phpBB 3.0.8 released
We are pleased to announce the release of phpBB “Patience is a Virtue”
3.0.8. This new version is a maintenance release fixing a large number
of bugs as well as improving on usability and performance. Unfortunately
we have also discovered a security issue in the previous version
affecting boards which have the flash BBCode enabled – it is disabled by
default. On WebKit based browsers like Safari or Chrome, as well as
cross site scripting vulnerability.
To fix this problem in 3.0.7, please go to line 354 in
inlcudes/message_parser.php, and right before:
// Apply the same size checks on flash files as on images
add these lines:
$in = str_replace(‘ ‘, ‘%20’, $in);
// Make sure $in is a URL.
if (!preg_match(‘#^’ . get_preg_expression(‘url’) . ‘$#i’, $in) &&
!preg_match(‘#^’ . get_preg_expression(‘www_url’) . ‘$#i’, $in))
return ‘[flash=’ . $width . ‘,’ . $height . ‘]’ . $in .
This will not fix the problem in already existing posts. In order to
scan your board for malicious posts we have created a scanning script:
Simply upload it to your phpBB’s directory and access it directly. A new
version of the Support Toolkit including this script as well as a tool
for reparsing individual posts will be released soon. We will keep you
The release also fixes a problem with the recaptcha plugin which could
have helped spammers circumvent the captcha in some cases. A thank you
goes to Evilzone.org for highlighting a few bugs and giving as an
overall good security rating.
We urge you to update your installation as soon as possible. Our support
team will only support phpBB 3.0.8, updates to phpBB 3.0.8 and
conversions to phpBB 3.0.8. Submissions to our trackers for older
versions will not be accepted, please make sure you update before you
submit a bug report.
If you use a language pack other than the default “English [GB]”, you
should check our downloads section, an update may already be available.
We would also like to say a special thank you to everyone who has
contributed a patch to this release:
Adam Reyher, Chris Sfanos, Cristian Rodriguez, Cullen Walsh, David Ward,
Gabriel Vazquez, Marc Alexander, Mark, mrkurt, narqelion, Nick Anderegg,
Oleg Pudeyev, Patrick W, Paul Sohier, Richard Foote, RMcGirr83, Rob
House, SA007, Tabitha Backoff, Thatbitextra and Yuriy Rusko.
For a complete list of new features, changes and bug fixes, please
consult our comprehensive changelog at:
The original announcement is located at:
A short explanation of how to do a conversion, installation or update is
included within the provided INSTALL.html file, please be sure to read
it. You can find a list of requirements on our Downloads page:
If you find any security issues please report them to our security tracker:
If you experience problems with the automatic update (white screens,
timeouts, etc.) we recommend using the “changed files only” or “patch”
method for updating.
Full Package: Full phpBB 3 source code and english language files.
Automatic Update Package: Update package for the automatic updater,
contains changes from previous release to this release.
Changed Files Only: Complete files, but only those that were changed
since previous releases of phpBB 3. This archive contains changed files
for every previous release.
Patch Files: This file contains diffs against the previous phpBB 3
release, which can be applied with the patch utility.
Select the package most suitable for you. We recommend the following
methods depending on your situation:
– For new installations you should use the Full Package
– For updates of boards without modifications you can use the Automatic
Update Package (guided update) or the Changed Files Only package (manual
– For updates of boards with modifications you should use the Automatic
Update Package. If you are confident with patch files and patching you
can use the Patch Files Package.
– Style Authors and Translators may use the Code Changes Package to
update their styles or language packs.
– International Support Teams may use the Patch Package in conjunction
with the Code Changes to better support users with problematic conflicts
during their update process or to help them update code sections.
– If you are a hoster/provider, you may want to use the Patch Files
Package to update all of your client installations.
*Please ensure you read the INSTALL and README documents in docs/ before
proceeding with installation, updates or conversions!*
The download is of course available on our downloads page:
Our release archive provides all packages we build. If you do not find
your desired package you can probably find it in the release archive.
These are the files with their md5 sums:
*Download & Documentation*
phpBB Downloads – http://www.phpbb.com/downloads/
phpBB Projects page @ ohloh – http://www.ohloh.net/projects/phpbb
phpBB 3 Documentation – http://www.phpbb.com/support/documentation/3.0/
phpBB 3 support forum – http://www.phpbb.com/phpBB/viewforum.php?f=46
phpBB 3 bug tracker – http://www.phpbb.com/bugs/phpbb3/
phpBB on GitHub – http://github.com/phpbb/
phpBB Code Wiki – http://wiki.phpbb.com/
Comments are closed.