MyBB 1.4.9 is a security update to the MyBB 1.4 series. It fixes 1 high risk security vulnerability and two low risk issues. We recommend everybody upgrades to this release immediately or patch their boards with the manual patching instructions below.
These vulnerabilities affects MyBB 1.4.8. MyBB 1.2 is also affected.
Thank you to endeavormac, frostschutz, and TheLinx for alerting us of these issues.
MyBB 1.4.8 to MyBB 1.4.9 Patch
This patch is only for users running MyBB 1.4.8. If you are running an older version of MyBB then please download MyBB 1.4.9 from the MyBB site and update to it.
Please download the attached ZIP archive and replace the files in your forum directory with those from the ZIP archive.
If you wish to manually patch your board please download “mybb_1408_patches.txt” and follow the instructions in that file.
Please Note: You do not have to run the upgrade script for this release.
Reporting MyBB security vulnerabilities
If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.
As always, you can send through security related messages on the MyBB website from the Contact Us page.
MyBB 1.2.14 Patch
Please follow step #1 in the mybb_1408_patches.txt file as listed above.
Please note all users of the 1.2.x series are urged to upgrade to the latest release of MyBB. (1.4.9) MyBB 1.2 is no longer being supported, though security updates for the MyBB 1.2 series will last through December 2009.
MyBB Blog 
Thanks mybbgroup!!!
I will upgrade now
thanks, upgraded π
PLEASE DO NOT POST SUPPORT REQUESTS IN THIS BLOG DISCUSSION THREAD – they will be ignored or deleted.
If you need help please post it at the General Support forum:
http://community.mybboard.net/forum-81.html
This comment thread is for feedback and questions regarding the release, and any clarifications.
Thanks for your cooperation.
Thanks MyBB
as always very keen to help others, Thanks for the update.
Updating now π
I see some PHP 5.3.0 related errors after upgrade. Someone MyBB Staff member said before that this MyBB version is fully compatible with PHP 5.3.0.
Pingback: MyBB 1.4.9 released | Awesome Styles blog
Due to this being a security only release, any bug fixes are automatically bumped to the next available maintenance release.
Pingback: MyBB Blog Β» Blog Archive Β» MyBB 1.4.9 Released β Security Update Hello CMS - the best cms website
updating pronto …
Pingback: MyBB 1.4.9 released | Forum Bite - the forum blog
Updated to latest version.
Upgrade done! π
updated here, thank you guys.
Great, very fast, MyBB the best.
Mmmm updates π
thank you,
good luck mybb team.
Thanks, update went smooth as always.
AMAZING. Thank you.
Thanks, took less than a minute from download to completion.
Successfully upgrade.. π
Thanks for fast update..
I smell 1.4 going into second digits π
Thanks…
Forums upgraded π
Wow, nice post, thank you.
I love this forum software. π
Yep – 1.4 in second digits definitely pongs. Wicked upgrade, thank you!
Pingback: MyBB Blog Β» Blog Archive Β» MyBB 1.4.9 Released β Security Update Scripts Rss
Once again a smooth upgrade that’s done within the minute, great work guys.
1.2.x need to upgrade only step #1 isn’t it?
Yes, as it says above, just the first step of the manual patches π
Great news, I will upgrade my http://www.mybbcodes.com forum now. Thanks for the release Ryan Gordon π
this is just a security update right? not maintaince so php 5.3.0 still not supporting. i’m asking couse of this thread: http://community.mybboard.net/thread-52195.html
You are right. MyBB 1.4.9 will not work correctly with PHP 5.3.
OMG: My hosts’s php is upgradng to 5.3 . Can you please resolve this NON SUPPORTING ISSUE please.
Kind regards
ghazal, the fix for this has probably been linked to 100 times in the support forum, search.
Thanks for pointing out π MattR
You guys should make it where in the update just the files that are updated you download instead of having to overwrite it all.
@windowsmediaman Erm… I assume you missed this then: changed_files_1409.zip
We always provide the changed files separately…