L
Latest phpBB.com announcements
Guest
- #1
Thread Owner:
Latest phpBB.com announcements
Greetings everyone,
As mentioned in the release announcement of phpBB 3.3.17, a security issue noticed in phpBB versions 3.3.16 and prior could have been used to hijack user accounts. Due to the criticality of this issue, we urge admins to update to 3.3.17 as soon as possible or disable access to their forums until they manage to do so.
If you are not able to update to 3.3.17 yet and do not use Apache or LDAP authentication on your board, you can remove the following two files as a temporary workaround ({root} used as indicator of the forum root directory):
Note: This workaround will result in an error when visiting the authentication provider page in the ACP. You can add the files back when updating to 3.3.17 and the error should then be resolved.
- The phpBB Team
Continue reading...
As mentioned in the release announcement of phpBB 3.3.17, a security issue noticed in phpBB versions 3.3.16 and prior could have been used to hijack user accounts. Due to the criticality of this issue, we urge admins to update to 3.3.17 as soon as possible or disable access to their forums until they manage to do so.
If you are not able to update to 3.3.17 yet and do not use Apache or LDAP authentication on your board, you can remove the following two files as a temporary workaround ({root} used as indicator of the forum root directory):
{root}/phpbb/auth/provider/apache.php{root}/phpbb/auth/provider/ldap.php
Note: This workaround will result in an error when visiting the authentication provider page in the ACP. You can add the files back when updating to 3.3.17 and the error should then be resolved.
- The phpBB Team
Continue reading...
