MyBB 1.4.8 Released – Maintenance & Security Release

MyBB 1.4.8 is now available on the MyBB website and is a general maintenance and security release.

This release fixes several reported issues with version released since 1.4.6 causing some incorrect functionality of MyBB. These bugs have been fixed to provide a more stable version of MyBB for public use.

What’s added/changed in this version?

  • One Low XSS Vulnerability fixed in the Archive – This is tagged as low because it requires moderator permissions. This vulnerability was discovered and reported by frostschutz.
  • One Medium XSS vulnerabilities fixed in Attachments – This vulnerability was reported by frostschutz.
    Please note that this patch will remove the ability to open some types of attachments directly in your browser (e.g. QuickTime Movies), and will instead ask you to download them.
  • … Several other bug fixes

This release has been tested by our Software Quality Assurance group.

MyBB 1.4.7 to MyBB 1.4.8 Patch

This patch is only for users running MyBB 1.4.7. If you are running any other version of the MyBB 1.4 series then please download MyBB 1.4.8 from the MyBB site and update to it.

If you wish to manually patch your board please download “mybb_1407_patches.txt” and follow the instructions in that file.

mybb_1407_patches.txt

The manual patch set instructions only fixes the security vulnerabilities and is only made available to temporarily secure your forum until you have time to run the complete upgrade.

Information on upgrading, template changes and language changes can be found in the posts below.

Please note, that you need to run the upgrade script for this version.
This is so the templates may be updated.
There are no database schema changes in this version.

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page.

MyBB 1.2.14 Patch

Users running MyBB 1.2.14 or any previous release of the MyBB 1.2 series may use the same manual instructions provided in the “mybb_1407_patches.txt” attachment (excluding the version change).

Upgrading from the 1.4 series

When upgrading from 1.4.7, you will not lose any custom themes, plugins or language packs which you may have installed.

Follow the general [Wiki: Upgrading] guide outlined on the MyBB Wiki to complete the upgrade process. You may download a ZIP archive of changed files here:

changed_files_1408.zip

You must then check for modified templates using the instructions below.

Upgrading from other versions

If you are upgrading from a version earlier than 1.2 then you will lose your custom themes, templates and language packs due to the number of changes between your version and the 1.2 series.

Before you attempt to upgrade, ensure you have a database backup and a copy of the files currently in use on your board. This is so you can revert back to your earlier version if you need to or something goes horribly wrong with the upgrade process.

Follow the general [Wiki: Upgrading] guide outlined on the MyBB Wiki to complete the upgrade process.

Changed files since MyBB 1.4.6

  • announcements.php
  • attachment.php
  • forumdisplay.php
  • global.php
  • member.php
  • report.php
  • search.php
  • sendthread.php
  • showthread.php
  • syndication.php
  • xmlhttp.php
  • install/
    • resources/
      • mybb_theme.xml
  • archive/
    • index.php
  • admin/
    • inc/
      • functions_view_manager.php
    • modules/
      • forum/
        • management.php
      • style/
        • templates.php
      • tools/
        • adminlog.php
      • config/
        • plugins.php
        • spiders.php
      • user/
        • admin_permissions.php
        • users.php
  • inc/
    • class_core.php
    • class_language.php
    • class_moderation.php
    • functions.php
    • functions_search.php
    • plugins/
      • akismet.php
    • cachehandlers/
      • memcache.php
    • languages/
      • english.php
      • english/
        • global.lang.php
        • admin/
          • config_spiders.lang.php
    • datahandlers/
      • pm.php
      • post.php
      • user.php

* Red represents files that contain security updates
* Green represents new files added in this release

Bugs fixed since MyBB 1.4.6

  • #51407 – change permission for admin user
  • #51377 – Plugins with Admin CP Hooks run on Plugin Updates page
  • #51257 – Syndication.php MySQL Error (Limit Option) [R] [C-StefanT]
  • #51177 – [Archive] sticky lack htmlspecialchars_uni() escaping [C-StefanT]
  • #51054 – Archive – SQL bug fetching attachments/posts with abandoned thread [C-StefanT]
  • #50833 – Birthday without day [C-StefanT]
  • #50441 – Search Bug w/ “and” [R] [C-StefanT]
  • #50324 – Missing space character [R] [C-Michael S.]
  • #50323 – Missing </tr> in Template modcp_ipsearch_result [R] [C-Michael S.]
  • #50291 – Validation Issue [C-Chris W B.]
  • #50287 – Akismet plugin username link problem [C-StefanT]
  • #50240 – Ability to delete templates [C-Chris W B.]
  • #49888 – [typo] memcache.php [C-StefanT]
  • #49838 – [pgsql] Reporting posts in unmoderated forums [C-StefanT]
  • #49461 – [typo] inc/cachehandlers/memcache.php [C-StefanT]
  • #49898 – Template problem with announcements and no threads [C-StefanT]
  • #49276 – canviewthreads error problem [C-StefanT]
  • #49258 – Notification about new reported posts via PM [C-StefanT]
  • #49256 – Notification about new PM from MyBB Engine [R] [C-StefanT]
  • #49255 – [pgsql] Report posts [C-StefanT]
  • #49251 – [Typo] class_moderation.php (1.4.?) [R] [C-StefanT]
  • #49111 – Percent of total posts [R] [C-StefanT]
  • #48814 – config_spiders.lang.php overrides $lang->language [C-sayakb]
  • #48773 – Usergroup email limit off by one error [C-sayakb]
  • #48771 – Merged Account Reputation Issue
  • #48692 – announcement in password protected forum [C-sayakb]
  • #48670 – Find user posts – not displaying new posts (when hitting limit) [R]
  • #48668 – Displaying search results as posts for moderators [R] [C-StefanT]
  • #48603 – Bug? Admins cannot see user list
  • #48601 – [pgsql] SQL error if threads are moderated [C-StefanT]
  • #47745 – editpost.php issue with closed forums [R]

Theme and template changes

Using the “Find Updated” link under the “Templates” page in the Admin CP you can find a list of the templates that have changed in this release that you’ve got one or more custom copies of.

