MyBB 1.4.9 is a security update to the MyBB 1.4 series. It fixes 1 high risk security vulnerability and two low risk issues. We recommend everybody upgrades to this release immediately or patch their boards with the manual patching instructions below.
These vulnerabilities affects MyBB 1.4.8. MyBB 1.2 is also affected.
Thank you to endeavormac, frostschutz, and TheLinx for alerting us of these issues.
MyBB 1.4.8 to MyBB 1.4.9 Patch
This patch is only for users running MyBB 1.4.8. If you are running an older version of MyBB then please download MyBB 1.4.9 from the MyBB site and update to it.
Please download the attached ZIP archive and replace the files in your forum directory with those from the ZIP archive.
If you wish to manually patch your board please download “mybb_1408_patches.txt” and follow the instructions in that file.
Please Note: You do not have to run the upgrade script for this release.
Reporting MyBB security vulnerabilities
If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.
As always, you can send through security related messages on the MyBB website from the Contact Us page.
MyBB 1.2.14 Patch
Please follow step #1 in the mybb_1408_patches.txt file as listed above.
Please note all users of the 1.2.x series are urged to upgrade to the latest release of MyBB. (1.4.9) MyBB 1.2 is no longer being supported, though security updates for the MyBB 1.2 series will last through December 2009.