Changes since 3.3.16
Bug
[PHPBB-17639] - Installation under PHP 8.4 failed with timeout detection reason check_filesystem.php
[PHPBB-17650] - Migrator bug prevents complete uninstallation for certain extensions
[PHPBB-17651] - Notification manager tests fail on mssql
[PHPBB-17658] - Testing for 3.3.x is broken on PHP 8
Improvement
[PHPBB-17659] - Move oauth login to controllers
Hardening
[SECURITY-292] - Improve secure downloads referer checking
[SECURITY-295] - Hardening of hostname lookups
Security Issue
[SECURITY-293] - Improper state verification in OAuth implementation
[SECURITY-294] - Improper access verification when setting permissions in ACP
[SECURITY-296] - Ensure proper casting in profile field migration
Changes since 3.3.16-RC1
Hardening
[SECURITY-289] - Hardening against non-rasterized image uploads
Security Issue
[SECURITY-285] - Password Reset Link Poisoning
[SECURITY-286] - IDOR when composing PMs
[SECURITY-287] - CSRF on report submission
[SECURITY-290] - Cross-User Notification Read State Manipulation
Changes since 3.3.16-RC1
Hardening
[SECURITY-289] - Hardening against non-rasterized image uploads
Security Issue
[SECURITY-285] - Password Reset Link Poisoning
[SECURITY-286] - IDOR when composing PMs
[SECURITY-287] - CSRF on report submission
[SECURITY-290] - Cross-User Notification Read State Manipulation
Changes since 3.3.15
Bug
[PHPBB-14401] - Sphinx: Remove ending slash from binlog_path
[PHPBB-15085] - HTTP authentication from feeds served via controller
[PHPBB-17034] - Rank post limit
[PHPBB-17157] - Read Topic Permission With Search permission
[PHPBB-17399] - Add select attribute for British English the default language
[PHPBB-17475] - Overflow on resynchronize statistics when running on MSSQL with large number of attachments
[PHPBB-17477] - Problem with Whois lookups returning incorrect information due to ARIN/RIPE changes
[PHPBB-17486] - Upgrade from 3.0 to 3.3 fails with SQL "Incorrect integer value" error
[PHPBB-17491] - Ascending posts pagination in version 3.3.15
[PHPBB-17504] - Tests fail because of changed label of ondrej/php repo
[PHPBB-17506] - PHP fatal error on install
[PHPBB-17510] - CodeSniffer ruleset is reported as DEPRECATED
[PHPBB-17519] - Cron URLs are encoded incorrectly
[PHPBB-17527] - PHP fatal error when decorating Twig phpBB extension service in phpBB extension
[PHPBB-17533] - Reverting migrations may cause restoring incorrect data and throw "module exists" exceptions
[PHPBB-17563] - CodeSniffer ruleset (PPSSE) not fully compatible with CS 4
[PHPBB-17565] - Incorrect exporting PM as CSV for Excel
[PHPBB-17580] - Downloading files with a byte range of 8192 bytes causes fatal error
[PHPBB-17589] - QA captcha appears on every other login attempt
[PHPBB-17622] - Version helper may return update from newer branch
Improvement
[PHPBB-13481] - Explain in ACP Attachment settings images get resized (at client-side)
[PHPBB-15007] - Add Restart link to installer
[PHPBB-16941] - Add Sphinx search backend tests
[PHPBB-17498] - Move GitHub Actions Ubuntu 20.04 runners to Ubuntu 22.04
[PHPBB-17536] - Add event to Edit forum in ACP to modify template
[PHPBB-17538] - Terms and Policy wording improvements
[PHPBB-17555] - Improve running of tests on windows runners in GitHub Actions
[PHPBB-17570] - Replace an old CSS accessibility hack with a modern, recommended and W3C compliant method
[PHPBB-17598] - Deny access to composer files in apache
[PHPBB-17605] - Fix homestead and use a fork since is no longer maintained
[PHPBB-17620] - Skip whois test when daily rate-limit is reached
[PHPBB-17621] - Change U_WARN to use new warn_allowed variable
New Feature
[PHPBB-17515] - Add new event to: ucp_pm_viewmessage.html
Task
[PHPBB-17110] - Reword "slander" to "libel" in registration legalese
[PHPBB-17545] - Improve handling of DDoS/brute force attacks on login form
[PHPBB-17584] - Exclude tests from PSR1 code sniffs
[PHPBB-17591] - Update to Code Sniffer 4
[PHPBB-17593] - Allow functional tests on a secure local server
[PHPBB-17612] - Remove imageset to css converter
[PHPBB-17613] - Remove support for retired WebPI packages
[PHPBB-17628] - Update composer and node dependencies
Changes since 3.3.15-RC1
Bug
[PHPBB-17480] - PHP fatal error in version check failure
Security Issue
[SECURITY-283] - Use jQuery to generate HTML from page data
Changes since 3.3.14
Bug
[PHPBB-17227] - Member list sorting bug - repeating users on several pages
[PHPBB-17381] - 'topic_views' column overflow blocks access to the topic
[PHPBB-17417] - Day selection not visible when no results
[PHPBB-17422] - Ascending posts pagination
[PHPBB-17436] - PHP fatal error while converting from phpBB 2.0 with Attachment MOD
[PHPBB-17455] - PHP warning on MySQLi connection failure
[PHPBB-17463] - Extra & in unread posts search pagination
[PHPBB-17468] - Reset password feature is not restricted to email
[PHPBB-17470] - Enable feeds setting not enforced
Improvement
[PHPBB-17429] - Adding event before users have been added to a group
[PHPBB-17431] - Add more vars to memberlist event
[PHPBB-17433] - Unclear instructions in ACP, Server settings
[PHPBB-17443] - Various Guzzle client issues for version checks
[PHPBB-17446] - Add acp_account_activation_edit_add event
[PHPBB-17461] - Add php events for ACP main actions
[PHPBB-17467] - Add TLS v.1.3 support to email messenger connection
[PHPBB-17471] - Forum feed link in forumlist_body does not return the correct URL
[PHPBB-17478] - Add security policy to repository