StefanT to take over as project manager

I am pleased to announce that StefanT will soon be taking over from me as project manager.

MyBB has been an exciting 7 year journey for me and I’ve witnessed an enormous amount of progress during my time. The project is still of great significance to me, however I have recently been unable to dedicate the time it deserves, largely due to several great opportunities that have consumed most of my attention for the last two years. Therefore I have made the tough decision to retire from the project and hand over the reigns to someone fresh and motivated.

A ballot was conducted among the team members to decide my successor. Nominations were open to all team members and Stefan was the successful candidate. I am very confident that the project will be in safe hands under Stefan’s leadership given the excellent job he has done steering development efforts over the past year.

I am also very excited to see what the future holds for MyBB. I hope my retirement will allow some of the newer team members to take greater ownership over the project and help take MyBB to new heights. In particular I’m pleased by the work towards 2.0 which has begun recently and I hope the team will be able to share more about that with you soon.

I’d like to thank the community for their support of the project, and the team who I have greatly enjoyed collaborating with over the years.

Regards, Tim B.

MyBB 1.8.4 Released – Feature Update, Security & Maintenance Release

MyBB 1.8.4 – Feature Update, Security & Maintenance Release

MyBB 1.8.4 is now available from the MyBB website and is a feature update, security and maintenance release.

What’s added/changed in this version?

This release fixes 7 vulnerabilities and 118 reported issues causing incorrect functionality of MyBB. Please be aware that to be able to provide easy to manage updates not all issues have been fixed in this version.

Please view the 1.8.4 changes on the Docs site for more information about the changes in this version.

Please note, that you do need to run the upgrade script for this version.

Upgrading from 1.8.3 and Other Versions

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 18 language files. 54 templates have been changed or added.

If you’re using MyBB 1.8.2 or lower

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

Thanks,

MyBB Team

Note about updated package for 1.8.4

Due to a minor issue with the original packages an updated package set has been released.

If you installed or updated your forums using either the full or changed files packages prior to 10:00 a.m. on February 16, 2015 GMT please download a fresh package from the links above and replace the following file:

moderation.php

You do not need to run the installer or make any further changes. You can use the file verification tool to determine whether you have the latest package, the file above will appear to be modified if you need to download an updated copy.

We apologise of any inconvenience.

Merge System 1.8.4

MyBB Merge System 1.8.4 is now available on the MyBB website and is a maintenance update to the MyBB Merge 1.8 series.

This release fixes a compatibility issue with MyBB 1.8.4.

Attack against the community forums prior to 1.8.3 release

The recent 1.8.3 release fixes a high risk SQL injection vulnerability, it is critically important that users upgrade as soon as possible to ensure their systems are safe.

Unfortunately, we wish to inform users that this vulnerability was used against the community forums in the days before it was discovered and patched by our team. The attack was successful in accessing our database, however our logs indicate that only a very small portion of the database was obtained. While we know the size of what was downloaded, we have no way of knowing what data it contained and therefore we cannot rule out that the attacker downloaded a small portion of the users table. The attacker also had access to the ACP for a short period.

In light of this we recommend all community forum users take appropriate precautions on the assumption that their account was accessed. This includes changing your password and monitoring your account for any suspicious activity.

Our understanding is that the attacker used the SQL injection to reset Chris’ community forum password by retrieving the confirmation code, then discover the ACP directory name by searching PMs sent between team members. They were then able to edit the log settings in the ACP to write to a publicly accessible location and create a back-door script on the file-system. Upon discovering the attack we immediately took steps to prevent further access, and we are now confident that the system is secure having searched for any additional back-doors. We have also changed our ACP directory, adopted the new ACP PIN functionality added in 1.8, and used an isolated communication channel to distribute these new details to team members.

We’d like to reiterate that users running the latest version of MyBB are already secured against the vulnerabilities used to gain access to the ACP, and we’ll be using information learned from this attack to further improve security within the ACP in future releases.

