MyBB 1.6.9 is now available from the MyBB website and is a security release for the 1.6 series.
What’s added/changed in this version?
It has come to our attention that there is an SQL injection vulnerability in all versions of MyBB, including MyBB 1.6.8. We advise all MyBB forum owners to upgrade their forum as soon as possible.
With thanks to frostschutz and StefanT for finding and reporting these issues.
Vulnerabilities fixed:
- High Risk: An SQL vulnerability when editing a post
- Medium Risk: CAPTCHA systems non effective, providing possible brute-force access
Bugs fixed:
- An issue with the editor not working in Firefox 16 and above
We apologise for any inconvenience.
Upgrading from 1.6.8 and Other Versions
Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again once the upgrade is complete.
To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 1 language file (messages.lang.php). There are changes to 3 templates (portal_welcome_guesttext, loginbox & codebuttons).
If you’re using MyBB 1.6.8
If you’re using MyBB 1.6.7 or below
Reporting MyBB Security Vulnerabilities
If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.
As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.
Thank you,
MyBB Team
Thank you MyBB Team
Good job 😉
My forum is now up to date.
Thanks!
Glad to hear there has been an update! Good work guys!
waw, amazing (y)
Why all files are showing as changed now on file verification? Its a bug or what..
Thank you, my forum was updated!
Just ran the upgrade script and worked fine. A stylesheet was completely removed but it was a plugin stylesheet created via Pluginlibrary. Waiting for 1.6.10 now 🙂
By “CAPTCHA systems non effective” do you mean that spambots were able to register easily? Because that would explain my spambot problems these days…
No, it only affects the login system.
The login system had CAPTCHAs?
@omegavemon – Only if you failed to login after x attempts.
Is there a way to get a list of what exactly was changed about these files? Thanks.
Could you start providing checksums or – ideally – GPG signed tarballs? It would be a great addition to security. Thank you.
All updated, thanks for the release 🙂
Thanks MyBB Team
Thanks for the update MyBB Team! 😀
Pingback: MyBB 1.6.9 Sıfır Kurulum + Güvenlik Güncelleme Paketi | MakroBlog - Güncel Bilginin Yeni Adresi
Forum updated …
Thanks for the update MyBB
Pingback: How to Update MyBB version
After the update i got the pointing finger hacker logo, how did this happen and how do i fix it.
@roy – Please use the support forums for support.
thanks for the update! 🙂
check the username above, staff from mybb has been remove our username click-able website link. last time they also refused to post our comment.
we are mybb fan, but we are totally disappointed for your moderation.
if you will continue to remove our link, we will also remove mybb link in our website.
😦
@uzer – You were linking to a warez site. You’re already denied support. It makes no difference to us if you remove it or not.
Why did you just left it coming out with only 3 bugfixes? Why were more than 85 bugs moved for the versione of 1.6.10?
@AutumnWind – Because this version fixes a high risk vulnerability which affects hundreds of thousands of installations of MyBB.
Thanks For MyBB Team 😉
Thnxxxxxxxxxxxx
Thank you! Good job