Changes since 3.3.16
Bug

    [PHPBB-17639] - Installation under PHP 8.4 failed with timeout detection reason check_filesystem.php
    [PHPBB-17650] - Migrator bug prevents complete uninstallation for certain extensions
    [PHPBB-17651] - Notification manager tests fail on mssql
    [PHPBB-17658] - Testing for 3.3.x is broken on PHP 8

Improvement

    [PHPBB-17659] - Move oauth login to controllers

Hardening

    [SECURITY-292] - Improve secure downloads referer checking
    [SECURITY-295] - Hardening of hostname lookups

Security Issue

    [SECURITY-293] - Improper state verification in OAuth implementation
    [SECURITY-294] - Improper access verification when setting permissions in ACP
    [SECURITY-296] - Ensure proper casting in profile field migration

Changes since 3.3.16-RC1
Hardening

    [SECURITY-289] - Hardening against non-rasterized image uploads

Security Issue

    [SECURITY-285] - Password Reset Link Poisoning
    [SECURITY-286] - IDOR when composing PMs
    [SECURITY-287] - CSRF on report submission
    [SECURITY-290] - Cross-User Notification Read State Manipulation

Changes since 3.3.16-RC1
Hardening

    [SECURITY-289] - Hardening against non-rasterized image uploads

Security Issue

    [SECURITY-285] - Password Reset Link Poisoning
    [SECURITY-286] - IDOR when composing PMs
    [SECURITY-287] - CSRF on report submission
    [SECURITY-290] - Cross-User Notification Read State Manipulation

Changes since 3.3.15
Bug

    [PHPBB-14401] - Sphinx: Remove ending slash from binlog_path
    [PHPBB-15085] - HTTP authentication from feeds served via controller
    [PHPBB-17034] - Rank post limit
    [PHPBB-17157] - Read Topic Permission With Search permission
    [PHPBB-17399] - Add select attribute for British English the default language
    [PHPBB-17475] - Overflow on resynchronize statistics when running on MSSQL with large number of attachments
    [PHPBB-17477] - Problem with Whois lookups returning incorrect information due to ARIN/RIPE changes
    [PHPBB-17486] - Upgrade from 3.0 to 3.3 fails with SQL "Incorrect integer value" error
    [PHPBB-17491] - Ascending posts pagination in version 3.3.15
    [PHPBB-17504] - Tests fail because of changed label of ondrej/php repo
    [PHPBB-17506] - PHP fatal error on install
    [PHPBB-17510] - CodeSniffer ruleset is reported as DEPRECATED
    [PHPBB-17519] - Cron URLs are encoded incorrectly
    [PHPBB-17527] - PHP fatal error when decorating Twig phpBB extension service in phpBB extension
    [PHPBB-17533] - Reverting migrations may cause restoring incorrect data and throw "module exists" exceptions
    [PHPBB-17563] - CodeSniffer ruleset (PPSSE) not fully compatible with CS 4
    [PHPBB-17565] - Incorrect exporting PM as CSV for Excel
    [PHPBB-17580] - Downloading files with a byte range of 8192 bytes causes fatal error
    [PHPBB-17589] - QA captcha appears on every other login attempt
    [PHPBB-17622] - Version helper may return update from newer branch

Improvement

    [PHPBB-13481] - Explain in ACP Attachment settings images get resized (at client-side)
    [PHPBB-15007] - Add Restart link to installer
    [PHPBB-16941] - Add Sphinx search backend tests
    [PHPBB-17498] - Move GitHub Actions Ubuntu 20.04 runners to Ubuntu 22.04
    [PHPBB-17536] - Add event to Edit forum in ACP to modify template
    [PHPBB-17538] - Terms and Policy wording improvements
    [PHPBB-17555] - Improve running of tests on windows runners in GitHub Actions
    [PHPBB-17570] - Replace an old CSS accessibility hack with a modern, recommended and W3C compliant method
    [PHPBB-17598] - Deny access to composer files in apache
    [PHPBB-17605] - Fix homestead and use a fork since is no longer maintained
    [PHPBB-17620] - Skip whois test when daily rate-limit is reached
    [PHPBB-17621] - Change U_WARN to use new warn_allowed variable

New Feature

    [PHPBB-17515] - Add new event to: ucp_pm_viewmessage.html

Task

    [PHPBB-17110] - Reword "slander" to "libel" in registration legalese
    [PHPBB-17545] - Improve handling of DDoS/brute force attacks on login form
    [PHPBB-17584] - Exclude tests from PSR1 code sniffs
    [PHPBB-17591] - Update to Code Sniffer 4
    [PHPBB-17593] - Allow functional tests on a secure local server
    [PHPBB-17612] - Remove imageset to css converter
    [PHPBB-17613] - Remove support for retired WebPI packages
    [PHPBB-17628] - Update composer and node dependencies
	
Changes since 3.3.15-RC1
Bug

    [PHPBB-17480] - PHP fatal error in version check failure

Security Issue

    [SECURITY-283] - Use jQuery to generate HTML from page data

Changes since 3.3.14
Bug

    [PHPBB-17227] - Member list sorting bug - repeating users on several pages
    [PHPBB-17381] - 'topic_views' column overflow blocks access to the topic
    [PHPBB-17417] - Day selection not visible when no results
    [PHPBB-17422] - Ascending posts pagination
    [PHPBB-17436] - PHP fatal error while converting from phpBB 2.0 with Attachment MOD
    [PHPBB-17455] - PHP warning on MySQLi connection failure
    [PHPBB-17463] - Extra & in unread posts search pagination
    [PHPBB-17468] - Reset password feature is not restricted to email
    [PHPBB-17470] - Enable feeds setting not enforced

Improvement

    [PHPBB-17429] - Adding event before users have been added to a group
    [PHPBB-17431] - Add more vars to memberlist event
    [PHPBB-17433] - Unclear instructions in ACP, Server settings
    [PHPBB-17443] - Various Guzzle client issues for version checks
    [PHPBB-17446] - Add acp_account_activation_edit_add event
    [PHPBB-17461] - Add php events for ACP main actions
    [PHPBB-17467] - Add TLS v.1.3 support to email messenger connection
    [PHPBB-17471] - Forum feed link in forumlist_body does not return the correct URL
    [PHPBB-17478] - Add security policy to repository