phpBB

Development Wiki

Difference between revisions of "Release Highlights/3.0.13"

From phpBB Development Wiki

(Security / Hardening)
(Security / Hardening)
Line 2: Line 2:
  
 
== Security / Hardening ==
 
== Security / Hardening ==
* Security: Information received from the phpBB version server is now escaped as a precaution.
 
 
* Abuse Prevention: The "Send password" feature now sends anti-abuse headers in e-mail messages. See [https://tracker.phpbb.com/browse/PHPBB3-11799 PHPBB3-11799].
 
* Abuse Prevention: The "Send password" feature now sends anti-abuse headers in e-mail messages. See [https://tracker.phpbb.com/browse/PHPBB3-11799 PHPBB3-11799].
 +
* Hardening: Information received from the phpBB version server is now considered untrusted and escaped.
 
* Hardening: The deregister_globals() function now better handles the case when $_COOKIE['GLOBALS'] is specified. See [https://tracker.phpbb.com/browse/PHPBB3-13376 PHPBB3-13376].
 
* Hardening: The deregister_globals() function now better handles the case when $_COOKIE['GLOBALS'] is specified. See [https://tracker.phpbb.com/browse/PHPBB3-13376 PHPBB3-13376].
 
* Hardening: Existence of the imagick path specified in the Administration Control Panel is now verified. See [https://tracker.phpbb.com/browse/PHPBB3-13519 PHPBB3-13519].
 
* Hardening: Existence of the imagick path specified in the Administration Control Panel is now verified. See [https://tracker.phpbb.com/browse/PHPBB3-13519 PHPBB3-13519].

Revision as of 21:59, 20 January 2015

This page highlights important changes in phpBB 3.0.13. For a complete list of changes, please refer to this report.

Security / Hardening

  • Abuse Prevention: The "Send password" feature now sends anti-abuse headers in e-mail messages. See PHPBB3-11799.
  • Hardening: Information received from the phpBB version server is now considered untrusted and escaped.
  • Hardening: The deregister_globals() function now better handles the case when $_COOKIE['GLOBALS'] is specified. See PHPBB3-13376.
  • Hardening: Existence of the imagick path specified in the Administration Control Panel is now verified. See PHPBB3-13519.

Notable Changes / Bug Fixes

  • Improved Compatibility with Apache 2.4 .htaccess files. See PHPBB3-11860.
  • Improved Compatibility with PHP 5.6. See PHPBB3-12468, PHPBB3-13096 and PHPBB3-13168.
  • Improved Compatibility with Internet Explorer 11. See PHPBB3-12093.
  • "Edit signature" in the User Control Panel now correctly allows smilies to be selected for insertion. See PHPBB3-10037.
  • Language strings containing numbers can now be used as HTML replacement in Custom BBcodes. See PHPBB3-12048.
  • Cookies now work properly on local networks. See PHPBB3-11613.
  • Published package are now checksummed using the SHA-256 algorithm instead of MD5. See PHPBB3-11876.