Met phpBB is het mogelijk een forum op te zetten waar bezoekers met elkaar kunnen discussiëren. Het pakket wordt onder de gpl-licentie beschikbaar gesteld en maakt gebruik van PHP en een database om berichten te bewaren, waarbij naast het populaire MySQL ook PostgreSQL, Firebird, MSSQL en SQLite als databases worden ondersteund. Versie 3.0.7-PL1 is sinds enkele dagen beschikbaar en verhelpt een beveiligingsprobleem. De aankondiging van deze uitgave ziet er als volg uit:
phpBB 3.0.7-PL1 released
We are sorry to announce the immediate release of phpBB 3.0.7-PL1 to address a security issue which was introduced in 3.0.7, unfortunately the issue wasn't noticed during testing and has only surfaced a week after the release of 3.0.7.
We promised working feeds for phpBB 3.0.7. Sadly, we were not able to deliver on that promise - a critical bug in the permission handling for feeds slipped past. To all people who already have updated to 3.0.7, it is of critical importance to update to 3.0.7-PL1. Otherwise, it is possible for users to bypass permission settings under the following circumstances:Note: We recommend the use of a regular update routine over manually editing your files. If you manually edit your files your board will not recognise the update.
- Feeds are enabled
- Any of the posts or topics feeds are enabled
- The unauthorised user - or one of the groups they are a member of - have forum permissions set on a private forum
- If you have excluded a forum from the list of forums that provide feeds, it is unaffected
There were no other changes, in particular neither style nor language changes.