是次涉及安全性的更新、功能上的改進、效能的提升和修正漏洞
- 代碼: 選擇全部
Release Highlights/3.0.14
This page highlights important changes in phpBB 3.0.14. For a complete list of changes, please refer to this report.
Security and Hardening
• Security: An insufficient check allowed users of the Google Chrome browser to be redirected to external domains (e.g. on login). Thanks to Mathias Karlsson (avlidienbrunn) for bringing this to our attention.
• Hardening: The HTTP protocol version received via SERVER_PROTOCOL is now verifed to have the expected format. See PHPBB3-13765.
Notable Changes and Bug Fixes
• The path to imagick is now correctly verified as an absolute path instead of a relative path. See PHPBB3-13568.
• download/file.php no longer sends a Content-Length header when issuing "304 Not Modified". See PHPBB3-13414.
==================
Release Highlights/3.0.13
This page highlights important changes in phpBB 3.0.13. For a complete list of changes, please refer to this report.
Security and Hardening
• Security (CVE-2015-1431): CSS Injection via Relative Path Overwrite. Thanks to James Kettle for bringing this to our attention. See PHPBB3-13531.
• Security (CVE-2015-1432): The ucp_pm_options form key is now properly validated. Thanks to FBNeal and lampsys who reported this independently. See PHPBB3-13526.
• Hardening: Information received from the phpBB version server is now considered untrusted. See PHPBB3-13527.
• Hardening: The deregister_globals() function now better handles the case when $_COOKIE['GLOBALS'] is specified. See PHPBB3-13376.
• Hardening: Existence of the path to the imagick program specified in the Administration Control Panel is now verified. See PHPBB3-13519.
• Abuse Prevention: The "Send password" feature now sends anti-abuse headers in e-mail messages. See PHPBB3-11799.
Notable Changes and Bug Fixes
• Improved Compatibility with Apache 2.4. See PHPBB3-11860.
• Improved Compatibility with PHP 5.6. See PHPBB3-12468, PHPBB3-13096 and PHPBB3-13168.
• Improved Compatibility with Internet Explorer 11. See PHPBB3-12093.
• Improved Compatibility with Microsoft Azure. See PHPBB3-9725 and PHPBB3-10796
• "Edit signature" in the User Control Panel now correctly allows smilies to be selected for insertion. See PHPBB3-10037.
• Remote avatar upload now works correctly when HTTP server uses Keep-Alive. See PHPBB3-12755.
• An issue was fixed where the board would not load correctly for banned users. See PHPBB3-13138.
• Language strings containing numbers can now be used as HTML replacement in Custom BBcodes. See PHPBB3-12048.
• Cookies now work properly on local networks. See PHPBB3-11613.
• Published package are now checksummed using the SHA-256 algorithm instead of MD5. See PHPBB3-11876.
如會員發現了任何錯誤, 請立即告知, 以便我們解決
感謝大家的支持!