From phpBB Development Wiki
Revision as of 22:09, 20 January 2015 by Bantu
This page highlights important changes in phpBB 3.0.13. For a complete list of changes, please refer to this report.
Security and Hardening
- Security: The ucp_pm_options form key is now properly validated. Thanks to FBNeal and lampsys who reported this independently. See PHPBB3-13526.
- Hardening: Information received from the phpBB version server is now considered untrusted and escaped. See PHPBB3-13527.
- Hardening: The deregister_globals() function now better handles the case when $_COOKIE['GLOBALS'] is specified. See PHPBB3-13376.
- Hardening: Existence of the path to the imagick program specified in the Administration Control Panel is now verified. See PHPBB3-13519.
- Abuse Prevention: The "Send password" feature now sends anti-abuse headers in e-mail messages. See PHPBB3-11799.
Notable Changes and Bug Fixes
- Improved Compatibility with Apache 2.4 .htaccess files. See PHPBB3-11860.
- Improved Compatibility with PHP 5.6. See PHPBB3-12468, PHPBB3-13096 and PHPBB3-13168.
- Improved Compatibility with Internet Explorer 11. See PHPBB3-12093.
- "Edit signature" in the User Control Panel now correctly allows smilies to be selected for insertion. See PHPBB3-10037.
- Language strings containing numbers can now be used as HTML replacement in Custom BBcodes. See PHPBB3-12048.
- Cookies now work properly on local networks. See PHPBB3-11613.
- Published package are now checksummed using the SHA-256 algorithm instead of MD5. See PHPBB3-11876.