Regards,

The MyBB Team.

MyBB 1.8.3 & 1.6.16 Released – Security Releases

MyBB 1.8.3

MyBB 1.8.3 is now available from the MyBB website. It fixes 1 high risk vulnerability, 2 medium risk vulnerabilities and 3 low risk vulnerabilities. We recommend everyone upgrades to this release immediately.

What’s added/changed in this version?

The vulnerabilities are:

  • High Risk: A SQL injection vulnerability in theme selection (reported by StefanT)
  • Medium Risk: A XSS vulnerability in calender.php (reported by -Acid)
  • Medium Risk: A XSS vulnerability in MyCode editor (reported by My-BB.Ir)
  • Low Risk: A XSS vulnerability related to post icons (reported by Destroy666)
  • Low Risk: unserialize may call PHP magic methods (reported by chtg)
  • Low Risk: PHP setting request_order can break register globals handling (reported by chtg)

Additionally we’ve fixed an issue with the video MyCode introduced with MyBB 1.8.2 (#1625) and revised the handling of data fetched from our website as a direct consequence of the compromised GitHub account (#1617). In addition to that, we’ve set the adminsid cookie as httpOnly (#1622). We also plan to add enhanced options to protect the Admin CP like two factor authentication with one of the next maintenance releases.

Please note, that you do not need to run the upgrade script for this version.
There are no database schema changes in this version.

Upgrading from 1.8.2 and Other Versions

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is not required. There are no changes to language files. No templates have been changed or added.

If you’re using MyBB 1.8.1 or lower

  • Download and use the full 1.8.3 Release Package (MD5: 1f5d1246da4174f3b29799eca435d86c)
  • Follow the Docs Upgrading Instructions

MyBB 1.6.16

MyBB 1.6.16 is now available from the MyBB website. It fixes 5 low risk vulnerabilities.

What’s added/changed in this version?

The vulnerabilities are:

  • Low Risk: A XSS vulnerability related to post icons (reported by Destroy666)
  • Low Risk: A XSS vulnerability in admin/modules/style/templates.php
  • Low Risk: A XSS vulnerability in admin/modules/config/languages.php
  • Low Risk: unserialize may call magic methods (reported by chtg)
  • Low Risk: request_order can break register globals handling (reported by chtg)

Additionally we’ve revised the handling of data fetched from our website as a direct consequence of the compromised GitHub account (#1617). In addition to that, we’ve set the adminsid cookie as httpOnly (#1622).

Please note, that you do not need to run the upgrade script for this version.
There are no database schema changes in this version.

Upgrading from 1.6.15 and Other Versions

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is not required. There are no changes to language files. No templates have been changed or added.

If you’re using MyBB 1.6.14 or lower

  • Download and use the full 1.6.16 Release Package (MD5: 98e84e5de337843f407a4b58d70253c9)
  • Follow the Docs Upgrading Instructions

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

Thanks,

MyBB Team

Note about updated package for 1.6.16

Due to a minor issue with the original packages an updated package set has been released.

If you installed or updated your forums using either the full or changed files packages prior to 18:00 p.m. on November 20, 2014 GMT please download a fresh package from the links above and replace the following file:

admin/modules/home/version_check.php
calendar.php (reverted to previous version)

You do not need to run the installer or make any further changes. You can use the file verification tool to determine whether you have the latest package, the file above will appear to be modified if you need to download an updated copy.

We apologise of any inconvenience.

[UPDATED – IMPORTANT] GitHub Account Compromised

UPDATE: Updated the page in which you should check for suspicious activity. It should be the Admin Logs page, not the Database Backups. You should also rebuild the cache (if you’re on 1.8) for ‘update_check’.

 

Hello,

Yesterday, 14th of November, my (Pirata Nervo) GitHub account was compromised. By taking advantage of that, the attacker made a commit to our GH pages, more specifically one which is retrieved by the MyBB software in order to process version checks. Unfortunately, the attack allowed the attacker to setup Database backups of any MyBB forum, without exception, via JavaScript.

