MyBB Merge System for 1.6.10 is now available from the MyBB website and is a maintenance update to the MyBB Merge 1.6 series.
This release is to ensure that users of the MyBB Merge System are able to upgrade and continue to use MyBB 1.6.10.
If you are using or looking to upgrade to MyBB 1.6.10 it is imperative you use this version of the Merge System.
The MyBB Team are working hard to create and update modules for the MyBB Merge System. More information is coming soon!
MyBB 1.8 is the next minor release for the 1.x series. The aim of this release is to introduce a level of standardisation and organisation that MyBB has previously lacked and to bring the series into line with other products and services that we hope to bring to you in the near future.
1.8 is a huge leap forward for the 1.x series. It will introduce some powerful new features while also providing a stable forum solution for your community for years to come. It will also allow us, the MyBB Group, to focus on the next generation of our software – the anticipated 2.x series.
Due to the extended development and testing phase of 1.6.10, as well as the usual lull in activity due to workload, exams and holidays, MyBB 1.8 isn’t as far along its roadmap as we would like. Naturally we are disappointed but we remain committed to creating and providing one of the most advanced free forum software packages available.
Further to this we are, as a group, undergoing huge changes to how we work to help make releases quicker. These past 12 months has seen an insane amount of work completed by our team, much of which is behind-the-scenes, and we hope to bring news of this to you very soon.
With updates in mind, you can now find the MyBB 1.8 Roadmap on our community forums. This thread will be kept up to date with the latest news, features and bug fixes that are happening during its development.
As always, MyBB 1.8 will be released when we feel it is ready. We opened our GitHub project to the public so that anyone – not just the MyBB Team – can help with development of the 1.x series. Even if you can’t code, anyone can download both branches (1.6 & 1.8) to help test bugs and offer suggestions for improvements. Alongside our roadmap you can keep up to date with the project and see what is coming next.
1.8 is not feature locked at this moment in time. However, we don’t plan on introducing further major overhauls to help avoid plugin and theme incompatibilities.
There has never been a more exciting time in MyBB’s history; with 1.6 ready for new technologies, 1.8 on the way and starting 2.x soon (which is looking absolutely awesome) 2013 is already proving to be a busy year. If you feel you have got what it takes to be a dedicated volunteer for the project we’d love to have you on the team!
We’re currently looking for developers for the 1.x series, SQA team members and members for our new Resources Team – who will be focused on managing our community services. If you are interested in any of these PM a staff member, post an application in our Private Inquiries forum or send us an email.
Back in June 2012, after our MyBB.com domain was hijacked, we removed public access to our development repositories and moved to GitHub.
Today we are pleased to announce that our main repository, where the 1.x series is developed, is now available to the public!
Visit the MyBB repository on GitHub →
The mybb repository consists of 3 main branches: Master, Stable and Feature. These branches contain a different set of code depending on the name of the branch.
At the moment of writing this post:
Please note that, although all this work is available to you, MyBB only officially supports the latest release. Stable and Feature code may contain partially-committed features which are broken, incomplete or may never make it to public release and for these reasons we do not recommend using either of these branches on your own forums.
They will NOT be supported by the Support Team.
Access to our repository provides plugin and theme developers the opportunity to work with the latest code. We hope members of our community, and those interested in our project, become more closely involved with MyBB’s development.
Cutting edge development is designed for advanced users only. While we will try and support you with your work MyBB can’t provide support for Git or GitHub. We’re working on improving our documentation about development.
With the opening of our repository MyBB 1.8 is now publically available via the Feature branch. Please note that this only contains a handful of optimizations, features and changes that we are going to implement into this series.
Major features, such as the Report Centre, Spam Centre and our jQuery conversion are just starting to be worked on but accessing 1.8 should, however, give you an idea of the direction we’re heading in and what we’re trying to achieve with this version of MyBB. It should also allow developers to keep on track with what changes we’re making and, with that in mind, we do encourage anyone interested in working with 1.8 to get involved or get in touch via the 1.8 sections on our forum (coming soon).
To get involved with MyBB development you will first need a GitHub account. Then, follow these steps:
At the moment MyBB uses Redmine to power our issue tracker. Over time, we will be migrating to use GitHub’s inbuilt Issues tracker to provide closer integration between the repository and reported issues. It should also create a one-point resource for all development.
