Hi everyone,br /br /We are sorry to announce the immediate release of phpBB 3.0.7-PL1 to address a security issue which was span style="font-style: italic"introduced/span in 3.0.7, unfortunately the issue wasn't noticed during testing and has only surfaced a week after the release of 3.0.7.br /br /We promised working feeds for phpBB 3.0.7. Sadly, we were not able to deliver on that promise - a critical bug in the permission handling for feeds slipped past. To all people who already have updated to 3.0.7, it is of critical importance to update to 3.0.7-PL1. Otherwise, it is possible for users to bypass permission settings under the following circumstances:br /br /ulliFeeds are enabled/liliAny of the posts or topics feeds are enabled/liliThe unauthorised user - or one of the groups they are a member of - have forum permissions set on a private forum/liliIf you have excluded a forum from the list of forums that provide feeds, it is unaffected/li/ulbr /span style="font-weight: bold"Note: We recommend the use of a regular update routine over manually editing your files. If you manually edit your files your board will not recognise the update./spanbr /The fix for the issue is a single line change inside of feed.php, line 525 has changed from:br /dl class="codebox"dtCode: a href="#" onclick="selectCode(this); return false;"Select all/a/dtddcodespan class="syntaxdefault"$forum_ids?/spanspan class="syntaxkeyword"=/spanspan class="syntaxdefault"?array_keys/spanspan class="syntaxkeyword"(/spanspan class="syntaxdefault"$auth/spanspan class="syntaxkeyword"-/spanspan class="syntaxdefault"acl_getf/spanspan class="syntaxkeyword"(/spanspan class="syntaxstring"'f_read'/spanspan class="syntaxkeyword"));/spanspan class="syntaxdefault"???/span/code/dd/dlto:br /dl class="codebox"dtCode: a href="#" onclick="selectCode(this); return false;"Select all/a/dtddcodespan class="syntaxdefault"$forum_ids?/spanspan class="syntaxkeyword"=/spanspan class="syntaxdefault"?array_keys/spanspan class="syntaxkeyword"(/spanspan class="syntaxdefault"$auth/spanspan class="syntaxkeyword"-/spanspan class="syntaxdefault"acl_getf/spanspan class="syntaxkeyword"(/spanspan class="syntaxstring"'f_read'/spanspan class="syntaxkeyword",/spanspan class="syntaxdefault"?true/spanspan class="syntaxkeyword"));/spanspan class="syntaxdefault"???/span/code/dd/dlbr /br /There were no other changes, in particular neither style nor language changes.br /br /span style="font-size: 117%; line-height: 116%;"span style="font-weight: bold"Installation instructions/span/spanbr /br /A short explanation of how to do a conversion, installation or update is included within the provided INSTALL.html file, please be sure to read it. You can find a a href="http://www.phpbb.com/support/documents.php?mode=installversion=3#require" class="postlink"list of requirements/a on our Downloads page.br /br /span style="font-size: 117%; line-height: 116%;"span style="font-weight: bold"Security/span/spanbr /br /If you find any security issues please report them to our a href="http://www.phpbb.com/security/" class="postlink"security tracker/a.br /br /span style="font-size: 117%; line-height: 116%;"span style="font-weight: bold"Available packages/span/spanbr /br /If you experience problems with the automatic update (white screens, timeouts, etc.) we recommend using the changed files only or patch method for updating.br /br /ullispan style="font-weight: bold"Full Package:/spanbr /Full phpBB 3 source code and english language files./lilispan style="font-weight: bold"Automatic Update Package:/spanbr /Update package for the automatic updater, contains changes from previous release to this release./lilispan style="font-weight: bold"Changed Files Only:/spanbr /Complete files, but only those that were changed since previous releases of phpBB 3. This archive contains changed files for every previous release./lilispan style="font-weight: bold"Patch Files:/spanbr /This file contains diffs against the previous phpBB 3 release, which can be applied with the patch utility./li/ulbr /Select the package most suitable for you. We recommend the following methods depending on your situation:br /br /ulliFor