In order for you to know if you were attacked, you must have accessed the Admin CP of your forum from 14th November 23:00 GMT to 15th November 15:30 GMT. If you accessed your AdminCP during this timespan, it is likely that you were attacked. Note that if you’re on 1.8, the version check task may have been executed during this period, which may still allow the attack if you login after this period.

To be sure about it, please log on to your AdminCP now and check your Database Backup Logs from ACP -> Tools & Maintenance -> Administrator Logs. If there is at least one log for a database backup made between that time span mentioned above, you were affected. We strongly recommend you to alert your users about it so they can change their passwords.

 

What you have to do: (in case you were attacked)

  • Alert your users to change password.
  • Change your password.
  • Clear your cookies.
  • ACP -> Tools & Maintenance -> Cache Manager -> Rebuild Cache for ‘update_check’.

 

I’ve already enabled 2 Factor Authentication on my GitHub account and changed my password. I deeply apologize for this event for it was never my intention to cause any harm to anyone but it should be my responsibility to keep my account as secure as possible.

 

My apologies,

Pirata Nervo

MyBB 1.8.2 Released – Security Release

MyBB 1.8.2 is now available from the MyBB website. It fixes 1 high risk vulnerability, 2 medium risk vulnerabilities and 2 low risk vulnerabilities. We recommend everyone upgrades to this release immediately.
MyBB 1.6.15 is not affected by these vulnerabilities.

What’s added/changed in this version?

The vulnerabilities are:

  • High Risk: A SQL injection vulnerability in member.php
  • Medium Risk: A XSS vulnerability in report.php
  • Medium Risk: A XSS vulnerability in inc/class_parser.php
  • Low Risk: A XSS vulnerability in admin/modules/style/templates.php
  • Low Risk: A XSS vulnerability in admin/modules/config/languages.php

Please note, that you do not need to run the upgrade script for this version.
There are no database schema changes in this version.

Upgrading from 1.8.1 and Other Versions

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is not required. There are no changes to language files. No templates have been changed or added.

If you’re using MyBB 1.8.0 or lower

  • Download and use the full 1.8.2 Release Package (MD5: 4f6e49b7a457b72dbe8fb47ae5ded430)
  • Follow the Docs Upgrading Instructions

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

Thanks,

MyBB Team

MyBB 1.8.1 & Merge System 1.8.1 Release

MyBB 1.8.1 – Maintenance Release

MyBB 1.8.1 is now available from the MyBB website and is a maintenance release.

What’s added/changed in this version?

This release fixes 74 reported issues causing incorrect functionality of MyBB. Please be aware that to be able to provide easy to manage updates not all issues have been fixed in this version.

Please view the 1.8.1 changes on the Docs site for more information about the changes in this version.

Please note, that you do need to run the upgrade script for this version.

Upgrading from 1.8.0 and Other Versions

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 13 language files. 15 templates have been changed or added.

If you’re using MyBB 1.6.15 or lower

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

MyBB Merge System 1.8.1

MyBB Merge System 1.8.1 is now available on the MyBB website and is a maintenance update to the MyBB Merge 1.8 series.

This release is to ensure that all users of MyBB Merge 1.8 have the latest fixes.

This release fixes several reported issues since the release of 1.8.0, which caused some incorrect functionality of the Merge System. These bugs have been fixed to provide a more stable version of the Merge System for public use.

What’s new in this version?

  • 7 bug fixes (View all)
    • Including a big update to the BBCode Parser
  • We decided to readd the vBulletin 3 module after some requests. It’s now fully supported again

Thanks,

MyBB Team

MyBB Merge System 1.8

The MyBB Merge System for 1.8 is now available from the MyBB website.

What’s new in this version?

