MyBB 1.4.11 Released – Minor Patch & Security Update

Posted on by

MyBB 1.4.11 is now available on the MyBB website and is a minor patch update to 1.4.10.

This release is to ensure that all users on 1.4.10 have the latest patches, to fix a small and rare bug that with malicious intent can be used to assist a Denial-of-Service attack, and to patch a low security issue that can allow a user to check for file existence outside of the web root.

Thank you to Labrocca and Secunia (through a third party) for alerting us of these issues.

What’s fixed in this version?

This release has been tested by our Software Quality Assurance group.

This update does not require running the upgrader.
There are no database schema, language string, or template changes in this version.

MyBB 1.4.10 to MyBB 1.4.11 Patch

This patch is only for users running MyBB 1.4.10. If you are running an older version of MyBB then please download MyBB 1.4.11 from the MyBB site and update to it using the general [Wiki: Upgrading] guide.

Please download the attached ZIP archive and replace the files in your forum directory with those from the ZIP archive.
changed_files_1411.zip

If you wish to manually patch your board please download “mybb_1410_patches.txt” and follow the instructions in that file.
mybb_1410_patches.txt

The manual patch set instructions only fixes the security vulnerabilities and is only made available to temporarily secure your forum until you have time to run the complete upgrade.

The following files were changed since the initial MyBB 1.4.10 release:

  • admin
    • modules
      • style
        • templates.php
      • tools
        • backupdb.php
      • user
        • users.php
  • inc
    • datahandlers
      • event.php
      • user.php
    • class_core.php
    • class_error.php
    • class_moderation.php
    • functions_upload.php
    • functions_time.php
    • tasks
      • backupdb.php
  • calendar.php
  • usercp.php

* Red represents files that contain security updates
* Green represents new files added in this release

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page.

MyBB 1.2.14 Patch

Please follow step #1 in the mybb_1410_patches.txt file as listed above.

Please note all users of the 1.2.x series are urged to upgrade to the latest release of MyBB. (1.4.11) MyBB 1.2 is no longer being supported and security updates for the MyBB 1.2 series will only last through December 2009.

Thank you,
MyBB Team

28 thoughts on “MyBB 1.4.11 Released – Minor Patch & Security Update

  15. Pingback: phpBB 3.0.6, MyBB 1.4.11 released | Forum Bite - the forum admin blog - admin resources

    • You must have neglected to update your forum for quite a long time Harry since there have been no vulnerabilities that could allow a hacker to drop your database for quite a while now.

  18. Pingback: MyBB 1.4.11 Released – Minor Patch & Security Update Scripts Rss

  20. Pingback: MyBB Blog » Blog Archive » MyBB 1.4.11 Released – Minor Patch … Hello CMS - the best cms website

  26. Great! Finally an update here – have been waiting for it. Our managers at essay writing service have even been thinking about switching to a different service provider because of the bug. So, great that you fixed it and launched an update!

Comments are closed.