Late last night, the developers behind phpBB announced that they’ve released phpBB 3.0.7-PL1.  This release addresses a security vulnerability that was introduced in release 3.0.7, relating to a critical bug in the permission handling for feeds.

Those users who upgraded to phpBB 3.0.7 are strongly urged to upgrade to 3.0.7-PL1 as soon as possible…indeed, the developers indicate that it’s of “critical importance.”

The announcement indicates that users of phpBB are urged to perform a regular update routine rather than manually editing their files, otherwise the board will not recognize the update. To learn how to perform the upgrade, you can read the INSTALL.html file within the phpBB download package.

You can download phpBB 3.0.7-PL1 from the phpBB Downloads page.

No other changes or updates are included in PL1; this release is solely related to the permissions issue with feeds.

If you find any other security issues with phpBB, you can report them to the phpBB security tracker.