MyBB 1.4.6 Released – Security Update

MyBB 1.4.6 is a security update to the MyBB 1.4 series. It fixes 1 medium risk and 1 low risk security vulnerability. We recommend everybody upgrades to this release immediately or patch their boards with the manual patching instructions below.

These vulnerabilities affect MyBB 1.4.5. Older versions of MyBB may also be affected. Please see below for upgrade instructions for 1.2.14.

Thank you to Jacques Copeau for finding and reporting these vulnerabilities.

MyBB 1.4.5 to MyBB 1.4.6 Patch

This patch is only for users running MyBB 1.4.5. If you are running an older version of MyBB then please download MyBB 1.4.6 from the MyBB site and update to it.

Please download the attached ZIP archive and replace the files in your forum directory with those from the ZIP archive.

changed_files_1406.zip

If you wish to manually patch your board please download “mybb_1405_patches.txt” and follow the instructions in that file.

mybb_1405_patches.txt

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page.

MyBB 1.2.14 Patch

This patch is only for users running MyBB 1.2.14 or any previous release of the MyBB 1.2 series.

Please download “mybb_1214_patches.txt” attached to this post and follow the manual patching instructions.

Please note all users of the 1.2.x series are urged to upgrade to the latest release of MyBB. (1.4.6)

mybb_1214_patches.txt

34 thoughts on “MyBB 1.4.6 Released – Security Update

  1. I’ll also just clarify that there is no upgrade script with this update, just changed files that need to overwrite the current versions.

  2. Yeah, I remember (few years ago) this security apply to my old SMF forum :)
    And I remember, last time my forum getting hack..
    I am glad to you Ryan, for quick fix.

    Thanks.

  3. Pingback: MyBB 1.4.6 Released - Security Update | Bunnykins' Blog

  4. At last person – as it quite clearly says at the top of the comments, don’t use this for support, make a support thread.

    Also, if you’re still on 1.4.4, you’ve not been taking very good care of your forum, and you’re lucky you’ve not been hacked.

Comments are closed.