==================================================================== CERT-Renater Note d'Information No. 2020/VULN452 _____________________________________________________________________ DATE : 18/08/2020 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running phpBB versions prior to 3.2.10. ===================================================================== https://www.phpbb.com/community/viewtopic.php?f=14&t=2562631 _____________________________________________________________________ phpBB 3.2.10 Release - Please Update Post by Marc » Fri Aug 07, 2020 7:05 pm Greetings everyone, We are pleased to announce the release of phpBB 3.2.10 "Bertie’s look back at Rhea". This version is a maintenance and security release of the 3.2.x branch which fixes one security issue, introduces further hardening, and resolves various issues reported in previous versions. Previous versions of phpBB did allow limiting the dimensions of images posted. This could however also be used to e.g. check for the existence of services that should only be accessible from the internal network. We would like to thank FVD for reporting this issue to us via HackerOne. The issue has been assigned CVE-2020-8226. The fixed issues include, among others, issues with using Emojis in multiple text fields, the inability to delete or mark PMs read in the UCP folder view, and a slow search on PostgreSQL. In addition to that, new and improved enable and disable mechanisms for newer profile field types have also been integrated. We would like to dedicate this addition to javiexin. We have decided to extend the timeframe board admins have to upgrade to phpBB 3.3. This means that today is the End of Maintenance date for the 3.2 branch and we will provide an additional 3 months of security updates for phpBB 3.2, setting the End of Life date to November 7th, 2020. We recommend everyone to upgrade to phpBB 3.3 as soon as possible. To assist this, phpBB 3.2 will now inform users about the PHP requirements in phpBB 3.3. The full list of changes is available in the changelog file within the docs folder contained in the release package. You can find the key highlights of this release on the wiki at https://wiki.phpbb.com/Release_Highlights/3.2.10 and a list of all issues fixed on our tracker at https://tracker.phpbb.com/issues/?filter=15202 The packages can be downloaded from our downloads page. The development team thanks everyone who contributed code to this release: 3D-I, kasimi, Dark❶, rxu, KYPREO, javiexin, ansavin, Alfredo Ramos, Kidounet, MichaIng, ioannisbat, phpBB España If you have any questions or comments, we'll be happy to address them in the discussion topic. - The phpBB Team ========================================================= + CERT-RENATER       |    tel : 01-53-94-20-44          + + 23/25 Rue Daviel   |    fax : 01-53-94-20-41          + + 75013 Paris        |    email:cert@support.renater.fr + =========================================================