If you’ve used the MyBB Merge System v1.6.1 or earlier please download the file attached here, upload it to your forum root, and run it by going to http://yourdomain.com/yourforumpath/icr.php for security purposes.
The reason for this is a potential security breach related to the “old db” password being stored in the datacache in plaintext form. Thanks goes to euantor & Malcolm for reporting this.
After almost 8 years, MyBB has certainly come a long way. Its popularity among forum software is strong, and with the release of 1.6 almost a year ago it just keeps growing and growing. With its simplicity and extensions, there’s really nothing you can’t do with MyBB. Every member of the Team, past and present, are no doubt proud of where we are today.
However, we can’t sit still in the ever moving world of forums and message boards. New software appears – it seems, every month – which people expect MyBB to better, and who are we to disappoint? It’s time for us to develop the future.
While there are no new ‘features’ expected for the 1.6 series of MyBB, we’re still dedicated to maintaining it and making sure your forum (and business) is safe.
1.6.4 – where there are over 100 issues that have been fixed – is going to be available very soon. It fixes some (very) old issues dating back years including some obscure security issues. While none of these are ‘high risk’ issues or bugs, it’s always a nice feeling knowing that your site is as stable as it can be. We aren’t just stopping there though – this version is the first in a minor release to have ‘feature updates’.
These feature updates are small improvements to MyBB – as apposed to feature releases which are big changes – and range from things like a setting to globally switch on/off all plugins to providing better access for Plugin Developers and Administrators to check for updates. These will be coming throughout the 1.6 series – and if they affect Plugin Developers or Theme Artists, we’ll keep you informed before their release on the MyBB Community Forums.
This year, there has been somewhat of an explosion in the amount of human-cooked spam. More realistic than the robot kind, this spam can range from signature links to forums filled with posts in hours. While the best method is moderation – and reporting users who do spam – there’s always going to be better methods and controls for protecting your forum and cleaning up after them. That’s why we’re working to produce Spam Ninja – a feature update for the 1.6 series that will introduce basic controls to help you eliminate spam and their robot|human chefs permanently.
The Spam Ninja update will be available later this year and will be completely optional if you use it or not. More information on the new features it introduces will be announced closer to the time.
Alongside maintaining 1.6 however, developing MyBB 2 is just as important.
At MyBB, we tend to keep 2.0 secrets close – it’s not that we don’t want you to know! It’s because as the development process moves on, coding and features are more than likely going to change so we don’t want to promise things that might never materialize. Rest assured, while many may think that 2.0 is a mere myth, it does exist and we’ll be walking through some of the boring stuff that won’t be likely to change.
We’ve made no surprises that Justin – our Lead Designer – has created the awesome 2.0 default theme. It brings sweeping changes to the thread and forum layout that will make MyBB stand out from other software, and contrary to a popular thread on the Community, it definitely does not look like vBulletin. While the software still has that MyBB look and charm, it does mean that we’ve had the chance to reorganize various other areas – such as introducing conversation-style Private Messaging, a simplified User CP and Moderation Queues to make things much more modern, efficient and user friendly. As you would expect, it looks and feels like a state-of-the-art forum system.
While we won’t be showing off the software just yet, we can still keep you in the loop.
MyBB 2.0 has been written from scratch in a MVC (Model-View-Controller) method and we’ve been using Yii as its base framework. Standing for “Yes It Is!”, Yii is a powerful, very secure and fast framework and after a very long process, we found it to be the best choice for MyBB. Its database abstraction layers introduces various options (including PDO transactions and Active Record, Yii’s Object Relational Mapping (ORM) techniques) and it provides some fantastically simple language and internationalization ideas. We’ve also used the Twig Template Engine for views, increasing security and adding various possibilities of using PHP in templates. You can see an example (currently part of the 2.0 “login” page) of a Twig template and its output in the screenshot to the right.
For languages, we’re embracing Yii’s language translations. As an example, to translate a string in 2.0 you simply call like this:
// Structure of the 'global' language file
return array(
'mybb_welcome' => 'Welcome to MyBB {version}!',
'language_string' => 'Another language string',
'language_string_2' => "Yet another language string that's awesome."
);
// An example of use in the software
// Will display 'Welcome to MyBB {version}!'
$foo = Yii::t('global', 'mybb_welcome');
// Will display 'Welcome to MyBB 2.0!'
$foo = Yii::t('global', 'mybb_welcome', array('{version}' => Yii::app()->mybb->version));
You can call on whatever language file you want from anywhere in the software. Making a language pack is just as easy as it was in 1.6 too – if not easier!
