MyBB 1.6.2 is a security update to the 1.6 series. It fixes 2 medium risk security vulnerabilities and one low risk issue. We recommend everybody upgrades to this release as soon as possible – or patch their boards with the manual instructions below.
MyBB 1.4.15 is also a security update to the 1.4 series which is affected by the same vulnerabilities.
Thank you to MustLive (Websecurity), MattRogowski and Max Roth for alerting us of these issues.
What’s fixed in this version?
The medium-risk issue reported by Max Roth requires HTML in posts to be enabled in a forum. This issue was fixed as part of Issue #1422. Even if you don’t have HTML enabled in posts, it is still recommended to update to resolve this issue.
MyBB 1.6.1 to MyBB 1.6.2 Patch
This patch is only for users running MyBB 1.6.1. If you are running an older version of MyBB then please download MyBB 1.6.2 from the MyBB site and update to it.
Please download the attached ZIP archive and replace the files in your forum directory with those from the ZIP archive.
This update does not require running the upgrader.
The following files have changed since the initial 1.6.1 release:
- admin
- modules
- tools
- modlog.php
- tools
- modules
- inc
- class_core.php
- class_parser.php
- jscripts
- validator.js
- member.php
- modcp.php
- xmlhttp.php
* Red represents files that contain security updates
* Green represents new files added in this release
If you wish to manually patch your board please download “mybb_1601_patches.txt” and follow the instructions in that file.
MyBB 1.4.14 to MyBB 1.4.15 Patch
This patch is only for users running MyBB 1.4.14 who have updated their forum when 1.6.1 and 1.4.14 Update was released. If you have not made these updates or are unsure whether you have – and you don’t want to upgrade to 1.6 – then please download 1.4.15 from the MyBB site and update to it.
To ensure users of the 1.4 series have all the recent security updates the following changed files package contains updates since 1.4.13. The changes to files are mentioned below. If you are still using the 1.4 series, then please make sure that all these files have been updated to keep your forum secure (either by updating to 1.4.15, uploading the changed files package, finding differences using a file difference tool or patches from blog posts).
It is heavily recommended that you upgrade to 1.6.
- admin
- modules
- tools
- modlog.php
- tools
- modules
- inc
- datahandlers
- post.php
- class_core.php
- class_parser.php
- functions.php
- functions_search.php
- datahandlers
- jscripts
- validator.js
- attachment.php
- editpost.php
- forumdisplay.php
- member.php
- modcp.php
- newreply.php
- syndication.php
- xmlhttp.php
* Red represents files that contain security updates
* Green represents new files added in this release
Reporting MyBB security vulnerabilities
If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.
As always, you can send through security related messages on the MyBB website from the Contact Us page.
Thank you,
MyBB Team
MyBB Blog 
Great to see a release, thanks Tom.
Many thanks guys !!
Thanks for the upgrade 🙂
Update is not complete. I made a compare of the old package: http://www.mybb.com/download/127/zip (MyBB 1.6.1)
-> member.php has no changes!
-> install/resources/mybb_theme.xml has another file size!
Thanks guys. Good to see the new pack 😛
member.php was included in this package as it was missed off the original 1.6.1 package, so we’re including it now to make sure everybody has it.
Good Job Guys / Tnx
@Matt: And why has ‘install/resources/mybb_theme.xml’ changed?
@querschlaeger: There’s a small issue with a template version that didn’t come up in my differences – but it will be updated in the full download shortly. It doesn’t affect the security of your forum.
Thanks for the upgrade
I do not know how to upgrade. I overwrote all the files in my directory with the new ones, and now it just says MyBB Internal Error, then when I run the upgrade script, it says 500 Internal Server Error. How to upgrade?
I followed the instructions in the wiki and they don’t do anything but this. Do I run the install script.
What do I do?
Thanks guys. Smooth update, no problems with it
@Duston Make a support thread, this isn’t exactly the best place for you to ask for support.
Well I am eagerly waiting for release of 2.0..
Hope this comes soon…
thank you for your efforts but this version not include
-Bug #1379: MySQL 5.5 compatibility
Why?
thank you
WOW!
That’s great.
Thank you for release it.
Good luck my friends.
Well added the 7 files in the upgrade and overwrote those files that needed updating as requested, but in Control Panel home still See’s this.
You are currently running MyBB 1.6.1 whilst the latest generally available release is MyBB 1.6.2 (1602).
@php4pro Because this was a security release, not a maintenance release.
@michael You’ve not uploaded the new files properly. Make a support thread and we’ll help you.
Forum works fine! MyBB’s Admin Control Panel; screwed! looks like a cookie problem, (chmod set to 666/777 ) need to login on any link or save.