966: Optimize images in FluxBB core

Read more: http://fluxbb.org/forums/viewtopic.php?id=8203


(security release)
20 October 2014 - 3MBThis release fixes a critical security vulnerability that could potentially allow clever attackers to take over other user accounts on a FluxBB forum. We also fixed another less severe issue related to redirects in login.php.

Bugs Fixed
  • bug #961: Open Redirection Vulnerability
  • bug #990: SQL injection in profile.php

Read more: http://fluxbb.org/forums/viewtopic.php?id=8001

display more versions


(security release)
8 January 2014 - 3MB
  • bug #923: Redeclared method error when changing usernames
  • bug #940: Cross-site request forgery issues with FluxBB
  • enhancement #913: Adding subject if someone hits the preview button
  • enhancement #927: Split thread function is... "splitted"
  • enhancement #929: Textarea resize
  • enhancement #930: Allow non array page titles
  • enhancement #934: HTML5 validation

Read more: http://fluxbb.org/forums/viewtopic.php?id=7513


18 November 2013 - 3MB
  • bug #884: No horizontal scrollbar in [code]
  • bug #887: URLs with user/forum/topic/post ID are broken
  • bug #888: Notices in FluxBB 1.5.4
  • bug #895: random_pass() might generate URL-unfriendly passwords
  • bug #896: No permission without 403
  • bug #897: "\r\n" breaks headers in email in certain conditions
  • bug #903: UTF8 related fixes
  • bug #904: Charset conversion in db_update.php doesn't work
  • bug #905: Merging topics hangs when users are subscribed
  • bug #911: Triple border in IE11
  • enhancement #889: Excess array cell of $lang_install
  • enhancement #891: Remove unused line of code in generate_quickjump_cache
  • enhancement #902: Miscellaneous
  • enhancement #908: Regenerate the users info cache in register.php
  • enhancement #919: $page_title in admin_loader.php
  • enhancement #921: Disable admin_forums.php form when no categories exist
  • enhancement #922: Function do_smilies() and $pun_config

Read more: http://fluxbb.org/forums/viewtopic.php?id=7405


14 August 2013 - 3MBThese releases fix another security issue that allowed attackers to redirect forum users from the attacker's site to any URL on the internet via FluxBB's email contact form. This is a problem as the users might be redirected to a dangerous or inappropriate webpage, even though they assume to visit a trusted site (the forum). Unfortunately, we were not contacted before the vulnerability was published; I still want to thank the Zero Science Lab for the helpful communication after the issue was brought to our attention.

FluxBB 1.5.4 also brings along fixes for a bunch of smaller issues in the 1.5 branch.
Read more: http://fluxbb.org/forums/viewtopic.php?id=7217


22 February 2013 - 3MBThis release fixes a security issue that could allow skilled attackers to guess one of the random tokens that are sent out via email when users have forgotten their passwords.
Read more: http://fluxbb.org/forums/viewtopic.php?id=6916


4 February 2013 - 3MB

Our Web hostings are compatible with


Only the Web hosting

100% SSD Web Hosting
100 GB and +
Multisite management
Free SSL certificates
Anti-DDoS protection
10 GB of VOD

Learn more

from 5.75 € / month


The complete Web+Mail offer

100% SSD Web Hosting
100 GB and +
Multisite management
Free SSL certificates
Anti-DDoS protection
10 GB of VOD

Professional messaging
25 email addresses with unlimited storage

Online messaging
Instant messaging
Syncing contacts and calendars

Learn more

from 7.42 € / month

Cloud Server


100% SSD Web Hosting
100 GB and +
Multi-hostings and multisites
Free SSL certificates
Anti-DDoS protection
10 GB of VOD

2 CPU and +
6 Gb (RAM) and +
100% SSD
100% dedicated resources

Infomaniak manages your server

Learn more

from 29 € / month

Prices in EUR incl. tax

Your browser is outdated, security and browsability are no longer guaranteed. We recommend that you update it as soon as possible by clicking here.