MyBB 1.8.2 Released – Security Release

Posted on by

MyBB 1.8.2 is now available from the MyBB website. It fixes 1 high risk vulnerability, 2 medium risk vulnerabilities and 2 low risk vulnerabilities. We recommend everyone upgrades to this release immediately.
MyBB 1.6.15 is not affected by these vulnerabilities.

What’s added/changed in this version?

The vulnerabilities are:

  • High Risk: A SQL injection vulnerability in member.php
  • Medium Risk: A XSS vulnerability in report.php
  • Medium Risk: A XSS vulnerability in inc/class_parser.php
  • Low Risk: A XSS vulnerability in admin/modules/style/templates.php
  • Low Risk: A XSS vulnerability in admin/modules/config/languages.php

Please note, that you do not need to run the upgrade script for this version.
There are no database schema changes in this version.

Upgrading from 1.8.1 and Other Versions

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is not required. There are no changes to language files. No templates have been changed or added.

If you’re using MyBB 1.8.0 or lower

  • Download and use the full 1.8.2 Release Package (MD5: 4f6e49b7a457b72dbe8fb47ae5ded430)
  • Follow the Docs Upgrading Instructions

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

Thanks,

MyBB Team