The guys at phpBB have released version 3.0.1 of phpBB and we have updated all hosted forums to it. Sorry for the down time you may have experienced this morning while we carried out the work at the server.

This new version includes several bugfixes and security fixes. Here is the full changelog:

1.i. Changes since 3.0.0

• [Change] Validate birthdays (Bug #15004)
• [Fix] Allow correct avatar caching for CGI installations. (thanks wildbill)
• [Fix] Fix disabling of word censor, now possible again
• [Fix] Allow single quotes in db password to be stored within config.php in installer
• [Fix] Correctly quote db password for re-display in installer (Bug #16695 / thanks to m313 for reporting too - #s17235)
• [Fix] Correctly handle empty imageset entries (Bug #16865)
• [Fix] Correctly check empty subjects/messages (Bug #17915)
• [Change] Do not check usernames against word censor list. Disallowed usernames is already checked and word censor belong to posts. (Bug #17745)
• [Fix] Additionally include non-postable forums for moderators forums shown within the teams list. (Bug #17265)
• [Change] Sped up viewforum considerably (also goes towards mcp_forum)
• [Fix] Do not split topic list for topics being promoted to announcements after been moved to another forum (Bug #18635)
• [Fix] Allow editing usernames within database_update on username cleanup (Bug #18415)
• [Fix] Fixing wrong sync() calls if moving all posts by a member in ACP (Bug #18385)
• [Fix] Check entered imagemagick path for trailing slash (Bug #18205)
• [Fix] Use proper title on index for new/unread posts (Bug #13101) - patch provided by Pyramide
• [Fix] Allow calls to $user->set_cookie() define no cookie time for setting session cookies (Bug #18025)
• [Fix] Stricter checks on smilie packs (Bug #19675)
• [Fix] Gracefully return from cancelling pm drafts (Bug #19675)
• [Fix] Possible login problems with IE7 if browser check is activated (Bug #20135)
• [Fix] Fix possible database transaction errors if code returns on error and rollback happened (Bug #17025)
• [Change] Allow numbers in permission names for modifications, as well as uppercase letters for the request_ part (Bug #20125)
• [Fix] Use HTTP_HOST in favor of SERVER_NAME for determining server url for redirection and installation (Bug #19955)
• [Fix] Removing s_watching_img from watch_topic_forum() function (Bug #20445)
• [Fix] Changing order for post review if more than one post affected (Bug #15249)
• [Fix] Language typos/fixes (Bug #20425, #15719, #15429, #14669, #13479, #20795, #21095, #21405, #21715, #21725, #21755, #21865, #15689)
• [Fix] Style/Template fixes (Bug #20065, #19405, #19205, #15028, #14934, #14821, #14752, #14497, #13707, #14738, #19725)
• [Fix] Tiny code fixes (Bug #20165, #20025, #19795, #14804)
• [Fix] Prepend phpbb_root_path to ranks path for displaying ranks (Bug #19075)
• [Fix] Allow forum notifications if topic notifications are disabled but forum notifications enabled (Bug #14765)
• [Fix] Fixing realpath issues for provider returning the passed value instead of disabling it. This fixes issues with confirm boxes for those hosted on Network Solutions for example. (Bug #20435)
• [Fix] Try to sort last active date on memberlist correctly at least on current page (Bug #18665)
• [Fix] Handle generation of form tokens when maximum time is set to -1
• [Fix] Correctly delete unapproved posts without deleting the topic (Bug #15120)
• [Fix] Respect signature permissions in posting (Bug #16029)
• [Fix] Users allowed to resign only from open and freely open groups (Bug #19355)
• [Fix] Assign a last viewed date to converted topics (Bug #16565)
• [Fix] Many minor and/or cosmetic fixes (Including, but not limited to: #21315, #18575, #18435, #21215)
• [Feature] New option to hide the entire list of subforums on listforums
• [Fix] Custom BBCode {EMAIL}-Token usage (Bug #21155)
• [Fix] Do not rely on parameter returned by unlink() for verifying cache directory write permission (Bug #19565)
• [Change] Use correct string for filesize (MiB instead of MB for example)
• [Change] Remove left join for query used to retrieve already assigned users and groups within permission panel (Bug #20235)
• [Fix] Correctly return sole whitespaces if used with BBCodes (Bug #19535)
• [Fix] Quote bbcode parsing adding too much closing tags on special conditions (Bug #20735)
• [Change] Added sanity checks to various ACP settings
• [Change] Removed minimum form times
• [Fix] Check topics_per_page value in acp_forums (Bug #15539)
• [Fix] Custom profile fields with date type should be timezone independend (Bug #15003)
• [Fix] Fixing some XHTML errors/warnings within the ACP (Bug #22875)
• [Fix] Warnings if poll title/options exceed maximum characters per post (Bug #22865)
• [Fix] Do not allow selecting non-authorized groups within memberlist by adjusting URL (Bug #22805 - patch provided by ToonArmy)
• [Fix] Correctly specify “close report action” (Bug #22685)
• [Fix] Display “empty password error” within the login box instead of issuing a general error (Bug #22525)
• [Fix] Clean up who is online code in page_header (Bug #22715, thanks HighwayofLife)
• [Fix] Pertain select single link on memberlist (Bug #23235 - patch provided by Schumi)
• [Fix] Allow & and | in local part of email addresses (Bug #22995)
• [Fix] Do not error out if php_uname function disabled / Authenticating on SMTP Server (Bug #22235 - patch by HoL)
• [Fix] Correctly obtain to be ignored users within topic/forum notification (Bug #21795 - patch provided by dr.death)
• [Fix] Correctly update board statistics for attaching orphaned files to existing posts (Bug #20185)
• [Fix] Do not detect the board URL as a link twice in posts (Bug #19215)
• [Fix] Set correct error reporting in style.php to avoid blank pages after CSS changes (Bug #23885)
• [Fix] If pruning users based on last activity, do not include users never logged in before (Bug #18105)
• [Sec] Only allow searching by email address in memberlist for users having the a_user permission (reported by evil<3)
• [Sec] Limit private message attachments to be viewable only by the recipient(s)/sender (Report #s23535) - reported by AlleyKat
• [Sec] Check for non-empty config.php within style.php (Report #s24575) - reported by bantu
• [Fix] Find and display colliding usernames correctly when converting from one database to another (Bug #23925)

The phpBB team has just released phpBB 2.0.23. This release addresses several bugfixes and
some security issues.

The changelog (contained within this release) is as follows:

- Correctly re-assign group moderator on user deletion (Bug
#280)

- Deleting a forum with multiple polls included (Bug #6740)

- Fixed postgresql query for obtaining group moderator in
groupcp.php (Bug #6550)

- Selected field on first entry by default for font size within
posting_body.tpl (Bug #7124)

- Adjusted maxlength parameters in admin/styles_edit_body.tpl
(Bug #81)

- Fixed html output in make_forum_select if no forums present
(Bug #436)

- Fixed spelling error(s) in lang_admin.php (Bug #7172, #6978)

- Correctly display censored words in admin panel (Bug #12271)

- Do not allow soft hyphen xAD in usernames (reported by
Bander00)

- Fixed the group permission system’s use of array access

- Simple group permissions now work properly

- Fix inability to export smilies (Bug #2265)

- Fixing some problems with PHP5 and register_long_arrays off

- Fix possible XSRF Vulnerability in private messaging and
groups handling

As usual, we at phpBBnow.com take our forums security very seriously and have immediately applied the upgrade. Therefore, all forums have now the leates release of phpBB2.

I would like to take this opportunity to thank all of you once again for your continous support.