With the new 2.0.x codebase in a stable state, the development team,
now led by Meik Sievertsen, has begun building upon and altering
the codebase to produce "Olympus"; when it reaches production
quality, it will be released as 3.0.0. The improvements in "Olympus"
to date are comparable with the improvements between 1.4.x and 2.0.x.
It was originally planned to be released as 2.2.0; however, since
2.1.x eliminated virtually all compatibility with the 2.0.x line,
the version number for release was changed to 3.0.0, in keeping
with the Linux kernel version.
A summary of features implemented as of May 2003 exists, with another
more concise summary dating from April of 2003. A list of new features
that will be included in version 3.0.0 can be found at the phpBB
The addition of new developers to the phpBB team has increased the
pace of development from a long lull.
On March 19, 2006, the development team opened a public bug tracker
for the CVS version, and on June 17, 2006 the first beta version
of 3.0 was released. On August 12, 2006, Beta 2 was released, and
fixed many bugs from the first Beta. On November 12, 2006 Beta 3
was released, introducting UTF-8 support and fixing many bugs. On
November 27, 2006 Beta 4 was released, fixing 100 bugs that had
been found since Beta 3 was released. Beta 5 was released on January
28, 2007; it is anticipated that this will be the last beta version
before the Release Candidate cycle.
Following a week-long server outage, the phpBB team released a new
version of their website on March 18, 2007. The new site featured
an all-new design based on the new "prosilver" theme by
team member Tom Beddard, and the main Community forums ran 3.0.x
for the first time.
Some of phpBB's features include:
· A templated style system intended to allow easy customisation.
· Support for internationalization; 64 translations are available
as of 2006.
· Compatibility with multiple database management systems
including MySQL, PostgreSQL, Microsoft SQL Server, Microsoft Access
and, with modification, Oracle.
· A large community of users providing free support and customisations.
phpBB can be scaled throughout many servers, and numerous sites
have scaled phpBB sites over tens of servers. To make this simpler
for future releases, the Olympus CVS code has many of these 'tweaks'
implemented into the codebase. These tweaks range from being able
to open pages within a timely manner if the topics are too large
to speeding up registration.
MODs are code modifications created by the phpBB community. The
term is capitalised to distinguish modifications from forum moderators.
Modifications referred to in this manner are not authored by the
phpBB developers, and do not enjoy the same level of support as
unmodified official code. The phpBB MOD Team accepts modifications
from community sources for validation, and modifications which meet
the MOD Team's standards are made available for download from the
phpBB MOD Database. Other sites also provide modifications, both
validated to their own standards and unvalidated, however the phpBB
teams do not offer support for boards using MODs downloaded from
sites other than phpBB.com.
In December 2004, a large number of Web sites were defaced by the
Santy worm, which used vulnerabilities in outdated versions of phpBB
to overwrite PHP and HTML pages.
Because of this, the security of phpBB has been disputed, with a
series of new versions in a relatively small timeframe addressing
security issues. However the phpBB Team usually responds to security
reports as soon as possible, and releases a new version quickly.
The phpBB Group has also learned from a series of security issues,
and phpBB 2.0.18 was released following a codebase security audit.
Additionally, many things have been changed to avoid problems in
the future. Among those are a re-authentication system for the administration
panel (this was introduced after a cookie verification issue allowed
attackers to gain administrator access), a visual confirmation system
(CAPTCHA) to prevent bots from registering, as well as the substitution
of the highlighting code, which was the cause for critical vulnerabilities
in phpBB 2.0.10 and 2.0.15. In order to keep boards as secure as
possible, administrators are urged to keep their board updated to
the latest version as soon as possible. The CAPTCHA system has however
proven vulnerable to automated registrations, with numerous phpBB-based
forums being swamped by spam registrations.
On November 23, 2005, the phpBB Group announced a new Incident Investigation
Team, a sub-team of their Support Team, which is responsible for
assisting users in the cleanup and repair of an attacked phpBB installation
and investigating reports of new exploits. The team announced a
tracker the following January where administrators of attacked bulletin
boards could report an attack and receive support from the IIT.