After identifying changed templates using the tool you can either revert your custom template to the default (delete it) or use the “diff” tool to perform a difference analysis on your custom template and the default.

“Revert required” indicates that for this template to work correctly with MyBB 1.4.8 you’ll either need to revert it to the default or modify your custom template to include the changes in the default. If a revert is not required your custom version of the template should work perfectly fine.

Template changes

Since MyBB 1.4.6 the following templates have had changes to them:

  • modcp_ipsearch_result
  • forumdisplay_announcements_announcement

* Red represents the template must be updated or reverted to fix security problems

Language file changes

Since MyBB 1.4.6 the following language files have had changes to them:

  • global.lang.php
  • admin/
    • config_spiders.lang.php

Either update your language packs to include the changes in these files or revert to the standard English language pack.

Plugins

Most of your MyBB 1.4.x plugins will work correctly with 1.4 without any updates.

39 thoughts on “MyBB 1.4.8 Released – Maintenance & Security Release

  1. 14.7 was a total no brainer to do but I have no idea how to do this one! The instructions are totally confusing!! Go in and change a bunch of code and upload a bunch of files just for a small update? It’s ridiculous!!!!!:-(

  2. catfished, not sure if your being sarcastic or not? This is a standard maintenance release, with the same instructions as every other maintenance release we’ve had for the past several years. It’s not a “small update” – It’s a normal update with over 30 fixes.

  3. Just a small update everyone – I’ve applied a fix for a regression in the feature “View All Posts” for a particular user and I’ve updated the attachment patch so that images and PDF’s will be able to be viewed inline in your browser. The old attachment patch will still work just as fine, so there is no need to rush to update with the new patch.

  4. Thank you very much! I’ve upgraded the website and it’s working fine for now. Still looking for eventual errors, but haven’t found any yet. ;)

    Good luck!

    Btw when will you release Mybb 1.5? :D

  5. Hi Dear, I just wonder, if only three or four files are changed in this version, so why do the changed files back contain all of this files?

  6. another question please, for mybb 1.4.7 user, is there is any needs to run the upgrade script? or the manual patch is all what we need?

  7. @Aryan Kermanchi: The next major version will be 1.6. It will be released when it’s ready. ;) See: Wiki: Versions

    @Pepotiger: The file with the manual instructions just contains the steps you need to follow to fix the security vulnerabilities. It’s for users that don’t have the time to run a full update right now. For a full update you have to download the changed files package, upload the files and run the upgrade script to get your templates up to date.

  8. Sorry if I sounded sarcastic, I’m fairly new to actually using MyBBI and was confused as to whether to do the manual code changes and the upgrade script. Michael S. clarified the issue so I just ran the upgrade and all went well. Thanks

  9. Pingback: Bunnykins’ Blog » Blog Archive » MyBB 1.4.8 Released – Maintenance & Security Release

  10. I am running MyBB 1.4.7 and today i checked my version, but MyBB says i am running the latest version of MyBB.
    I think you should correct this ;)

  11. @MapoGio I’ve got that on a forum that showed 1.4.7 was available when I was on 1.4.6, just because I hadn’t run the check again… run the check again and it’ll update.

  12. I’m confused about this board. Is it really free like it says on some of the download places, or do you have to pay if you want to unlock the forums?

  13. @Sherry: MyBB itself is free, along with plugins, themes and resources you can find in the Mods section of this website. There are some third-party MyBB sites that charge for themes and plugins, but MyBB is 100% free. :)

  14. mybb_1407_patches.txt describes the first filename to be changed as “/attachments.php”, i think it should be “/attachment.php” instead. unless i am reading the patch wrong.

  15. Thanks for this great software.

    But one thing.

    In this version, how am I supposed to let my ‘guests’ to see the list of the threads in all the forums but when they click on it to read it, they are required to register? I managed to do this in phpBB but not in this myBB. Any help would be appreciated.

    Thanks!

    • MyBB is a free software. It means you can “freely” redistribute it and you are allowed to access to source code too. You can even change it the way you want, as long as you meet the requirements mentioned in its license.

      There may be some additional features you need which are not available in MyBB itself. For these purposes, you need to install additional Plugins or Themes. Not all of these plugins are freely available.

      Also, some websites may use MyBB to setup forums which are not publicly available. You may need to pay that site to be able to access special forums on that site and this has nothing to do with MyBB being a free software.

  16. Pingback: MyBB 1.4.8 Released – Maintenance & Security Release « Mybb &Laquo; Forum « OpenSource-News.com

  17. Please help me;
    I install “my bb” have problems and it gives error 41, Where is the problem?
    Ali Anvari , Mashhad,IR
    tank you

Comments are closed.