First we decided to drop some old modules which aren’t supported by their developers:

  • BBPress 1
  • IP.Board 2
  • Mingle
  • phpBB 2
  • vBulletin 3

And of course we’ve added more new modules (including some which you requested fairly often in the past)

  • BBPress 2
  • WoltLab Burning Board Lite 2
  • WoltLab Burning Board 3
  • WoltLab Burning Board 4
  • IP.Board 3
  • IP.Board 4 (Based on the latest Preview Release)
  • vBulletin 4
  • FluxBB
  • XenForo

And yes, we fixed finally a lot of known issues with the merge system: Fixed Bugs
But (as always) there’re still some Known Bugs.

Translations and the Merge System

Till now the Merge System was only available in english, however we decided to make the Merge System translatable too. The language file is located at “merge/language/”.

Help us!

You can report bugs and help us with the development at GitHub but even if you can’t code you can help us with sending us some sample databases (more infos on the forums).

MyBB 1.8 Released

It is with the highest honor that we release MyBB 1.8 Gold to the general public.

Our team, and you the community, have been on a fantastic journey since that April Fools day in 2012 when MyBB 1.8 development was first announced to the public. Now here we are, 2 years and 5 months on, proudly showing you our completed product. It may have taken longer than first anticipated but we are sure you’re going to love what has been produced at the end of the line.

As said in the initial announcement of 1.8, it is the bridge to MyBB 2.0; this has not changed. Because now, hidden away in our lair, we’ve been drawing up plans and discussing the development of 2.0. These discussions and plans are to be put into action now so the development of 2.0 is really getting going.

As you may have noticed the new MyBB website and documentation have been launched. This new design is courtesy of Justin S, our lead designer, which we’re very proud of. Unfortunately the new documentation for 1.8 is a bit threadbare, however most of the 1.6 Docs still apply to 1.8; so while we’re working on the new documentation you can continue to use the 1.6 Docs.

Download

You can find the download link here (MD5: a36ab62236a24caeb827b769bf493f26). If you’re upgrading, make sure to backup your database and files first.

Updating from previous versions

Be warned that with the following release:

  • Despite our attempts to keep theme changes to a minimum there are still several changes to templates which will need to be addressed by you upon upgrading to 1.8. You’ll need to run the “Find Updated Templates” tool in the Templates & Style section of your Admin CP to update templates to be 1.8 compatible. This can be found Admin CP -> Templates & Style -> Templates -> Find Updated Templates.
  • Most plugins and code modifications will need to be updated to work with MyBB 1.8. Make sure you disable your plugins before upgrading and make sure updated copies compatible with MyBB 1.8 are available.
  • Custom language packs from earlier versions will also need to be updated.

Before you attempt to upgrade, ensure you have a database backup and a copy of the files currently in use on your board. This is so you can revert back to your earlier version if you need to or something goes horribly wrong with the upgrade process.

This is a moderately long upgrade process. Please make sure you don’t refresh pages whilst they’re loading, and don’t click the “Next” button more than once (if you don’t have JavaScript enabled). You should plan your upgrade before attempting to perform it.

Follow the general Upgrading guide outlined on the MyBB Documentation to complete the upgrade process.

Changes

Color legend:

  • Dark Blue – Small (new) feature/change
  • Light Blue – Enhancement
  • Orange – New Feature

Admin CP & Front-End

  • Remove PHP Closing tags - #979
  • Performance improvement: intval to (int) conversion - #491
  • Update 3rd part libraries - #957
  • Warnings class/datahandler - #922
  • Hide signtature of users to certain groups - #949
  • Hide website links/buttons from certain groups - #922
  • Add more hooks #555 #882
  • Allow custom flash messages - #881
  • Allow website field for certain groups only - #808

