phpBB 3.0.8 released

Hi everyone,

We are pleased to announce the release of phpBB “Patience is a Virtue”
3.0.8. This new version is a maintenance release fixing a large number
of bugs as well as improving on usability and performance. Unfortunately
we have also discovered a security issue in the previous version
affecting boards which have the flash BBCode enabled – it is disabled by
default. On WebKit based browsers like Safari or Chrome, as well as
Opera, the flash BBCode can be used to execute JavaScript causing a
cross site scripting vulnerability.

To fix this problem in 3.0.7, please go to line 354 in
inlcudes/message_parser.php, and right before:

// Apply the same size checks on flash files as on images

add these lines:

$in = str_replace(‘ ‘, ‘%20’, $in);

// Make sure $in is a URL.
if (!preg_match(‘#^’ . get_preg_expression(‘url’) . ‘$#i’, $in) &&
!preg_match(‘#^’ . get_preg_expression(‘www_url’) . ‘$#i’, $in))
return ‘[flash=’ . $width . ‘,’ . $height . ‘]’ . $in .

This will not fix the problem in already existing posts. In order to
scan your board for malicious posts we have created a scanning script:
Simply upload it to your phpBB’s directory and access it directly. A new
version of the Support Toolkit including this script as well as a tool
for reparsing individual posts will be released soon. We will keep you

The release also fixes a problem with the recaptcha plugin which could
have helped spammers circumvent the captcha in some cases. A thank you
goes to for highlighting a few bugs and giving as an
overall good security rating.

We urge you to update your installation as soon as possible. Our support
team will only support phpBB 3.0.8, updates to phpBB 3.0.8 and
conversions to phpBB 3.0.8. Submissions to our trackers for older
versions will not be accepted, please make sure you update before you
submit a bug report.

If you use a language pack other than the default “English [GB]”, you
should check our downloads section, an update may already be available.

We would also like to say a special thank you to everyone who has
contributed a patch to this release:
Adam Reyher, Chris Sfanos, Cristian Rodriguez, Cullen Walsh, David Ward,
Gabriel Vazquez, Marc Alexander, Mark, mrkurt, narqelion, Nick Anderegg,
Oleg Pudeyev, Patrick W, Paul Sohier, Richard Foote, RMcGirr83, Rob
House, SA007, Tabitha Backoff, Thatbitextra and Yuriy Rusko.

For a complete list of new features, changes and bug fixes, please
consult our comprehensive changelog at:

The original announcement is located at:

*Installation instructions*

A short explanation of how to do a conversion, installation or update is
included within the provided INSTALL.html file, please be sure to read
it. You can find a list of requirements on our Downloads page:


If you find any security issues please report them to our security tracker:

*Available packages*

If you experience problems with the automatic update (white screens,
timeouts, etc.) we recommend using the “changed files only” or “patch”
method for updating.

Full Package: Full phpBB 3 source code and english language files.

Automatic Update Package: Update package for the automatic updater,
contains changes from previous release to this release.

Changed Files Only: Complete files, but only those that were changed
since previous releases of phpBB 3. This archive contains changed files
for every previous release.

Patch Files: This file contains diffs against the previous phpBB 3
release, which can be applied with the patch utility.

Select the package most suitable for you. We recommend the following
methods depending on your situation:

– For new installations you should use the Full Package
– For updates of boards without modifications you can use the Automatic
Update Package (guided update) or the Changed Files Only package (manual
– For updates of boards with modifications you should use the Automatic
Update Package. If you are confident with patch files and patching you
can use the Patch Files Package.
– Style Authors and Translators may use the Code Changes Package to
update their styles or language packs.
– International Support Teams may use the Patch Package in conjunction
with the Code Changes to better support users with problematic conflicts
during their update process or to help them update code sections.
– If you are a hoster/provider, you may want to use the Patch Files
Package to update all of your client installations.

*Please ensure you read the INSTALL and README documents in docs/ before
proceeding with installation, updates or conversions!*

*Download Locations*

The download is of course available on our downloads page:

Our release archive provides all packages we build. If you do not find
your desired package you can probably find it in the release archive.

These are the files with their md5 sums:
md5sum: 81de73308603abee863be7552c7caac7
md5sum: 7b20c8377364fc0458a241e232a019d0
md5sum: 75308c5c4e8d1c17ca8faa30687f1b42
md5sum: 295a8bf9bfd3f90d715ecd642b3aa773
md5sum: 03e1ad263c697f2b2da0632b1138aaf3
md5sum: 31632678f94ccb677c2fda40fc91123a
md5sum: 78f54abe9c11a645362ff08bcea67ec3
md5sum: 351e9f24fd7d3e291eade22484340d22
md5sum: 4503e3959d39a6bd9d80bbe2e2b9d0a4
md5sum: b088ba2a16b456b4f7e764f381c4a3b7
md5sum: af2d5111e435315891a8f772e85fbd47

*Download & Documentation*

phpBB Downloads –
phpBB Projects page @ ohloh –
phpBB 3 Documentation –
phpBB 3 support forum –
phpBB 3 bug tracker –
phpBB on GitHub –
phpBB Code Wiki –

Comments are closed.