MyBB 1.8.7 & Merge System 1.8.7 Release

MyBB 1.8.7 – Security & Maintenance Release

MyBB 1.8.7 is now available from the MyBB website, and is a security and maintenance release.

What’s added/changed in this version?

This release fixes 13 security vulnerabilities and 83 reported issues causing incorrect functionality of MyBB. Please be aware that not all issues have been fixed in this version in order to provide easy to manage updates.

Vulnerabilities:
- Medium risk: Possible SQL Injection in moderation tool – reported by jamslater
- Low risk: Missing permission check in newreply.php – reported by StefanT
- Low risk: Possible XSS Injection on login – reported by Devilshakerz
- Low risk: Possible XSS Injection in member validation – reported by Tim Coen
- Low risk: Possible XSS Injection in User CP – reported by Tim Coen
- Low risk: Possible XSS Injection in Mod CP logs – reported by Starpaul20
- Low risk: Possible XSS Injection when editing users in Mod CP – reported by Tim Coen
- Low risk: Possible XSS Injection when pruning logs in ACP – reported by Devilshakerz
- Low risk: Possibility of retrieving database details through templates – reported by Tim Coen
- Low risk: Disclosure of ACP path when sending mails from ACP – reported by sarisisop
- Low risk: Low adminsid & sid entropy – reported by Devilshakerz
- Low risk: Clickjacking in ACP – reported by DingjieYang
- Low risk: Missing directory listing protection in upload directories – reported by Tim Coen

Bugs fixed:
- Fixed issues in 1.8.7
- Unfixed issues

Please view the 1.8.7 changes on the Docs site for more information about the changes in this version.

Please note, that you do need to run the upgrade script for this version.

Upgrading from 1.8.6 and Other Versions

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 15 language files and 41 templates were changed or added.

If you’re using MyBB 1.8.6:

Download and use the Changed Files Package (MD5: 5542aee753edfd18fc9b9e5783058d9d)
Follow the Docs Upgrading Instructions

If you’re using MyBB 1.8.5 or lower:

Download and use the full 1.8.7 Release Package (MD5: 20fd51c3c8a9cefc54be55a6d3b42c60)
Follow the Docs Upgrading Instructions

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

MyBB Merge System 1.8.7

MyBB Merge System 1.8.7 is now available on the MyBB website and is a maintenance update to the MyBB Merge 1.8 series.

This release is to ensure that all users of MyBB Merge 1.8 have the latest fixes.

This release fixes several reported issues since the release of 1.8.6, which caused some incorrect functionality of the Merge System. These bugs have been fixed to provide a more stable version of the Merge System for public use.

What’s new in this version?

5 bug fixes (View all)

Thanks,

MyBB Team

Note about updated packages

The original packages have been replaced by updated packages to fix minor compatibility issues with PHP 5.2 and PostgreSQL and to fix issues with font MyCode and search functionality.

If you installed or updated your forums using either the full or changed files packages prior to 19:00 p.m. on March 25, 2016 GMT please download a fresh package from the links above and replace the following files:

inc/cachehandlers/apc.php
inc/cachehandlers/eaccelerator.php
inc/cachehandlers/interface.php
inc/cachehandlers/memcache.php
inc/cachehandlers/memcached.php
inc/cachehandlers/xcache.php
inc/class_parser.php
install/resources/upgrade35.php
search.php

You do not need to run the installer or make any further changes. You can use the file verification tool to determine whether you have the latest package, the file above will appear to be modified if you need to download an updated copy.

We apologise of any inconvenience.

10 thoughts on “MyBB 1.8.7 & Merge System 1.8.7 Release”

Dark Neo says:

March 11, 2016 at 6:40 pm

Thanks in advance for all your hard work, i have to test it now this version to know what have been changed 😀
Developer says:

March 17, 2016 at 8:59 pm

Thanks, all the work put into MyBB is highly appreciated.
cernodile says:

March 19, 2016 at 11:17 am

Thanks for the update! Securing my forums is always an high priority, best of luck to fix any more security holes.
Pingback: MyBB 1.8.7 brings security and maintenance updates | MyBB for Business
UzmanDepo says:

March 25, 2016 at 6:20 pm

Thanks
logixca says:

April 23, 2016 at 2:20 am

Quick question, will MyBB eventually have a super-convenient upgrade system, like WordPress? A system where the admin can hit “UPGRADE” and the whole thing happens, in a few seconds?
berkahkhair says:

April 25, 2016 at 12:03 am

thanks yaa
actionmiyani says:

May 13, 2016 at 8:07 am

Thanks in advance for all your hard work.
Beli Pulsa Online says:

May 31, 2016 at 5:54 am

Thanks to keep the software up to date and secure. Appreciate your hard work.
Anish KS says:

August 22, 2016 at 3:14 am

no updates after this ?, mybb stopped development ?