Versie 3.2.4 van phpBB is uitgebracht. Met dit programma is het mogelijk om een webforum op te zetten. PhpBB wordt onder de gpl-licentie beschikbaar gesteld en maakt gebruik van php en een databaseprogramma om berichten op te slaan. Naast MySQL worden ook PostgreSQL, Oracle Database, Microsoft SQL Server en SQLite als databasesoftware ondersteund. Versie 3.2 bevat onder meer ondersteuning voor php 7, recaptcha 2.0 en Symfony 2.8. Verder is het updateproces verbeterd, wordt er meer informatie getoond in geciteerde tekst en kunnen er meer emoji's worden gebruikt. De release notes voor deze uitgave kunnen hieronder worden gevonden.
phpBB 3.2.4 Release - Please Update
We are pleased to announce the release of phpBB 3.2.4 "Bertie's ‘stache". This version is a maintenance and security release of the 3.2.x branch which fixes one security issue and various issues reported in previous versions.
The security issue was discovered with a new exploitation technique called Phar deserialization. An attacker with control over a founder admin account could escalate to remote code execution by abusing PHP’s default unserialization of metadata in Phar files. More information about this technique can be found here. In order to fix this issue we’ve removed the ability to define absolute paths in the Admin Control Panel. This resulted in the removal of setting the ImageMagick path, so make sure to have the GD image library available instead. A new event to generate thumbnails was added as replacement, so you’re able to write an extension that uses a different image library to generate thumbnails. We would like to thank Simon Scannell and Robin Peraglie of RIPS Technologies for their report and responsible disclosure. The issue has been assigned CVE-2018-19274.
The fixed issues include, among others, compatibility issues with PHP 7.2 and issues with removing users from the newly registered user group more than once.
Among the notable changes are the addition of the list-unsubscribe header to emails sent by phpBB and the ability to reset your password without entering the username.
The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki and a list of all issues fixed on our tracker.