MyBB 1.6.10 is now available from the MyBB website and is a security and maintenance release.
What’s added/changed in this version?
This release fixes 7 vulnerabilities and over 95 reported issues causing incorrect functionality of MyBB. Please be aware that to be able to provide easy to manage updates not all issues have been fixed in this version.
A considerable amount of effort has been put in to MyBB 1.6.10 to fix a myraid of issues with PHP 5.4. This is the main reason why the release has been delayed until now. MyBB 1.6.10 should now be compatible with PHP 5.4 hosts.
- Low Risk: Potential SQL Injection when optimizing the database – reported by Jakub Galczyk
- Low Risk: Potential SQL Injection when creating the database backups – reported by StefanT
- Low Risk: Potential XSS vulnerability in theme name – reported by pandaa
- Low Risk: Improper permission checks for forums where you can only see your own threads – reported by Jordan Mussi and StefanT
- Non Critical: XSS vulnerability on debug page – reported by 1llusion
- Non Critical: Improper input validation in modcp.php – reported by 1llusion
- Non Critical: Improper input validation in calendar.php – reported by Jakub Galczyk
- Fixed issues in 1.6.10
- Unfixed issues
Please view the 1.6.10 changes on the Docs site for more information about the changes in this version.
Upgrading from 1.6.9 and Other Versions
Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.
To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 12 language files. 25 templates have been changed or added.
If you’re using MyBB 1.6.9
- Download and use the Changed Files Package (MD5: e1e3d8db4a8ca06c527ff5692cf2ca24)
- Follow the Docs Upgrading Instructions
If you’re using MyBB 1.6.8 or lower
Reporting MyBB security vulnerabilities
If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.
As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.