Development Wiki

Release Highlights/3.0.14

From phpBB Development Wiki

Revision as of 14:23, 3 May 2015 by Bantu (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

This page highlights important changes in phpBB 3.0.14. For a complete list of changes, please refer to this report.

Security and Hardening

  • Security: An insufficient check allowed users of the Google Chrome browser to be redirected to external domains (e.g. on login). Thanks to Mathias Karlsson (avlidienbrunn) for bringing this to our attention.
  • Hardening: The HTTP protocol version received via SERVER_PROTOCOL is now verifed to have the expected format. See PHPBB3-13765.

Notable Changes and Bug Fixes

  • The path to imagick is now correctly verified as an absolute path instead of a relative path. See PHPBB3-13568.
  • download/file.php no longer sends a Content-Length header when issuing "304 Not Modified". See PHPBB3-13414.