Another area we’re keen to improve on is MyBB’s installer. The new version introduces a one-click install – you just simply enter all your details and the process practically completes itself. See the screenshot of the introduction page!
As you can tell, we have the basics of the software prepped and ready to start. It’s no longer ‘Planning’, but what I would call ‘Pre-Production’ – where we concrete ideas, features and most importantly, a road map, are written. After working with 2.0, I can tell you that the future definitely is exciting. It’s never tasted so good!
Being apart of the MyBB family and developing the future of forum software is no small task. Being volunteers takes dedication and patience as well as the skills to pull off your role. Take a look at Joining the Team, and if you meet the descriptions, send us an application – we’d love to have you on the Team!
We are pleased to announce that MyBB has decided to develop an official mascot which will be used for a variety of purposes including promoting MyBB and on possible official MyBB merchandise.
As a result, the MyBB Group is in search for a great creative artist “doodler” who can help sketch and design the MyBB Mascot. The artist must have the creative ability to not only sketch the mascot, but be able to make a high resolution digital copy of the sketch(s). The artist must have the ability to work with a team and have the time to bring the MyBB Mascot to life. In addition, the artist must be willing to assign all copyright for their work to the MyBB Group.
Although this is a volunteer position and will not be a permanent position on the team, their are benefits to joining:
If you think you might be the one to fulfill this position, or if you have an inquiry regarding the position, do get in touch at the following email address: [email protected]. Be sure to provide some samples of your work, both sketches and digital copies of the sketches. In addition, be sure to provide some background information about yourself, and any other information you feel necessary to share.
If you do not receive a direct response from the MyBB Group it doesn’t mean we haven’t received your application, rather, because we receive many applications, we cannot reply to each one individually. Applications sent in the form of private messages on the community forum will not be evaluated or considered.
Thank you for your time, and best of luck for those that apply.
MyBB 1.6.3 and 1.4.16 are now available to download. They fix 1 high risk vulnerability and 1 low risk vulnerability. We recommend everyone upgrades to this release immediately or patch their boards with the manual patching instructions below.
Thanks to Charlie Somerville and thebod for discovering them. These vulnerabilities are:
In addition to the vulnerabilities, the updates also fix the following issues:
All other outstanding issues will be resolved in the next maintainence release.
The update to MyBB 1.6.3 also upgrades the Prototype and Scriptaculous javascript libraries to their latest versions. This is to help your MyBB forum work properly with Internet Explorer 9.
MyBB 1.6.2 to 1.6.3 Patch
This patch is only for those users running MyBB 1.6.2. If you’re running an older version of MyBB then please download the full version and update to it.
For help upgrading, see the MyBB Wiki: Upgrading.
Please download the attached ZIP archive below and replace the files in your forum directory with those from the ZIP archive.
You are required to run the upgrader for 1.6.3. After replacing the files above, remove the ‘lock’ file located in forum_root/install/, then visit forum_root/install/upgrade.php and follow the instructions (where forum_root is the web address for your forum). Remember to backup your forum’s files and database before performing this upgrade.
Once the upgrade has completed, visit the Templates & Style area of your ACP – click on Templates on the left and go to the “Find Updated Templates”. Revise and amend all affected templates here, paying attention to headerinclude, index_boardstats and forumdisplay_threadlist.
If you wish to manually patch your board please download “1.6.3 patches” and follow the instructions in that file. You are also required to amend templates to ensure functionality for your board. For this, please download “1.6.3 template patches” and follow the instructions – you must do these for all custom themes you have installed.
1.6.3 patches
1.6.3 template patches
Please remember that applying patches should only be a temporary measure until you can fully upgrade your board. The upgrader is required to run to allow the default templates to be updated with the new security fixes.
Changed Files since 1.6.2
* Red represents files that contain security updates
* Green represents new files added in this release
For MySQL 5.5 compatibility and IE9 javascript fixes, please upgrade to MyBB 1.6.3. Support for MyBB 1.4 will be ending on 1st July 2011, after which there will be no more security updates for the 1.4 series.
1.4.15 to 1.4.16 Patches
This patch is only for those users running MyBB 1.4.15. If you’re running an older version of MyBB 1.4, and don’t want to upgrade to 1.6 just yet, then please the latest version of MyBB 1.4 from the MyBB Wiki: Versions.
For help upgrading, see the MyBB Wiki: Upgrading.
Please download the attached ZIP archive below and replace the files in your forum directory with those from the ZIP archive.
