phpBB

Development Wiki

Difference between revisions of "Release Highlights/3.0.14"

From phpBB Development Wiki

(Notable Changes and Bug Fixes)
(Security and Hardening)
Line 2: Line 2:
  
 
== Security and Hardening ==
 
== Security and Hardening ==
 +
* Security: The Google Chrome browser can no longer be tricked into redirecting to an external URL. Thanks to Mathias Karlsson (avlidienbrunn) for bringing this to our attention.
 
* Hardening: The HTTP protocol version received via SERVER_PROTOCOL is now verifed to have the expected format. See [https://tracker.phpbb.com/browse/PHPBB3-13765 PHPBB3-13765].
 
* Hardening: The HTTP protocol version received via SERVER_PROTOCOL is now verifed to have the expected format. See [https://tracker.phpbb.com/browse/PHPBB3-13765 PHPBB3-13765].
  

Revision as of 11:34, 3 May 2015

This page highlights important changes in phpBB 3.0.14. For a complete list of changes, please refer to this report.

Security and Hardening

  • Security: The Google Chrome browser can no longer be tricked into redirecting to an external URL. Thanks to Mathias Karlsson (avlidienbrunn) for bringing this to our attention.
  • Hardening: The HTTP protocol version received via SERVER_PROTOCOL is now verifed to have the expected format. See PHPBB3-13765.

Notable Changes and Bug Fixes

  • The path to imagick is now correctly verified as an absolute path instead of a relative path. See PHPBB3-13568.
  • download/file.php no longer sends a Content-Length header when issuing "304 Not Modified". See PHPBB3-13414.