new installations you should use the Full Package/liliFor updates of boards without modifications you can use the Automatic Update Package (guided update) or the Changed Files Only package (manual update)./liliFor updates of boards with modifications you should use the Automatic Update Package. If you are confident with patch files and patching you can use the Patch Files Package./liliInternational Support Teams may use the Patch Package in conjunction with the Code Changes to better support users with problematic conflicts during their update process or to help them update code sections./liliIf you are a hoster/provider, you may want to use the Patch Files Package to update all of your client installations./li/ulbr /span style="font-size: 110%; line-height: 116%;"span style="font-weight: bold"span style="text-decoration: underline"Please ensure you read the INSTALL and README documents in docs/ before proceeding with installation, updates or conversions!/span/span/spanbr /br /span style="font-size: 117%; line-height: 116%;"span style="font-weight: bold"Download Locations/span/spanbr /br /The download is of course available on our a href="http://www.phpbb.com/downloads/" class="postlink"downloads page/a.br /Our a href="http://www.phpbb.com/files/archive/" class="postlink"release archive/a provides all packages we build. If you do not find your desired package you can probably find it in the release archive.br /br /These are the files with their md5 sums:br /br /a href="http://www.phpbb.com/files/release/phpBB-3.0.7-PL1.zip" class="postlink"phpBB-3.0.7-PL1.zip/a (Full Package)br /md5sum: 1125b615e13a5bb8787afab58a27c627br /a href="http://www.phpbb.com/files/release/phpBB-3.0.7-PL1.tar.bz2" class="postlink"phpBB-3.0.7-PL1.tar.bz2/a (Full Package)br /md5sum: 67570654462c442c29080007c0af1e1bbr /a href="http://www.phpbb.com/files/release/phpBB-3.0.7-PL1-patch.zip" class="postlink"phpBB-3.0.7-PL1-patch.zip/a (Patch Files)br /md5sum: 44d163c6f945207f666b4b8ecbf179b8br /a href="http://www.phpbb.com/files/release/phpBB-3.0.7-PL1-patch.tar.bz2" class="postlink"phpBB-3.0.7-PL1-patch.tar.bz2/a (Patch Files)br /md5sum: 4d611e1160599835ff48fc6454bf85e0br /a href="http://www.phpbb.com/files/release/phpBB-3.0.7-PL1-files.zip" class="postlink"phpBB-3.0.7-PL1-files.zip/a (Changed Files)br /md5sum: 579f5685cc37c69dd6ce023b46ce2593br /a href="http://www.phpbb.com/files/release/phpBB-3.0.7-PL1-files.tar.bz2" class="postlink"phpBB-3.0.7-PL1-files.tar.bz2/a (Changed Files)br /md5sum: 2779984411598d919a6a1e6adc35894dbr /a href="http://www.phpbb.com/files/release/phpBB-3.0.7_to_3.0.7-PL1.zip" class="postlink"phpBB-3.0.7_to_3.0.7-PL1.zip/a (Automatic Update Package from 3.0.7)br /md5sum: e135fd3b43c17c0bdc69f3fc246e6524br /a href="http://www.phpbb.com/files/release/phpBB-3.0.7_to_3.0.7-PL1.tar.bz2" class="postlink"phpBB-3.0.7_to_3.0.7-PL1.tar.bz2/a (Automatic Update Package from 3.0.7)br /md5sum: 589d21934c14a6517583316659f0225fbr /a href="http://www.phpbb.com/files/release/phpBB-3.0.6_to_3.0.7-PL1.zip" class="postlink"phpBB-3.0.6_to_3.0.7-PL1.zip/a (Automatic Update Package from 3.0.6)br /md5sum: b93e31c7930ace5af89d9804b55d8c66br /a href="http://www.phpbb.com/files/release/phpBB-3.0.6_to_3.0.7-PL1.tar.bz2" class="postlink"phpBB-3.0.6_to_3.0.7-PL1.tar.bz2/a (Automatic Update Package from 3.0.6)br /md5sum: cf9b3a42872be8afcddb42648a390861br /br /span style="font-size: 117%; line-height: 116%;"span style="font-weight: bold"Download Documentation/span/spanbr /br /ullia href="http://www.phpbb.com/downloads/" class="postlink"phpBB Downloads/a/lilia href="http://www.ohloh.net/projects/phpbb" class="postlink"phpBB Projects page @ ohloh/a/lilia href="http://www.phpbb.com/support/documentation/3.0/" class="postlink"phpBB 3 Documentation/a/lilia href="http://www.phpbb.com/phpBB/viewforum.php?f=46" class="postlink"phpBB 3 support forum/a/lilia href="http://www.phpbb.com/bugs/phpbb3/" class="postlink"phpBB 3 bug tracker/a/lilia href="http://code.phpbb.com/" class="postlink"phpBB Code Forge/a/lilia href="http://wiki.phpbb.com/" class="postlink"phpBB Code Wiki/a/li/ul

Read more: http://www.phpbb.com/community/viewtopic.php?f=14t=2014195