You are required to run the upgrader for 1.4.16. After replacing the files above, remove the ‘lock’ file located in forum_root/install/, then visit forum_root/install/upgrade.php and follow the instructions (where forum_root is the web address for your forum). Remember to backup your forum’s files and database before performing this upgrade.
Once the upgrade has completed, visit the Templates & Style area of your ACP – click on Templates on the left and go to the “Find Updated Templates”. Revise and amend all affected templates here, paying attention to headerinclude, index_boardstats and forumdisplay_threadlist.
If you wish to manually patch your board please download “1.4.16 patches” and follow the instructions in that file. You are also required to amend templates to ensure functionality for your board. For this, please download “1.4.16 template patches” and follow the instructions – you must do these for all custom themes you have installed.
1.4.15 patches
1.4.15 template patches
Please remember that applying patches should only be a temporary measure until you can fully upgrade your board. The upgrader is required to run to allow the default templates to be updated with the new security fixes.
Changed Files since 1.4.15
* Red represents files that contain security updates
* Green represents new files added in this release
If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.
As always, you can send through security related messages on the MyBB website from the Contact Us page.
Thank you,
MyBB Team
MyBB 1.6 was released almost 8 months ago and since then has proven to be stable and secure. Therefore we will be concluding maintenance and support for the MyBB 1.4 series, and we encourage everyone who has not already done so to upgrade to MyBB 1.6 as soon as possible.
The end of life date for MyBB 1.4 will be the 1st of July, 2011.
After this date:
If you require information on how to upgrade please consult our upgrade instructions, if you need further support please visit the support forums.
MyBB 1.6.2 is a security update to the 1.6 series. It fixes 2 medium risk security vulnerabilities and one low risk issue. We recommend everybody upgrades to this release as soon as possible – or patch their boards with the manual instructions below.
MyBB 1.4.15 is also a security update to the 1.4 series which is affected by the same vulnerabilities.
Thank you to MustLive (Websecurity), MattRogowski and Max Roth for alerting us of these issues.
The medium-risk issue reported by Max Roth requires HTML in posts to be enabled in a forum. This issue was fixed as part of Issue #1422. Even if you don’t have HTML enabled in posts, it is still recommended to update to resolve this issue.
This patch is only for users running MyBB 1.6.1. If you are running an older version of MyBB then please download MyBB 1.6.2 from the MyBB site and update to it.
Please download the attached ZIP archive and replace the files in your forum directory with those from the ZIP archive.
This update does not require running the upgrader.
The following files have changed since the initial 1.6.1 release:
* Red represents files that contain security updates
* Green represents new files added in this release
If you wish to manually patch your board please download “mybb_1601_patches.txt” and follow the instructions in that file.
This patch is only for users running MyBB 1.4.14 who have updated their forum when 1.6.1 and 1.4.14 Update was released. If you have not made these updates or are unsure whether you have – and you don’t want to upgrade to 1.6 – then please download 1.4.15 from the MyBB site and update to it.
To ensure users of the 1.4 series have all the recent security updates the following changed files package contains updates since 1.4.13. The changes to files are mentioned below. If you are still using the 1.4 series, then please make sure that all these files have been updated to keep your forum secure (either by updating to 1.4.15, uploading the changed files package, finding differences using a file difference tool or patches from blog posts).
It is heavily recommended that you upgrade to 1.6.
* Red represents files that contain security updates
* Green represents new files added in this release
If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.
As always, you can send through security related messages on the MyBB website from the Contact Us page.
Thank you,
MyBB Team
MyBB Merge System 1.6.1 is now available on the MyBB website and is a maintenance update to the MyBB Merge 1.6 series.
This release is to ensure that all users of MyBB Merge 1.6 have the latest fixes.
This release fixes several reported issues since the release of 1.6.0, which caused some incorrect functionality of the Merge System. These bugs have been fixed to provide a more stable version of for public use.
As always, you can send through security related messages on the MyBB website from the Contact Us page.
Thank you,
MyBB Team
MyBB 1.6.1 is now available on the MyBB website and is a security and maintenance update to the MyBB 1.6 series. A patch has also been made available to provide the security updates for the MyBB 1.4 series.
This release is to ensure that all users on MyBB 1.6 have the latest fixes, and to patch two medium-risk security issues within MyBB.
This release fixes several reported issues since the release of 1.6.0, which caused some incorrect functionality of MyBB. These bugs have been fixed to provide a more stable version of MyBB for public use.
This release has been tested by our Software Quality Assurance group.
* Red represents files that contain security updates
* Green represents new files added in this release
This patch is only for users running MyBB 1.6.0. If you are running an older version of MyBB then please download MyBB 1.6.0 from the MyBB site and update to it using the general [Wiki: Upgrading] guide.