Admin CP

  • New theme#561
  • AdminCP PIN#38
  • Improved Newsfeed#562
  • Replace CodePress with CodeMirror#37
  • Stylesheet Display order#562
  • Inactive/active Plugin list#573
  • Ability to create own template groups#588
  • Added Enabled/Disabled indicators to Promotions and MyCodes#457
  • Template groups updates#452
  • Disable Attachments Globally#495
  • ACP Banning Improvements – #628 #554
  • Selectable areas for group/forum settings.#428
  • Warning for marked vulnerable plugins.#0147b08
  • ACP shouldn’t reset $mybb->input#754
  • Admin CP language#690
  • Disable Default MyCodes#686
  • More recount tools#494
  • Option to disable contact details - #900
  • Log all ‘locked out’ failures in ACP - #859
  • Add reported posts stats to ACP - #858
  • Delayed moderation improvements - #440
  • New Promotion rules - #429

Front-end

  • New Theme – #571
    • CSS buttons, PNG images, Sprite images, Fugue icons#571
    • Attachable base colors for themes#580
    • Relative Time#558
    • Prototype to jQuery Conversion (yay!)#251
    • Attachment Types Name#442
    • CSS Minification#564
  • Add ltrim() to search users input#590
  • Change trim() in templates to rtrim()#584
  • A tool to rebuild reputation#591
  • Contact Page#592 #715
  • Ability to delete default help topics#589
  • If user is invisible & permissions disallow, hide all public data#593
  • Post reputation should include thread subject#594
  • Remove Gallery; Integrate Gravatar#582 #586
  • Delete post on full edit should not show if no permission to delete#595
  • Add option to stick/unstick to custom tools#435
  • PM thread author in custom tools for threads#581
  • Users cannot rate their own posts#570
  • format_avatar() function#569
  • Whitelist of avatar upload extensions#568
  • Preview announcements#567
  • Minimum post length to exclude MyCode#566
  • IPv6 features#565
  • APC cache handler#574
  • $cache->delete method#575
  • is_member() function#576
  • delete_user() function#408
  • IP addresses in PMs#563
  • Don’t ask for validation if validation is disabled#577
  • Slow reply posting in long threads#578
  • Soft Delete#560
  • Login Datahandler#572
  • Add theme selector to footer#496
  • Forum redirect icon#453
  • Permission to reply to own threads#409
  • ModCP banned users list descending by default#138
  • Quick Reply PM#437
  • Poll Updates (Add poll link to thread page; limit of time before a thraed author can no longer add a poll)#456
  • Update contact fields#455
  • Are You a Human CAPTCHA#443
  • Report Center #556
  • Ability to sort Private Messages in inbox and other folders#70
  • Recount Warning Points#85
  • Warning points as a Group Promotion criteria#88
  • Registration date and last active time as mass mail criteria#100
  • Display profile fields on posts - #133
  • Add “Display posts in classic mode” option when editing user in Admin CP#107
  • Move Edit Time Limit and Max Post Per Day to group settings#114
  • Recount Private Messages#132
  • Hide members from the Member List#142
  • Force redirect page#550
  • Searching plugins will highlight vulnerable ones (requires new Mods site)Commit Link
  • Update $groupzerogreater array#809
  • CDN Compatbility - #776
  • Goodbye Spammer - #775
  • Add Time Zones#764
  • Thread Count#761
  • Buddy System Enhancements#757
  • Remove Hardcoded HTML#756
  • Database optimization#738
  • Overqualified Selectors#976 #700
  • Subscription PM notification option#689
  • Expand Forum Moderator permissions#688
  • Add profile fields on registration#687
  • Admin and Email activation option#685
  • Publicly shown poll end date#587
  • CAPTCHA Improvements#557
  • Search Help Files#497
  • Invite-only joinable groups#493
  • Maximum Nested Quote Tags for PMs#492
  • Hide stuff users don’t have permission to use#454
  • Edit Reason#451
  • Add to mycode#450
  • User option to disable images/videos#449
  • Moderation Tools Improvements#435
  • Forum Statistics Improvements#434 #824
  • Profile Fields Enhancements#433
  • Using update_query with BIT(1) fields#360
  • inline_moderation.js friendly to table-less themes - #915
  • Memberlist sorting - #914
  • Force Login - #906
  • Add class to smilies - #905
  • AJAX for security questions - #894
  • Add get_user_by_username() helper function - #893
  • find_replace_templates() accepts SID - #889
  • $this->options in class_parser.php - #880
  • Add class to announcements - #879
  • Make forum friendly to outside pages - #878
  • Change showthread.php icons to sprite - #877
  • Add rebuild settings to cache tools - #875
  • Add email description editing to editor - #869
  • Add video sites to editor - #862
  • Check new members against StopForumSpam - #860
  • Jump to Page in pagination - #857
  • send_pm() should consider users’ language - #834
  • Image re-scaling and long words/text wrapping CSS/HTML changes - #816
  • Moderate Groups - #439
  • Portal Improvements - #436
  • Moderation Notifications - #430
  • Thread Prefix system improvements - #427
  • Ability to Stop tracking all messages - #364
  • Settings description on installation - #197
  • Add Template::render method - #1344

