phpBB 3.1.11 Release - Please Update

Všetky novinky z phpbb.com.
Užívateľov profilový obrázok
phpBB.sk[bot]
Bot
Príspevky: 1655
Dátum registrácie: 20. Decembra 2015, 01:38
Kontaktovať užívateľa:

phpBB 3.1.11 Release - Please Update

Príspevok od užívateľa phpBB.sk[bot] » 16. Júla 2017, 17:04

Greetings everyone,



We are pleased to announce the release of phpBB 3.1.11 "Bertie's Cassini hitchhike". This version is a maintenance & security release of the 3.1.x branch which fixes three security issues, as well as adding more hardening and fixes for various bugs reported in previous versions.

A server-side request forgery (SSRF) exploit was discovered in the remote avatar functionality which could be used to perform service discovery on internal and external networks as well as retrieve images which are usually restricted to local access (thanks to SEC Consult for the report). Additionally, a cross-site scripting vulnerability via version check files was discovered internally (thanks Derk Ruitenbeek). This could have been used to trick users into clicking on javascript: links. The third fixed issue concerned potential high load scenarios that could be caused by specially crafted search queries while using MySQL fulltext search.

Please note that this is the last maintenance release for phpBB 3.1 as it has now reached end of maintenance (EOM). It will continue to receive security updates until December 2017.



The bugfixes address issues with duplicate entries for migrations that could result in extensions not properly installing or uninstalling, an invalid definition in an SQL query that prevents ordering of PMs, as well as issues with updating from earlier versions using PostgreSQL.

Notable changes are pagination for IP tables and post info and added search indexing for topics after splitting a topic. The version check now also supports branches which will result in more helpful information about new versions on other branches.



The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at https://wiki.phpbb.com/Release_Highlights/3.1.11 and a list of all issues fixed on our tracker at https://tracker.phpbb.com/issues/?filter=14092



The packages can be downloaded from our downloads page.



The development team thanks everyone who contributed code to this release: javiexin, Jakub Senko, rxu, Matt Friedman, Rubén Calvo, Daniel Sinn, kasimi, Erwan Nader, nomind60s, Victor A. Safronov, Daniel Mota, David Colón, Jmz, david63, hanakin, Christian Schnegelberger, Jim Mossing Holsteyn, Joas Schilling, MIkhail Gulyaev, Michael Cullum, Mukesh Kumar Kharita, Richard McGirr, TarantinoMariachi, hubaishan, lavigor, upstrocker



If you have any questions or comments, we'll be happy to address them in the discussion topic.



- The phpBB Team

http://www.phpbb.com/community/viewtopi ... &t=2430891

Napísať odpoveď

Kto je prítomný

Užívatelia prezerajúci toto fórum: Žiadny pripojení užívatelia a 5 neregistrovaných