We’re starting this migration with MyBB 1.8. If you find a bug or problem within the feature branch you should first report it in the MyBB 1.8 Bugs & Issues forum. This allows members of the community to discuss the issue and confirm that it is, in fact, a bug. Once confirmed, a member of the MyBB Team will use a clever custom plugin (developed by Nathan Malcolm) to move the issue to GitHub for developers to work on a fix.
The new workflow eliminates the need for a separate account on Redmine and should allow more members to contribute towards development.
The MyBB 1.8 sections on the Community Forum will be available soon. In the mean time, please use the MyBB 1.6/1.8 Suggestions & Feedback forum.
There is a lot of new information here but it’s just the start of a new journey for MyBB and our community. By improving reporting methods, making it possible for non-team members to contribute and continuing to work on our new series we feel confident that MyBB will continue to be the best free forum software for years to come.
With thanks,
The MyBB Team
MyBB 1.6.9 is now available from the MyBB website and is a security release for the 1.6 series.
It has come to our attention that there is an SQL injection vulnerability in all versions of MyBB, including MyBB 1.6.8. We advise all MyBB forum owners to upgrade their forum as soon as possible.
With thanks to frostschutz and StefanT for finding and reporting these issues.
Vulnerabilities fixed:
Bugs fixed:
We apologise for any inconvenience.
Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again once the upgrade is complete.
To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 1 language file (messages.lang.php). There are changes to 3 templates (portal_welcome_guesttext, loginbox & codebuttons).
If you’re using MyBB 1.6.8
If you’re using MyBB 1.6.7 or below
If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.
As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.
Thank you,
MyBB Team
As MyBB approaches its 10th-year anniversary it’s quite easy for us to dwell on history. Even with the changes we’re working on in MyBB 1.8 you can still compare the early versions of our product to our next major release and see that they are made from the same group of people. Despite the dozens of Developers, SQA Testers, Support Team members, PR guys and Management we’ve had over this time, who have each made their mark in their own way, the consistency of MyBB as a forum system at its core is one of the fundamental mantras of the MyBB Group.
With that in mind, whenever we do come to develop around a feature, we’re cautious to remove the legacy it might leave behind. It is often a tough decision between moving forward and embracing something new and doing what we know. MyBB 1.8 gives us a great chance to look around and research how to improve these features for our users; with around 40 planned research projects into different areas of MyBB we’re aiming to bring a higher level of usability and functionality to your forum.
With Gravatar, an avatar hosting service, being integrated into WordPress, Redmine and GitHub (alongside other websites and many 3rd party addons for other software) it brings together an opportunity for us to provide a consistent platform for users to have the same look wherever they go. In MyBB 1.8 you can now use your Gravatar email in the Avatar URL field. Options in the ACP allow Administrators to control the content of avatars with Gravatar’s age-based rating systems.
The MyBB 1.8 Change Avatar
Alongside Gravatar is our new format_avatar function. This introduces the ability to pass a user’s avatar information to a single function to work out the correct dimensions to display on the page; it also means we aren’t parsing the same avatar twice for the same user on the same page. If the user has no avatar set Administrators are able to set a default avatar from the ACP to use instead.
These changes do come with some sad news; in MyBB 1.8, we’ve removed the avatar gallery feature. We’ll all be disappointed to see the end of Supertux and Mr Spam but we thought it best to keep a clear and simple method to change user avatars in which the avatar gallery was a much non-used feature to the majority of forums.
One of the main aims of MyBB 1.8 is to help improve the services we offer to our own users. This involves keeping users up to date about what’s happening and new versions of MyBB.
News Feed in the ACP
In the ACP, we’ve introduced a small news feed into the Dashboard. We’ve also moved the Version Check, which used to have its own section, into the Dashboard too so that all updates are in the same place right in front of administrators. A new task is to be added to regularly check for any updates (versions and news) rather than relying on users to catch the ‘Your last version check was…’ message that may otherwise be easily missed.
Some of the other, smaller changes to MyBB 1.8 come to fix those trivial things people may (or may not) have noticed. These include removing the option to rate your own thread and changing trim() in templates to rtrim() so that those with OCD can create pretty source code for their themes.
We’re also looking to provide public access to our GitHub repositories in the very near future where a few problems have stopped us from doing so sooner. As soon as the MyBB 1.8 theme changes are ready we’ll also be making that project available too – alongside development standards for non-team members for those who want to get involved in helping us create the best free forum software.
