MyBB 1.6.7 Release, Merge 1.6.7 & MyBB 1.8 Development

MyBB 1.6.7 – Security, Maintenance and Feature Release

MyBB 1.6.7 is now available from the MyBB website and is a security, maintenance and feature update.

In 1.6.7 there are 5 new feature updates and over 70 reported issues fixed. Please be aware that to be able to provide easy to manage updates not all issues have been fixed in this version.

1.6.7 fixes 5 low-risk security vulnerabilities.

  • SQL injection vulnerability within the Admin Control Panel (ACP) in user search (reported by Nathan Malcolm, MyBB SQA Team)
  • SQL injection vulnerability within the ACP in Mail Log (reported by Nathan Malcolm, MyBB SQA Team)
  • SQL injection vulnerability within the ACP in User Inline Moderation (reported by Jammerx2, MyBB Developer)
  • XSS within the ACP where an orphaned attachment has a malformed filename (reported by Nathan Malcolm, MyBB SQA Team)
  • Full Path Disclosure if malformed forumread cookie is used

ACP vulnerabilities require Administrator permissions and so considered low-risk. We recommend planning your upgrade as quickly as possible to ensure your forum is as secure as it can be.

New features included in 1.6.7 update include the ability to login with a username, an email or both. For more information about new features, please see the Wiki on 1.6.7.

View 1.6.7 Changes in the Wiki

Upgrading from 1.6.6 and Other Versions

Before performing any upgrade, please remember to backup your forum’s files and database and store them safely. If you have edited core files, including languages files, please make sure you make a change log for these changes so you can make them again once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is required. There are also language and theme changes.

If you’re using MyBB 1.6.6

If you’re not using MyBB 1.6.6

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

MyBB Merge System 1.6.7

MyBB Merge System 1.6.7 is now available on the MyBB website and is a maintenance update to the MyBB Merge 1.6 series.

This release is to ensure that all users of MyBB Merge 1.6 have the latest fixes.

This release fixes several reported issues since the release of 1.6.3, which caused some incorrect functionality of the Merge System. These bugs have been fixed to provide a more stable version of the Merge System for public use.

What’s new in this version?

  • 3 bug fixes (view all)
  • Version jump to 1.6.7 from 1.6.3 to match the current MyBB Version. From now on we’ll do our best to keep these in sync.

This includes some critical fixes for phpBB that caused infinite loops.

MyBB Mascot Update


We recently held our MyBB Mascot Naming Contest.   Many community members proposed names and after a week a poll with the top names was put up.  After another week of voting, the name “Bolt”, after MyBB founder Chris Boulton, was chosen.  Proposed by Mebes Net, we of the MyBB Team feels this name conveys the strength and speed of MyBB very effectively.

We are proud to present to you the MyBB Mascot, Bolt!

MyBB 1.8 – The Bridge to 2.0

Everyone here at MyBB are proud to announce the impending arrival of our next major feature release – MyBB 1.8.

Over the last 2 months we’ve been developing in secret at our Github lair, plotting to once again attempt to take over the forum world with our evil plans and awesome free software and to celebrate the 10th anniversary of DevBB – our supreme overlord predecessor.

1.8 isn’t as big of an overhaul as 1.2, 1.4 or 1.6 upgrades which introduced more than 100 features; this is more of a facelift. We took Justin, our lead designer, and locked him in a room with nothing but bacon and water until he came up with a new default theme which is taken from one of (if not the) most popular theme collections used by MyBB communities across the world; his Apart series. That’s not all – we developed attachable base colours to themes so that creating (and using) multi-coloured themes no longer involve adding 14 separate styles. You add just one. A new default theme for your Admin Control Panel (ACP) is available too.

For more than half of MyBB’s rule of the forum world, our JavaScript has been powered by Prototype. It was a popular library when we started using it but it has fallen behind a more powerful (and popular) rival and so we’ve consigned it to MyBB history; MyBB 1.8 is powered by jQuery.

Two of the most requested features for MyBB will also be heading to 1.8. With our switch to jQuery, along comes a new post editor (yet to be decided) and a Trash Can – or more the ability to recover deleted posts via the Mod CP.

