MyBB 1.6.15 is now available from the MyBB website and is a security and maintenance release. This is the last maintenance release of the 1.6 series.

What’s added/changed in this version?

This release fixes 1 vulnerability and 26 reported issues causing incorrect functionality of MyBB. Please be aware that to be able to provide easy to manage updates not all issues have been fixed in this version.

• Vulnerabilities:
  • Medium Risk: A XSS vulnerability in video MyCode – reported by AntiPaste
• Bugs fixed:
  • Fixed issues in 1.6.15

Please view the 1.6.15 changes on the Docs site for more information about the changes in this version.

Please note, that you do not need to run the upgrade script for this version.
There are no database schema changes in this version.

Upgrading from 1.6.14 and Other Versions

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is not required. There are changes to 5 language files. No templates have been changed or added.

• Download and use the Changed Files Package (MD5: 9681fb27fc26b0de22252bdf6aafda7e)
• Follow the Docs Upgrading Instructions

If you’re using MyBB 1.6.13 or lower

• Download and use the full 1.6.15 Release Package (MD5: c841982de03104ebb402b958294711d3)
• Follow the Docs Upgrading Instructions

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

Thanks,

MyBB Team

Note about updated package

Due to a minor issue with the original packages an updated package set has been released.

If you installed or updated your forums using either the full or changed files packages prior to 12:30 p.m. on August 8, 2014 GMT please download a fresh package from the links above and replace the following file:

modcp.php

You do not need to run the installer or make any further changes. You can use the file verification tool to determine whether you have the latest package, the file above will appear to be modified if you need to download an updated copy.

We apologise of any inconvenience.

MyBB 1.6.14 is now available from the MyBB website and is a security and maintenance release.

What’s added/changed in this version?

This release fixes 5 vulnerabilities and 50 reported issues causing incorrect functionality of MyBB. Please be aware that to be able to provide easy to manage updates not all issues have been fixed in this version.

• Vulnerabilities:
  • Medium Risk: Possibility of executing PHP code through settings – reported by GiantCrocodile
  • Low Risk: A XSS vulnerability in polls.php – reported by AntiPaste
  • Low Risk: A XSS vulnerability in portal.php – reported by AntiPaste
  • Low Risk: Password protected forums can be viewed from the portal – reported by Nathan Malcolm
  • Low Risk: Super moderators have more permissions than expected – reported by JordanMussi
• Bugs fixed:
  • Fixed issues in 1.6.14
  • Unfixed issues

Please view the 1.6.14 changes on the Docs site for more information about the changes in this version.

Please note, that you do need to run the upgrade script for this version.

Upgrading from 1.6.13 and Other Versions

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 10 language files. 9 templates have been changed or added.

• Download and use the Changed Files Package (MD5: ec4f93a8def77f05d9b641aa08b40593)
• Follow the Docs Upgrading Instructions

If you’re using MyBB 1.6.12 or lower

• Download and use the full 1.6.14 Release Package (MD5: 0f396838eb8c1e66f5abc344147e7ff5)
• Follow the Docs Upgrading Instructions

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

Thanks,

MyBB Team

MyBB 1.6.13 is now available from the MyBB website and is a security and maintenance release.

What’s added/changed in this version?

This release fixes 4 vulnerabilities and 38 reported issues causing incorrect functionality of MyBB. Please be aware that to be able to provide easy to manage updates not all issues have been fixed in this version.

• Vulnerabilities:
  • Medium Risk: Possibility of executing PHP code through stylesheets – reported by TonyS
  • Medium Risk: Possibility of executing PHP code through language files – reported by Pirata Nervo
  • Low Risk: A XSS vulnerability in search system (CVE-2014-1840)
  • Low Risk: Potential weak random string generator reported by – reported by 1llusion
• Bugs fixed:
  • Fixed issues in 1.6.13
  • Unfixed issues

Please view the 1.6.13 changes on the Docs site for more information about the changes in this version.

Please note, that you do need to run the upgrade script for this version.

Upgrading from 1.6.12 and Other Versions

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 5 language files. 4 templates have been changed or added.

• Download and use the Changed Files Package (MD5: 5bc0f118fb6da1284b83f51d836796c2)
• Follow the Docs Upgrading Instructions

If you’re using MyBB 1.6.11 or lower

• Download and use the full 1.6.13 Release Package (MD5: 2fd6083b430d56ca503c7b3baed1286f)
• Follow the Docs Upgrading Instructions

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

Thanks,

MyBB Team

Note about updated package

Due to a minor issue with the original packages an updated package set has been released.