If you wish to manually patch your board please download “mybb_1600_patches.txt” and follow the instructions in that file.
The manual patch set instructions only fixes the security vulnerabilities and is only made available to temporarily secure your forum until you have time to run the complete upgrade.
When upgrading from 1.6.0, you will not lose any custom themes, plugins or language packs which you may have installed.
Follow the general [Wiki: Upgrading] guide outlined on the MyBB Wiki to complete the upgrade process. You may download a ZIP archive of changed files here:
Please download the attached ZIP archive and replace the files in your forum directory with those from the ZIP archive.
This update does require running the upgrader.
There are database schema, language string, or template changes in this version.
You must then check for modified templates using the instructions below.
Using the “Find Updated” link under the “Templates” page in the Admin CP you can find a list of the templates that have changed in this release that you’ve got one or more custom copies of.
After identifying changed templates using the tool you can either revert your custom template to the default (delete it) or use the “diff” tool to perform a difference analysis on your custom template and the default.
“Revert required” indicates that for this template to work correctly with MyBB 1.6.1 you’ll either need to revert it to the default or modify your custom template to include the changes in the default. If a revert is not required your custom version of the template should work perfectly fine.
Since MyBB 1.6.0 the following templates have had changes to them:
* Red represents the template must be updated or reverted to fix security problems
Since MyBB 1.6.0 the following language files have had changes to them:
Either update your language packs to include the changes in these files or revert to the standard English language pack.
MyBB 1.4.14 was released on August 3rd 2010 to provide full PHP 5.3 functionality as well as improved attachment management. If you’re still using 1.4.13, it is recommended to upgrade to 1.4.14. You can do this by following the instructions in the MyBB 1.4.14 Release Announcement. The changed files package has been updated with the latest security fixes.
Please note all users of the 1.4.x series are urged to upgrade to the latest release of MyBB (1.6.1).
This patch is only for users running MyBB 1.4.14 or any previous release of the MyBB 1.4 series. Please download “mybb_1414_patches.txt” below and follow the manual patching instructions.
If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.
As always, you can send through security related messages on the MyBB website from the Contact Us page.
Thank you,
MyBB Team
All,
As a few have noticed, Ryan Gordon, the lead developer of MyBB has parted ways with us. A message from Ryan is below.
All of us here at the MyBB Group wish Ryan well in his future endeavours, and I personally am extremely grateful for the role that Ryan has been able to step up and fulfil over the past few years whilst I’ve not been able to dedicate much personal time toward the project. Ryan’s dedication and passion for everything he did, as well as bringing us some of the greatest MyBB releases to date, will be missed.
The most important thing to keep in mind is whilst this is a big change for us, you can still look forward to exceptional releases of your favourite forum software. Work is underway planning out MyBB 2.0, and from our top-secret prototypes, it’s already looking great.
We’ll have more to announce shortly, but again thank you for your continued support.
Dear community,
It is with time that with every profession, interest and passion fade and something new comes along to take over it’s place. It is with this in mind, among other things, that I have decided to enlist my resignation from the MyBB Team.
Over the past 5 years I’ve had the unique experience of journying with this team and working on this product that has taught me so much. Together we have built hundreds of thousands of communities and I know that this will continue for a long time into the future.
I wish the MyBB team and the community best of luck in the future, as I open up this new chapter in my life.
Sincerely,
Ryan Gordon
There has been a great deal of curiosity about the recent additions to the MyBB family so finally I am proud to formally introduce all our new developers to you.
Ryon is an enthusiastic PHP developer with a unique sense of humor. He also happens to speak several languages and apparently lives in a town between a tree and a rock (those are his words). We are also very glad his parents decided to name him Ryon rather than Ryan because that saves us a lot of confusion.
Update: Unfortunately Morgoth has had to leave us already due to some unforeseen issues. We wish him the best of luck with his future.
Morgoth (also known as -Calypso-) is an experienced PHP developer and has come to us from the IPB community where he was well known for developing a number of highly successful plugins.
Sacred has also come to us from the IPB community and also has many brilliant plugins to his name. By day he is a Digital Media Manager for a leading online advertising agency and specializes in SEO and e-commerce as well as PHP development.
Dylan has extensive programming experience and prior to joining the team was well known for his work with extending the MyBB merge system. We are very glad to have him aboard the team as the lead developer for the merge system.
So, please make all our new developers feel welcome and if you see them looking lost and dazed out on the forums don’t hesitate to lend them a hand ;).
MyBB Blog 