Along with the regular bug fixes and a host of other planned improvements, such as an APC cache handler, being able to make a cup of hot cocoa, separating the plugin list to active/inactive, making some functions a bit easier to use and projecting your forum’s logo onto the face of the Moon, we’ll be working with MyBB gurus to improve performance, plugin integrations and we’re looking into making the authentication to 3rd party software much easier too with a dedicated login datahandler. It doesn’t have to be just gurus though; we’ll be opening up 1.8 to everyone on Github so that they too can fork, improve, update and become one with the MyBB Team.

We’re all very excited about this release and hope you are too! More information will be coming soon but in the mean time please feel free to suggest more improvements in our Suggestions and Feedback Forum!

Thanks,

MyBB Team

54 thoughts on “MyBB 1.6.7 Release, Merge 1.6.7 & MyBB 1.8 Development

  1. Hallelujah for 1.8.

    Is the whole board powered by jQuery (ie including ACP) or just the front end?

    Very exciting news – this means that soon I will no longer need to load TWO javascript libraries.

  2. Glad to already see another update to the 1.6 series of MyBB. The upgrade process was easy. I did notice that now you can choose to allow members to log in with either their username or email. I don’t recall that being an option before.

    I am excited about 1.8. I do like the Trash Can feature. It can help if you accidentally delete something. I would like to know if we have to make any changes to any plugins we have coded other than change the compatitibility to 18*?

  3. well, I was a bit suspicious – but then, I decided to take the 1.8 at face value. Of course, I shall be EXTREMELY disappointed if I am unable to project an enormous leefish logo onto the face of the moon.

  4. Hi So Very Very Don’t be tired
    thanks thanks

    i will waiting for 1.8 so i am so happy for that’s news

    thanks thank you for working free and …………………..

  5. You shouldn’t release real news with April fools aswell. It’s confusing. Pretty sure 1.8 is a joke, but is Bolt just a joke too then?

  6. Glad to hear the release of 1.8 and it is powered by Jquery,we wish the team a success.:)
    A little emphasis on spam prevention would make it an epic release.

  7. I was surprised when you guys said 1.8 will feature so many new features like switching to jQuery. It sounded like MyBB 2.0.

    Smells like April Fools.

    • @Dr.K – The default theme will not be tableless – You’re thinking of 2.0. This theme update is just a facelift not a complete rewrite.

  8. Thanks for the update!

    I guess inc/languages/admin/config_settings.lang.php has been changed as well. But it is not mentioned at the changed files.

  9. It’s not professional to answer like that. When people ask for a release date, they want to get a timeframe, not some dismissing answer like “when it’s ready”.

    Although we are not paying you a cent, we all deserve consideration.

    Regards.

    • There is no timeframe. That’s why we state it will be released when it’s ready. We can’t say between x and y if we’re not entirely sure it will be released between x and y.

      We’ve always stated it will be released when it’s ready. And it will be.

    • The biggest reason we’ve used this reply for so many years now is because we don’t have full time staff (developers) that would make giving a due date more feasible.

      If even one of our current developers, or even SQA members, were to leave it would have a drastic effect on development time and obviously the release date.

      I can understand your concerns and enthusiasm though. :)

  10. #43, quality far precedes the speed at which it is released.

    On another note, I would like to applaud you on your work thus far. MyBB has been great for me and I honestly have no problem with the software. It’s perfect for my HTML, CSS, and JavaScript experiments. :)

  11. Pingback: MyBB 1.8 Tour: Introduction

  12. I like Apart series themes a lot! I installed all of them on my forum. Can’t wait for the “we developed attachable base colours to themes so that creating (and using) multi-coloured themes no longer involve adding 14 separate styles.” :D

  13. Pingback: MyBB 1.6.7 – Múltiplas Vulnerabilidades | HACKER

  14. Pingback: CVE-2012-2325 (mybb) | Web Security Watch

  15. Pingback: CVE-2012-2324 (mybb) | Web Security Watch

  16. Pingback: CVE-2012-2326 (mybb) | Web Security Watch

  17. Pingback: CVE-2012-2327 (mybb) | Web Security Watch

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s