If you installed or updated your forums using either the full or changed files packages prior to 9:30 a.m. on April 27, 2014 GMT please download a fresh package from the links above and replace the following file:

admin/modules/style/themes.php

You do not need to run the installer or make any further changes. You can use the file verification tool to determine whether you have the latest package, the file above will appear to be modified if you need to download an updated copy.

We apologise of any inconvenience.

MyBB 1.6.12 is now available from the MyBB website and is a security and maintenance release.

What’s added/changed in this version?

This release fixes 4 vulnerabilities and 10 reported issues causing incorrect functionality of MyBB. Please be aware that to be able to provide easy to manage updates not all issues have been fixed in this version.

• Vulnerabilities:
  • Medium Risk: A SQL vulnerability when editing smilies in ACP – reported by ChALkeR
  • Medium Risk: A SQL vulnerability when deleting posts with Akismet in ACP – reported by ChALkeR
  • Medium Risk: A XSS vulnerability in video MyCode – reported by ChALkeR
  • Low Risk: A XSS vulnerability in smilie popup – reported by Spenzert
• Bugs fixed:
  • MyCode parser adds new lines since 1.6.11
  • Some plugins throwing errors due to usage of unsupported language file calls since 1.6.11
  • Uploading attachments may fail when safe mode is enabled
  • Promotion task option “weeks” doesn’t work properly
  • Issue with queries not being executed in the correct order on logout
  • #2196 Thread Prefix altered via Tamper Data
  • #2251 Reputation doesn’t carry over when merging users
  • #2267 See other’s posts in a “see own post forum” through archive
  • #2275 Mod Log error when posting new thread
  • Adding support for 4-Byte UTF-8 Unicode Encoding in MySQLWhen MySQL 5.5.3 or above is used a new option to convert the tables to 4-Byte UTF-8 Unicode Encoding is available in the “UTF-8 Conversion” page in the Admin Control Panel. This allows to store unicode characters with 4 bytes. If you don’t know what we are talking about you probably don’t need it. PgSQL and SQLite can store such characters by default.

Information on upgrading, template changes and language changes can be found on the Docs site.

Please note, that you do not need to run the upgrade script for this version.
There are no database schema changes in this version.

Upgrading from 1.6.11 and Other Versions

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is not required. There are changes to 2 language files. No templates have been changed or added.

If you’re using MyBB 1.6.11

• Download and use the Changed Files Package (MD5: e39fbb0a8fcea856ed533c7d68869226)
• Follow the Docs Upgrading Instructions

If you’re using MyBB 1.6.10 or lower

• Download and use the full 1.6.12 Release Package (MD5: f1e6e5f5e9a835a0fad83173d70b26cc)
• Follow the Docs Upgrading Instructions

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

Thanks,

MyBB Team

MyBB 1.6.10 is now available from the MyBB website and is a security and maintenance release.

What’s added/changed in this version?

This release fixes 7 vulnerabilities and over 95 reported issues causing incorrect functionality of MyBB. Please be aware that to be able to provide easy to manage updates not all issues have been fixed in this version.

A considerable amount of effort has been put in to MyBB 1.6.10 to fix a myraid of issues with PHP 5.4. This is the main reason why the release has been delayed until now. MyBB 1.6.10 should now be compatible with PHP 5.4 hosts.

• Vulnerabilities:
  • Low Risk: Potential SQL Injection when optimizing the database – reported by Jakub Galczyk
  • Low Risk: Potential SQL Injection when creating the database backups – reported by StefanT
  • Low Risk: Potential XSS vulnerability in theme name – reported by pandaa
  • Low Risk: Improper permission checks for forums where you can only see your own threads – reported by Jordan Mussi and StefanT
  • Non Critical: XSS vulnerability on debug page – reported by 1llusion
  • Non Critical: Improper input validation in modcp.php – reported by 1llusion
  • Non Critical: Improper input validation in calendar.php – reported by Jakub Galczyk
• Fixed issues in 1.6.10
• Unfixed issues

Please view the 1.6.10 changes on the Docs site for more information about the changes in this version.

Upgrading from 1.6.9 and Other Versions

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 12 language files. 25 templates have been changed or added.

If you’re using MyBB 1.6.9

• Download and use the Changed Files Package (MD5: e1e3d8db4a8ca06c527ff5692cf2ca24)
• Follow the Docs Upgrading Instructions

If you’re using MyBB 1.6.8 or lower

• Download and use thefull 1.6.10 Release Package (MD5: 8243d6788a92b7ffa921f131f4dcc84f)
• Follow the Docs Upgrading Instructions

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

Thanks,

MyBB Team