phpBB 3.2.8
22 September 2019
phpBB version 3.2.8 is now available (security release).
Upgrading to phpBB 3.2.8
phpBB 3.2.8 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply phpBB updates as new versions are released, or use Installatron's Clone feature to duplicate an existing phpBB install to test the 3.2.8 upgrade prior to applying it live. Get started managing your phpBB installations with Installatron
What's New in phpBB 3.2.8
This version is a maintenance and security release of the 3.2.x branch.
Security Issue
- CSS injection via BBCode tag
- Missing form token check when handling attachments
- Missing form token check when managing BBCodes
- Disable MySQLi local infile to prevent local file inclusion
- Add Referrer-Policy header
Bug Fixes
- Permission settings do not take affect when set using All YES/NO/NEVER
- PHP error (Array to string conversion) on new user registration if email address is banned and " Reason shown to the banned" is empty
- Missing word in 'AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED'
- External accounts can be linked to more than one local account
- Check language input for group
- Emoji characters in forum name causing SQL errors
- Group rank not displaying on memberlist_body
- Unicode Characters in Attachment Comment Causes mySQL Error
- Users can delete their attachments in the UCP, even if the post is locked
- SMTP support for TLS is forcing use of deprecated TLS 1.0
- The link "Back to previous page" can redirect to another page, not the previous one
- Changing account settings without changing password resets user_passchg
- Q&A captcha plug-in still throws PHP 7.2.x countable warning
- Post count not updated when deleting only post in topic
- Recognize number of Template Event instances in events.md file
- Topic Icon with space in filename isn't displayed by viewforum_body.html
- Unable to restore any backup from ACP
- PHP warning in MCP banning tab on PHP 7.2+
- BBCodes using {TEXT} in HTML tags no longer work
- Style templates no longer able to login "from any page."
- Unable to login using Oauth via Forums, topics or posts
- Migrator never drops unique indexes
- board_dst config value is not removed from config table after conversion
- Banned or suspended user receives "The submitted form was invalid. Try submitting again."
- Undefined index for custom attachments groups
- Fix warning in ACP version check
- Twemoji -fe0f sequence not rendering
- PM filter “sent to my default usergroup” triggers array to string conversion warning
- Warnings When a Style exists on database but not on FTP
- Attach row template always gets displayed with JS disabled
- MySQL full text search always uses MyISAM limits
- Incorrect users search by last visit time in memberlist.php
- AppVeyor builds fail due to chocolatey being unable to install PHP
Improvements
- Exclude group leaders on group member purge
- Hardcoded lang in credit line
- Group helper functions
- Add event - core.posting_modify_row_data
- Unambiguous wording in user activation request email to Admin/Moderator
- Use of 'Cache-Control: public' for serving files
- Provide link to PHP Date Function in both ACP and UCP
- Do not prevent username changes in ACP
- Deny prosilver's uninstallation
- Add core.topic_review_modify_sql_ary
- Add 2 template events *_author_username_{append/prepend}
- ACP Private Messages: Wording could be better
- Remove sudo required from travis config
- Undefined index: user_ip in oauth.php
- Incorrect docblock parameter types
- Remove support for WebSTAR and Xitami
- Use chrome webdriver for UI tests
- Add core.confirm_box_ajax_before
- Add core.viewtopic_gen_sort_selects_before
- Add core.posting_modify_post_subject
- Add core.pm_modify_message_subject
- Add core.mcp_main_before
- Add mcp_move_destination_forum_before|after
- Add topiclist_row_topic_by_author_before|after
- Custom Profile Field visibility is incorrectly explained
- Add core.message_history_modify_sql_ary
- Add core.mcp_topic_modify_sql_ary
- Add 2 mcp_topic_post_author_full_{append/prepend}
- Add UI for Mass email $max_chunk_size
- The attachment's ALT tag is supposed to describe the image, not the file.
Tasks
- Define trusty build environment for travis builds
- Update composer dependencies to latest
- The text input for poll question has a too high maxlength attribute