Versie 3.1.2 van phpBB is uitgebracht. Met dit programma is het mogelijk om een webforum te maken. PhpBB wordt onder de gpl-licentie beschikbaar gesteld en maakt gebruik van php en een databaseprogramma om berichten op te slaan. Naast MySQL worden ook PostgreSQL, Oracle Database, Microsoft SQL Server en SQLite als databasesoftware ondersteund. Versie 3.1.0 bevat een groot aantal veranderingen voor zowel gebruikers en admins als ontwikkelaars. In deze update zijn verder nog diverse bugfixes en een oplossing voor twee beveiligingsproblemen.
phpBB 3.1.2 Release - Please Update
Today, we are publishing phpBB 3.1.2 in order to address over 30 discovered issues since the release of 3.1.0: a number of improvements as well as two minor security vulnerabilities that we identified ourselves. Please update your phpBB 3.1 installation as soon as possible.
We resolved problems with redirects to incorrect URLs following confirmation screens that we introduced with the security fix in 3.1.1. A large number of the bug fixes and improvements relate to the update process from phpBB 3.0 Olympus to 3.1 Ascraeus and we are confident that the process now works more smoothly for anyone looking to update.
Through specifically crafted requests with an XMLHttpRequest header it was possible to trigger an infinite loop in a phpBB routine which may end up consuming a large amount of resources on a server running phpBB 3.1.1. Further, once you installed an extension, its authors were able to load additional HTML in the extensions administration interface through the version check file which would only be exploitable by malicious extension authors. Independent of this particular problem we recommend you only install extensions made available in the extension database on http://www.phpbb.com as they go through a security audit by the extensions team before they are published.