 

The New Mods site

Along with the new website, the much awaited new Mods Site has also hit action on the MyBB Community Forums. This may come as a surprise but we have come to the decision that the new Mods Site will only contain 1.8 compatible plugins and themes. Worry not for the old Mods Site will still be accessible at mods.mybb.com, as it is being archived for a short while allowing for the continued use of 1.6 resources. Developers will, therefore, have to manually port their resources from 1.6 to 1.8 in order for them to be approved on the new Mods Site.

To find out more about the Mods site, please check the documentation.

 

What’s Next

With the release of 1.8.0, our focus will now turn into two different directions: 1.8.1 and 2.0. Some people will prefer to stick to 1.8.1 development while some will prefer to work on 2.0 (or even both).

Merge System

The Merge System will be released soon but we concentrated on releasing MyBB 1.8 during the last months so there may be a slight delay before we have the Merge System working to merge your forum to 1.8. In the meantime, you can use the 1.6 Merge System to merge to 1.6 and then upgrade to 1.8.

 

Contributors

We’d like to thank all who have helped us make 1.8 a reality, but following contributors, have been exceptional during the 1.8 development:

 

If you want to help us out and become a Contributor, be sure to read this blog post. If you’d rather join the team, feel free to contact us through Private Inquires. The project would be nothing without the team and contributors. If you want to help improve MyBB, now is the time.

 

Celebrating

Everyone is welcome in the #mybb IRC channel at Freenode to celebrate the release of 1.8! We also encourage you to spread the word of social media to help everyone running a MyBB forum to share this fantastic new release!

MyBB 1.6.15 Released – Security & Maintenance Release

MyBB 1.6.15 is now available from the MyBB website and is a security and maintenance release. This is the last maintenance release of the 1.6 series.

What’s added/changed in this version?

This release fixes 1 vulnerability and 26 reported issues causing incorrect functionality of MyBB. Please be aware that to be able to provide easy to manage updates not all issues have been fixed in this version.

Please view the 1.6.15 changes on the Docs site for more information about the changes in this version.

Please note, that you do not need to run the upgrade script for this version.
There are no database schema changes in this version.

Upgrading from 1.6.14 and Other Versions

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is not required. There are changes to 5 language files. No templates have been changed or added.

If you’re using MyBB 1.6.13 or lower

  • Download and use the full 1.6.15 Release Package (MD5: c841982de03104ebb402b958294711d3)
  • Follow the Docs Upgrading Instructions

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

Thanks,

MyBB Team

Note about updated package

Due to a minor issue with the original packages an updated package set has been released.

If you installed or updated your forums using either the full or changed files packages prior to 12:30 p.m. on August 8, 2014 GMT please download a fresh package from the links above and replace the following file:

modcp.php

You do not need to run the installer or make any further changes. You can use the file verification tool to determine whether you have the latest package, the file above will appear to be modified if you need to download an updated copy.

We apologise of any inconvenience.