Many will have noticed some changes on the team recently. We’ve welcomed back on-board Polarbear541 to our SQA Team and StefanT and Nathan Malcolm have moved over from SQA to the Development Team. All have quickly jumped into their new roles and we’re looking forward to their contributions.
Being apart of the MyBB family and developing the future of forum software is no small task. Being volunteers takes dedication and patience as well as the skills to pull off your role. Take a look at Joining the Team, and if you meet the descriptions, send us an application – we’d love to have you on the Team!
You’ve been hearing this for months, if not years by now: the new Mods site is coming soon.
That was in fact, always true. However, the person who was working on it had to leave the team last year and left us his work.
Since I offered myself to do the Mods site, I decided to start from scratch and create a plugin instead of a separate website – that would make integration much easier.
I started back in October 2011 and by now the Mods site is almost fully operational – apart from the Plugin Translations feature and a few final touches, everything is done! It has been tested thoroughly by me and the rest of the team and even though it’s not perfect, it does what we wanted to just fine.
Now let’s get to what’s really important: what’s changed? how does it work? what’s new?
The entire Mods site is now based on a single word: collaboration.
You will now be able to have people working on the same project as you, contributing to it, discussing it…in one single place.
Major features:
Collaboration
When you create a project (no matter what kind of project is – a plugin, graphic, whatever) you will be considered the author of that project.
As the author, you can invite other people to become collaborators of your project and help you with it – being it as a tester, developer or anything else.
Control Panel
The Control Panel is the place where you can view what’s going on over the projects you work on and of course, manage invitations from other users.
Another feature of the Control Panel is the one that lets you create a project (for obvious reasons, this is the most important one).
When you create a project you are required to submit an initial build and that project will be set for “Awaiting Approval” unless you are considered an “Approved Developer”.
An “Approved Developer” is someone we think has gained enough confidence from us to believe that any project created by that person is safe for the end user.
Builds
Every project is now built around builds. That is, whenever you want to upload a new change you just submit a new build (a ZIP containing the latest data).
That build is automatically considered “dev” and can be downloaded by anyone. When you think you’ve reached a stable status, you can switch (requires approval) to “stable”.
The latest stable build is the one that appears on the download page – don’t worry, you can browse a list of builds and download any.
Builds may only be submitted by the author and its collaborators.
Bug Tracker
Is there a better way to have a stable project than having a bug tracker built-in with the new system? We thought one would be very important and decided to implement it.
You can decide if it’s private (author only) and if collaborators can access it or not or even give access to certain users who are not direct collaborators.
If you don’t agree with us and don’t like bug trackers or have a bug tracker somewhere else, you can even link to that one if you wish and disable the default one.
The way the bug tracker works is similar to the way Redmine works so if you’re used to work with Redmine you will not find strange to work with this one – but of course, don’t expect it to be thaaaaaat powerful, I only have got two hands!
Suggestions
Receiving feedback from users is very important if you want to create amazing software. Because of that, we decided to implement a Suggestions page in which users can give suggestions for your project.
If you don’t like it, feel free to disable it, it’s all up to you!
Other Features
Besides those major features, the Mods site also contains a few others which make it even better:
* Previews – you can now manage your project preview images in a much better way than before.
* Translations – plugin projects are the only ones who have got translations and can be easily managed by collaborators – only they can submit translations.
* Change Log – whenever you submit a new build, you are required to enter a change log. The change log of the project is the combination of every build’s change log.
* Recommended – we got rid of the project ratings. You can recommend projects but not give any rating.
* Statistics – this page shows you relevant information about the most downloaded projects as well as the most recommended ones.
* Mod CP – Projects and Builds can be easily managed from the Mod CP which speeds up the approval process.
* Whenever an update is awaiting approval, users can still download the latest stable (or any other) build without problems.
* If the project hasn’t been updated for more than 6 months, you will see that information when viewing the project page.
* Support – a new link has been added to the project page which links to the Plugin Support forum on the MyBB Community. However, project authors can change that link to their site’s URL if they wish.
* Optionally, users may enter their PayPal email address which will result in a Donate button being shown on the project page.
We hope you are still excited about it. We are too. We really want to push this live as soon as possible but as you know, we all do this on our free time. One thing is certain though: we want to release this at the same time as MyBB 1.8 (or perhaps sooner!).
Thank you!
