phpBB Weekly

phpBB 3.0.RC6, probably the most hyped release candidate of phpBB so far (and definitely the one release that we’ve talked about more than any other on our show), was just released this afternoon. (Or, if you’re in Europe/Asia, it was released last night.) What’s so significant about this particular release is that it arguably includes the most changes/new features to the phpBB3 codebase since UTF-8 support arrived in Beta3, back last November. (David covered many of these features on episode #033, and we also discussed a few of these on today’s episode #034, which will be released really soon.)

It was also revealed that the phpBB3 codebase security audit was done by independent software security company SektionEins. Their website indicates that they specialize in security audits for web applications, in particular for those based on PHP. Their site also lists a number of stats about Internet attacks, and on episode #034 we talked a bit about some common vulnerabilities that web applications suffer. One of the reasons that phpBB has a bad reputation for security is because many hosts are using much much older versions of phpBB2 that have serious vulnerabilities in them. The phpBB teams over the years have been very good at getting new, fixed releases out in a timely matter, and the majority of the fault for these exploits are forum admins who don’t keep phpBB2 up-to-date, but nevertheless, the phpBB teams have been unfairly blamed many times for these. By having a codebase audit prior to Olympus going gold, phpBB3 will hopefully have a better lifetime than phpBB2 did.

However, Acyd Burn mentioned that the security audit turned up zero SQL injection vulnerabilities and zero Command Code Execution (CCE) vulnerabilities, which is excellent news and really exemplifies some of phpBB3′s superiority to phpBB2 when it comes to security. Considering that there’s over 200,000 lines of code in phpBB3, this is an excellent accomplishment and props for that goes to the Development Team. However, thanks to the security audit, RC-6 does bring along fixes for a few XSS vulnerabilities, a new password hashing mechanism, and a number of other new goodies.

Anyway, be sure that you run, don’t walk, over to the downloads page and download the RC-6 updater! The countdown to phpBB3 is getting nearer, can you feel the excitement?

UPDATE: Acyd Burn has announced that due to some problems with the RC-6 package, a new RC-7 package will be released later today. The teams will be providing auto-update packages for both RC-6 to RC-7 and RC-5 to RC-7. You probably should hold off until the new release this afternoon.
On phpBB Weekly #035, David will probably talk a bit about what happened to necessitate the RC-7 release.

If you are experiencing problems on your board with the RC-6/RC-7 update, read this article which details many problems with MODs and Styles due to the update.

I have just been informed that the episode files that I edited for phpBB Weekly #022 and #023 were overridden by TalkShoe’s own recording, despite the fact that my edited uploads were downloading from their servers yesterday. The episodes are supposed to begin and end with the phpBB Weekly theme music, not the little TalkShoe riff.

I am getting in touch with the folks at TalkShoe to find out what is wrong. I apologize for this inconvenience.

Update 7/9: I received a response from TalkShoe Technical Support. Due to a recent series of updates that they rolled out on their website, they found that the mechanism for editing/posting recorded episodes have broken. Because of this, they are currently editing and uploading episodes manually (I can imagine how horrible that must be!). I don’t like to wait for TalkShoe’s recording to be posted, instead preferring to post my edited recording first. Unfortunately, now that their end is being done manually, my uploads have been overwritten. Unfortunately, I don’t have a local copy of the edited episodes because I recently had to clear up some space on my hard drive for a different project.
I have asked TalkShoe if they can try to see if they have a copy of the original files that I uploaded, and hopefully this will be fixed on their end by the next live show (although I have an alternate solution in mind for recording that should avoid this hassle). I’ll keep posting updates as I receive information.

Update 7/10: Unfortunately, TalkShoe does not keep an archive of uploaded episodes, however they have been made aware of the issue and have put in a feature request so that uploaded episodes are not overwritten by the service. In the meantime, I have planned out a minor change to the recording process which should prevent this sort of error from recurring. I will be reuploading phpBB Weekly #022 and #023 myself later today in order to restore the theme music (although the superior sound quality will be lost), but this should be fixed for phpBB Weekly #024. After that, I’m off to Sacramento!