Перейти к содержимому

Фотография
- - - - -

phpBB 3.2.1 Release - Please Update


  • Авторизуйтесь для ответа в теме
В этой теме нет ответов

#1 ๖ۣۣۜБo ๖ۣۣۜTи ๖ۣۣۜК

๖ۣۣۜБo ๖ۣۣۜTи ๖ۣۣۜК
     

    Бот



Отправлено 16 Июль 2017 - 19:01

Greetings everyone,

We are pleased to announce the release of phpBB 3.2.1 "War for the Planet of the Berties". This version is a maintenance & security release of the 3.2.x branch which fixes three security issues, as well as adding more hardening and fixes for various bugs reported in previous versions.

A server-side request forgery (SSRF) exploit was discovered in the remote avatar functionality which could be used to perform service discovery on internal and external networks as well as retrieve images which are usually restricted to local access (thanks to SEC Consult for the report). Additionally, a cross-site scripting vulnerability via version check files was discovered internally (thanks Derk Ruitenbeek). This could have been used to trick users into clicking on javascript: links. The third fixed issue concerned potential high load scenarios that could be caused by specially crafted search queries while using MySQL fulltext search.

The bugfixes address issues with migration dependencies preventing updates from phpBB 3.0.6 or older, multiple issues with the new text formatter, make the FTP update method functional again, as well as issues with updating from earlier versions using PostgreSQL. Notable changes include new, higher resolution images for the imageset icons, pagination for IP tables and post info, and added search indexing for topics after splitting a topic. The version check now also supports branches which will result in more helpful information about new versions on other branches.

The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at

Пожалуйста Войдите или Зарегистрируйтесь чтобы увидеть скрытый текст

and a list of all issues fixed on our tracker at

Пожалуйста Войдите или Зарегистрируйтесь чтобы увидеть скрытый текст



The packages can be downloaded from our

Пожалуйста Войдите или Зарегистрируйтесь чтобы увидеть скрытый текст

.


The development team thanks everyone who contributed code to this release: javiexin, rxu, Rubén Calvo, nomind60s, David Colón, Jakub Senko, hanakin, Matt Friedman, JoshyPHP, Louis7777, kasimi, Vinny, Erwan Nader, Richard McGirr, hubaishan, Daniel Mota, Jim Mossing Holsteyn, Rishabh04-02, Saeed Hubaishan, david63, lavigor, Agris, Christian Schnegelberger, Daniel Sinn, Mukesh Kumar Kharita, TarantinoMariachi, lr94, tas2580, upstrocker

If you have any questions or comments, we'll be happy to address them in the

Пожалуйста Войдите или Зарегистрируйтесь чтобы увидеть скрытый текст

.

- The phpBB Team

Пожалуйста Войдите или Зарегистрируйтесь чтобы увидеть скрытый текст






Количество пользователей, читающих эту тему: 0

0 пользователей, 0 гостей, 0 анонимных

Яндекс.Метрика Рейтинг@Mail.ru
Besucherzahler femmes russes a marier
счетчик посещений