Since we announced MyBB 1.8 back in April work towards making a public beta has been slow. This time of year is traditionally the busiest for the team members with exams, workloads and personal projects – not to the mention most of us enjoying the summer (or lack of, in some cases!) – often taking over from our usual MyBB duties. Where we were once working on the code every day there has been weeks without anything being done at all. This is, unfortunately, the perils of volunteer work.
We know you’re all just as excited about MyBB 1.8 as we are, and we haven’t told you everything that is changing yet, so we’re stepping it up a gear to put it all together as fast as we can without compromising our new features. We’ve tried setting deadlines (and failing miserably) and I know you’re sick of the usual ready-when-it’s-ready story so all I can say is please bear with us. We’ll be working hard to bring you this feature update and that starts with our move to GitHub.
Part of the fallout from when MyBB.com was partly taken over was to have an overview look at how we do things behind the scenes to see if we could improve our services. This understandably has a knock-on effect on our development; we decided it was best to drop SVN and move to GitHub ahead of the 1.8 schedule. MyBB 1.6 development also happens over there too.
We’ve briefly hidden the 1.6 repository so that our team can get used to this new service and for us to sort out some new standards for developers and contributors to follow. This is a pretty big change not only for users but for our team as well so we need to take some time to get used to it too.
That being said, we haven’t quite got rid of everything. We will still be using the development site – powered by Redmine – as the central place to report bugs and issues with MyBB and the Merge System. It is up and running but we are having a few problems syncing the repository on GitHub and our local copy here. We hope to have this – and the GitHub project – up and running soon.
A general trait that has been hanging over 1.8 during planning and early development is consistency; making sure everything we do looks and feels the same as though it is from the same product, system and service. Everything from MyBB.com to the install process on your own forums will be getting a makeover to the new upgraded style giving MyBB in general a clean modern look. We’ve replaced the popular FamFamFam icons with the equally popular Fugue icon set to give 1.8′s UX (user experience) a fresh appeal – meaning 1.8 uses CSS buttons and carries PNG icons instead of GIFs. We’re looking into providing sprite images too for the ever-conscious large forum owner as well as providing theme artists a new opportunity with this style of coding.
1.8 Installer and Postbit
Alongside the jQuery update and base colours, 1.8 themes are sure to be some of the best in the series.
So, as you might have thought by now, MyBB 1.8 is going to be a bigger update than most people imagined. While not 2.0-esque, it will certainly provide a full feature update that will require careful planning and action. And, to settle the nerves of the plugin developers, there will be no major updates to the plugin system – meaning for the majority only the compatibility section of your plugins will need updated for them work in 1.8.
By providing an update like this we hope to extend the life of the 1.x series while also providing the tools and processes for developers to create even more amazing themes and plugins. It also gives us, as a team, a chance to rebalance our own structure to provide a better product for you all to enjoy.
As most of you who will be reading this are aware, three days ago (beginning the 31st of May) the MyBB.com domain (along with our other domains) were hijacked by a group of hackers (we’re not going to identify them by name but they have been very vocal in claiming responsibility so you should have no problem finding them if you’re so inclined). They also tried to access our server and many other services we use.
At this stage we have access to all our systems back and are in the process of restoring services, however we’re pleased to say that we are also taking this opportunity to retool components of our website and upgrade our server infrastructure.
This blog post will probably be the first of many, but we’ll endeavor to keep you updated as much as possible regarding progress. At this stage we don’t expect all services to be online for at least a week while the new servers are configured and we prepare new components of our website, however this blog is obviously already online and the MyBB home page will be up very soon too.
There are still a few missing pieces, but at this stage we have a pretty clear understanding of what happened. Contrary to what has been posted elsewhere, we do not believe social engineering was the culprit, although the hackers did try unsuccessfully to gain access to several of our accounts via this method.
The main incident that lead to the breach was a compromise of Chris’ personal Apple ID (iCloud, etc) account. From there, the hackers were able to reset passwords to our hosting and domain accounts. It’s still not clear how they got access to this account, however they also had numerous personal details about Chris, including contact details and knowledge of at least the last four numbers of his primary credit card.
Fortunately SoftLayer (our host) called Chris when his password was reset which alerted us to the situation unfolding and all public access to the server was shut off soon thereafter. As far we can tell they were not able to log into our server and do not have copies of our databases. We have been very pleased by the response we received from SoftLayer and without their vigilance the situation could have been far worse.
