MyBB 1.8.13 is now available, and is a security & maintenance release.
This update includes fixes related to compatibility with PostgreSQL, SQLite and PHP 7.2 and resolves attachment HTML output problems. Note that the theme’s CSS files may need to be updated. Please see this post on the community forum for more information.
- 7 security vulnerabilities addressed:
- High risk: Installer RCE on configuration file write — reported by pabstersac
- High risk: Language file headers RCE — reported by Julian Rittweger
- Medium risk: Installer XSS — reported by pabstersac
- Medium risk: Mod CP Edit Profile XSS — reported by Julian Rittweger
- Low risk: Insufficient moderator permission check in delayed moderation tools — reported by Starpaul20 of MyBB Team
- Low risk: Announcements HTML filter bypass
- Low risk: Language Pack Properties XSS — reported by Julian Rittweger
- 62 issues resolved
Check Release Notes for a list of changes to language files, templates and unresolved issues.
Get latest MyBB Full & Upgrade Packages →
The MyBB Project extends thanks to reporters and researchers following responsible disclosure.
Go to mybb.com/security to report possible security concerns or to learn more about security research at MyBB.
If you would like to contribute to the Project, Get Involved.
Thanks,
MyBB Team
Thank You So Much for The Support MyBB 1.8 and the Update System.
– Gracias por el Soporte
Where is the “Changed Files Upgrade” as only 1 version behind this security & maintenance release?
Thanks for this, too many templates update this time. This will keep me busy for sometime 🙂
The ‘Changed Files Upgrade’ is available here:
https://mybb.com/versions/1.8.13/
If you are using MySQL/MariaDB in strict mode, be sure to fix this before using the upgrade script:
https://github.com/mybb/mybb/issues/2901
Thank you