Monthly Archives: June 2014

MyBB 1.6.14 Released – Security & Maintenance Release

Posted on by

MyBB 1.6.14 is now available from the MyBB website and is a security and maintenance release.

What’s added/changed in this version?

This release fixes 5 vulnerabilities and 50 reported issues causing incorrect functionality of MyBB. Please be aware that to be able to provide easy to manage updates not all issues have been fixed in this version.

  • Vulnerabilities:
    • Medium Risk: Possibility of executing PHP code through settings – reported by GiantCrocodile
    • Low Risk: A XSS vulnerability in polls.php – reported by AntiPaste
    • Low Risk: A XSS vulnerability in portal.php – reported by AntiPaste
    • Low Risk: Password protected forums can be viewed from the portal – reported by Nathan Malcolm
    • Low Risk: Super moderators have more permissions than expected – reported by JordanMussi
  • Bugs fixed:

Please view the 1.6.14 changes on the Docs site for more information about the changes in this version.

Please note, that you do need to run the upgrade script for this version.

Upgrading from 1.6.13 and Other Versions

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 10 language files. 9 templates have been changed or added.

If you’re using MyBB 1.6.12 or lower

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

Thanks,

MyBB Team

MyBB 1.8 Beta 1 Released

Posted on by

That’s right. After a long time of waiting we’re getting near a 1.8 stable release. Today it’s with great pleasure that we’re releasing the first beta version of MyBB 1.8. NOTE THAT THIS IS NOT READY TO BE USED ON A LIVE WEBSITE.

For some of you this may not mean much, for some others this may mean a lot. Quite a few things have been greatly enhanced and some important features have been added in this release.

 

Color legend:

  • Dark Blue – Small (new) feature/change
  • Light Blue – Enhancement
  • Orange – New Feature

 

We’re not mentioning bug fixes below (the same bug fixes applied to the 1.6 branch are also applied to 1.8 as of now and the bugs for 1.8 only are not mentioned as that would only be important if 1.8 was already stable.), only small feature changes, enhancements and entirely new features.

 

AdminCP

  • New theme#561
  • AdminCP PIN#38
  • Improved Newsfeed#562
  • Replace CodePress with CodeMirror#37
  • Stylesheet Display order#562
  • Inactive/active Plugin list#573
  • Ability to create own template groups#588
  • Added Enabled/Disabled indicators to Promotions and MyCodes#457
  • Template groups updates#452
  • Disable Attachments Globally#495
  • ACP Banning Improvements#554
  • Selectable areas for group/forum settings.#428
  • Warning for marked vulnerable plugins.#0147b08

Front-end

  • New Theme – #571
    • CSS buttons, PNG images, Sprite images, Fugue icons#571
    • Attachable base colors for themes#580
    • Relative Time#558
    • Prototype to jQuery Conversion (yay!)#251
    • Attachment Types Name#442
    • CSS Minification#564
  • Add ltrim() to search users input#590
  • Change trim() in templates to rtrim()#584
  • A tool to rebuild reputation#591
  • Contact Page#592
  • Ability to delete default help topics#589
  • If user is invisible & permissions disallow, hide all public data#593
  • Post reputation should include thread subject#594
  • Remove Gallery; Integrate Gravatar#582 #586
  • Delete post on full edit should not show if no permission to delete#595
  • Add option to stick/unstick to custom tools#435
  • PM thread author in custom tools for threads#581
  • Users cannot rate their own posts#570
  • format_avatar() function#569
  • Whitelist of avatar upload extensions#568
  • Preview announcements#567
  • Minimum post length to exclude MyCode#566
  • IPv6 features#565
  • APC cache handler#574
  • $cache->delete method#575
  • is_member() function#576
  • delete_user() function#408
  • IP addresses in PMs#563
  • Don’t ask for validation if validation is disabled#577
  • Slow reply posting in long threads#578
  • Soft Delete#560
  • Login Datahandler#572
  • Add theme selector to footer#496
  • Forum redirect icon#453
  • Permission to reply to own threads#409
  • ModCP banned users list descending by default#138
  • Quick Reply PM#437
  • Poll Updates (Add poll link to thread page; limit of time before a thraed author can no longer add a poll)#456
  • Update contact fields#455
  • Are You a Human CAPTCHA#443
  • Report Center #556
  • More Hooks#555
  • Ability to sort Private Messages in inbox and other folders#70
  • Recount Warning Points#85
  • Warning points as a Group Promotion criteria#88
  • Registration date and last active time as mass mail criteria#100
  • Display profile fields on posts #133
  • Add “Display posts in classic mode” option when editing user in Admin CP#107
  • Move Edit Time Limit and Max Post Per Day to group settings#114
  • Recount Private Messages#132
  • Hide members from the Member List#142
  • Force redirect page#550
  • Searching plugins will highlight vulnerable ones (requires new Mods site)Commit Link

 

Download

ONCE AGAIN, THIS IS NOT READY TO BE USED ON A LIVE WEBSITE! DO NOT UPGRADE YOUR LIVE WEBSITE TO THIS VERSION.

The download can be found here.

Upgrade

You are NOT supposed to upgrade any 1.6 boards to 1.8 Beta 1 hence why we do not provide upgrading instructions. This is because you will not be able to upgrade from any of the Betas to 1.8.

 

Bug Reports

Found a bug? (or perhaps a few more…) Please post your detailed bug report in the 1.8 Bug Reports forum. Please always double-check if the issue hasn’t been reported already.

 

Themes and Plugins Assistance

If you have any development questions about possible issues you may have while upgrading your themes or your plugins – or issues you may actually be having – please post in this forum.

 

What’s next?

We’re going to continue working hard on Beta 2 and start preparing 2.0 development so we can start working on it as soon as MyBB 1.8 hits stable this Summer. If you want to help us out and become a Contributor, make sure to read this blog post. If you’d rather join the team, feel free to contact through Private Inquires.

 

Best Regards,
The MyBB Group