phpBB gets update to counter security hole caused by introduction of feeds

1 min read

A security issue was introduced with phpBB 3.07 which allowed users to bypass permission settings if any of the following conditions were met:

  • Feeds are enabled
  • Any of the posts or topics feeds are enabled
  • The unauthorised user – or one of the groups they are a member of – have forum permissions set on a private forum
  • If you have excluded a forum from the list of forums that provide feeds, it is unaffected

The full announcement:

We are sorry to announce the immediate release of phpBB 3.0.7-PL1 to address a security issue which was introduced in 3.0.7, unfortunately the issue wasn't noticed during testing and has only surfaced a week after the release of 3.0.7.

We promised working feeds for phpBB 3.0.7. Sadly, we were not able to deliver on that promise – a critical bug in the permission handling for feeds slipped past. To all people who already have updated to 3.0.7, it is of critical importance to update to 3.0.7-PL1.

You can do so by downloading the latest release from their website.

Previous article

VYRE to partner with Wave2 Media Solutions

VYRE Ltd, developer of award winning content management platform VYRE Unify, is pleased to announce a new strategic partnership with publishing software specialist Wave2 Media

Next article

Simple Machines Forum 2.0 RC3 Available

A new release candidate of SMF 2.0 is now available for testing. This is the 3rd release candidate for what will soon become Simple


🎉 You've successfully subscribed to CMS Critic!