While Chris was trying to reset his passwords to NameCheap (our Domain Registrar at the time) and Apple ID accounts, the hackers even went as far as to remote wipe his iPhone via iCloud to prevent him from having 3G access. Unfortunately they successfully took control of Chris’s NameCheap account and redirected the domain to their defacement page, later we discovered they even tried to transfer the domain.
Unfortunately we did not get the expedited response from NameCheap that we would have hoped for given the severity of the situation, and it was about six hours before we got access to our account back. As a result we have already transferred MyBB.com to another domain registrar with better controls around account security.
Since then we have been planning the recovery effort, including taking the opportunity to improve our infrastructure. We will be moving to a new server setup, but given our security scare a few months ago we are also auditing the site software we use and only moving what we know is clean to the new server. More details on changes to the site are detailed further down this article.
With regard to why we were targeted, frankly we are baffled by the logic. The group identified MyBB as being targeted because one of our user’s runs an online forum dedicated to hacking. By this same analogy, if someone purchases a car and then uses it to run someone down or damage another’s property, then the manufacturer of the car should be responsible, which is obviously corrupted logic.
The group totes freedom as their cause but by attacking an Open Source project they are undermining freedom in every sense of the word. Anyone is free to download and use our software, no matter if you’re rich or poor, a nurse or a hacker, and the fact they targeted us for this is an utter contradiction of their reasoning.
As many MyBB users will know, we don’t even offer support on our community forums to hacking sites, and there are no exceptions. We can only conclude that attention and notoriety are their true motivations, and that their sense of ethics is a disgrace to the online community. We sincerely hope the perpetrators are brought to justice.
First and foremost we have adopted two factor authentication wherever possible. As mentioned above, the domain names have already been transferred to a registrar offering two factor authentication, among other security features. We’ll also be adopting two factor authentication on our new servers, and to various internal services. The new servers should improve performance of our website, and CloudFlare has also been setup.
As you might have also noticed, this blog has already been moved from being a locally hosted WordPress installation to being hosted on WordPress.com, which should ensure it is accessible even when our servers are down. We are hoping to make a similar change to the wiki before services are fully restored and as previously announced, development will be moving to GitHub with 1.8. Our goal with moving services offsite is to improve availability, improve maintainability, reduce load on our servers and improve security.
Finally, although our website infrastructure did not contribute to the intrusion, we are reviewing the security of all our services prior to moving them to our new server to ensure our systems are as secure as they could be.
We thank everyone for their continued patience and support over this difficult time and hope to have everything back online soon.
Regards,
Chris, Tim, and the rest of the MyBB Team
On April 1st we announced a 1.6.7 Update which updated both MyBB and the Merge System. If you haven’t seen this or not upgraded yet please make sure you read the MyBB and Merge System 1.6.7 Release blog post. We also announced our plans for MyBB 1.8; it was no April Fool.
Back in 2010, just under 2 years ago, we released MyBB 1.6 which introduced over 40 new features – some more at home in commercial software. As MyBB’s popularity continues to grow, the rise of social networks, rival software and the greater expectations of users old and new gives us some of the hardest challenges we’ve faced; to stay on top, to deliver a brilliant product and provide it to you for free.
With our development roadmap for MyBB 2.0 getting underway soon, we quickly felt the need to bridge the large gap that would have been 1.6 to 2.0. We wanted to create something that would provide a legacy to users of the 1.x series – the best of the best – and there was only one way we could get that to our users; MyBB 1.8.
Whereas 1.2, 1.4 and 1.6 delivered over 100 new features 1.8 aims to be more of a subtle upgrade, a facelift and a move to more open source development so that others too can help create the best free forum software. We’ll of course be providing the usual bug fixes and working with large forum owners to see if we can help further improve performance and stability. MyBB 1.8 is a perfect chance for us to provide changes that we couldn’t typically do within our maintenance cycles.
When we announced our new logo and mascot, Bolt, the Team soon realised that we didn’t want to wait until 2.0 was released to use them. The 1.6 default theme made these look out of place in its dated design (which was last updated in 2008) so we needed something more up to date. Justin, our lead designer, who created the Apart theme series (from which many MyBB communities either use or have customised the look for themselves) has worked on developing the series for the new 1.8 default theme. We worked together to figure out a method for enabling the Apart colours to be included by default but without the need for including 14 separate themes before the administrator even opened their forum. This method is what we call attachable base colours.
