phpBB 3.3.15 Release
This version is a maintenance and security release of the 3.3.x branch which fixes one security issue, introduces a number of improvements aimed at enhancing the user experience and overall stability of the software and resolves some issues.
Since the introduction of phpBB 3.1, phpBB has been using JavaScript and jQuery to improve the responsiveness of prosilver. We did receive a report about a potentially dangerous code in this section. After an internal audit of this and related code, we noticed that some of the handling of data added by an admin is potentially insecure and could lead to cross site scripting. The improvements include better handling of HTTPS connections in the version check since switching to Guzzle in the previous release as well as the introduction of proper support for TLS v1.3 with SMTP servers.
Notable bug fixes in this release include resolving an issue that resulted in PHP fatal errors when converting from phpBB 2 with Attachment MOD and issues with the pagination resulting in incorrect ordering when searching for users posts. Furthermore, an issue with duplicate users being displayed on the memberlist while sorting and a potential overflow of the topic views count have been addressed.
Security Issues
- Use jQuery to generate HTML from page data: SECURITY-283
Notable Improvements
- Improved handling of version check with Guzzle: PHPBB-17443
- Support TLS v1.3 for SMTP servers: PHPBB-17467
Notable Bugfixes
- Fatal error when converting from phpBB 2 with Attachment MOD: PHPBB-17436
- Incorrect ordering of pagination in user posts search: PHPBB-17422
- Duplicate users on memberlist: /PHPBB-17227
- Overflow of topic views column: PHPBB-17381