These changes to the theme system allow you to create colours to which you can attach stylesheets (just like you can attach stylesheets to pages). You can also set a display order for all your stylesheets so that they can override styles. Together, the changes mean you can add a theme with as many custom colours as you want. Using the parent/child theme structure that already exists in 1.x you can restrict or allow certain usergroups to use these colours and, as they inherit the main stylesheets, they’re very easy to manage. So, there is no longer the need to install a dozen different themes just for a different colour header.
Along with the new default theme there needs to be a new look Admin Control Panel (ACP). Our ACP is regarded as one of the easiest to use; it’s friendly and we didn’t want to change it much. Instead, we gave it a similar Apart makeover to our front-end.
Please note that along with the default theme the look may change as development continues.
While 1.8 won’t be able to make your cocoa or project your forum’s logo onto the moon, much to our disappointment, we really weren’t pulling a prank on this one; MyBB 1.8 will be powered by jQuery. The lighter and more powerful JavaScript library should be able to extend what both Theme Artists and Plugin Developers are able to do without causing conflicts or heavy loading pages. Both front-end and back-end will use the library. This change is probably the most destructive for themes and plugins in the 1.8 upgrade and we’ll be providing support throughout its beta period ready for a main release. In total, including the changes to the default theme, about 20 templates require updating from 1.6.
Along with jQuery comes a change in post editor. Although I’ve had my eye on an ‘off the shelf’ editor for quite some time we’ve yet to make a decision on whether we write our own or not; we’ll be covering that in a future tour. However, please don’t suggest which editor to use as our aim is to make it interchangeable so you can use your favourite one.
One of the most requested features for MyBB is a trash can – or as I prefer, the ability to recover deleted posts. In 1.8, you’ll be able to decide if a user’s deleted post is obliterated forever or is recoverable via the Mod CP. Global and usergroup permissions will allow this to be controlled across your users.
For those of you waiting for Spam Ninja I’m very sorry to disappoint as I did promise it to you last year. As soon as 1.8 was decided, I stopped developing it as a plugin and started integrating relevant parts into the core instead. We’ll be looking to improve spam prevention and detection in 1.8 which we’ll cover in a future tour.
Upgrading to 1.8 will be similar to upgrading from 1.4 to 1.6; many plugins will only need to change their compatibility line and will only need some major changes if they use Prototype JavaScript, use login functions or make large theme changes. Throughout the beta period, we’ll be upgrading the Wiki with new information and providing support to plugin developers to help them with their new plugins.
The Team has been trying to plan a move away from our current SVN setup to the popular social coding site Github for some time. We’ve come up against problems but feel confident that now is the time to open up our development to people outside of the MyBB Team. Github can be an extremely powerful tool for development and it is something we’re eager to do – we have been working on 1.8 in secret in one of our repositories there which will be made available after our first beta release.
We’ve gone outside of our usual box with 1.8 in that we’re actually telling you what we’re doing and what we’re planning even though none of this is public. We’re aiming to provide a beta of 1.8 in May so please be patient while we’re polishing our development and removing all the takeaways and soft drink cans.
With MyBB 1.8, our aim is to fully complete the series with features and improvements that make us a better rival not only to our free forum software friends but also to commercial community software too. We want to make it more friendly, faster and go further than any of our products have been before. Everyone here at MyBB is looking forward to 1.8 and hope you are too!
See you at the next tour!
Tomm
Hello everyone,
We’d like to inform you that two security holes were found in two plugins which are very common on multiple MyBB forums out there. The affected plugins are the following:
[ SEO ] Simple Tag Cloud Plugin (Tags) by Watt
FBConnect (not available on our Mods site) by Nayar
The first was unapproved and a PM was sent to the plugin author and until the author fixes the issue it will remain unapproved on the Mods site.
The second has been updated already and the issue has been fixed. If you’re looking for the fixed version, it is available on the author’s website as well as on the MyBB community forums here.
We strongly advise you to remove the first plugin entirely from your forum and either remove the second one or install the fixed version.
We also recommend you to do the necessary searching for any data that may have been compromised.
On a side note, numerous “exploiting scripts” have been spreading throughout the internet which refer to these two vulnerabilities as if they were vulnerabilities in MyBB itself and that is not true.
Thank you,
MyBB Team
