MyBB 1.8.4 – Feature Update, Security & Maintenance Release
MyBB 1.8.4 is now available from the MyBB website and is a feature update, security and maintenance release.
What’s added/changed in this version?
This release fixes 7 vulnerabilities and 118 reported issues causing incorrect functionality of MyBB. Please be aware that to be able to provide easy to manage updates not all issues have been fixed in this version.
- Vulnerabilities:
- Medium Risk: A XSS vulnerability in member.php – reported by ATofighi
- Medium Risk: A XSS vulnerability in MyCode editor – reported by Matthias Ungethüm
- Low Risk: Multiple XSS vulnerability requiring admin permissions – reported by adamziaja, Devilshakerz, DingjieYang and sroesemann
- Low Risk: A CSRF vulnerability within ACP login – reported by Devilshakerz
- Low Risk: Group join request notifications sent to wrong group leaders – reported by Snake_
- Low Risk: Cache handler using var_export without encoding checks – reported by chtg
- No Risk: A full path disclosure vulnerability within JSON library – reported by Nathan Malcolm
- Bugs fixed:
- New features:
Please view the 1.8.4 changes on the Docs site for more information about the changes in this version.
Please note, that you do need to run the upgrade script for this version.
Upgrading from 1.8.3 and Other Versions
Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.
To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 18 language files. 54 templates have been changed or added.
- Download and use the Changed Files Package (MD5: e5b21c35998b4e631a73cd182a4dbea8)
- Follow the Docs Upgrading Instructions
If you’re using MyBB 1.8.2 or lower
- Download and use the full 1.8.4 Release Package (MD5: b5ea47e85e1506b1a8e5bcc2c3e72e7d)
- Follow the Docs Upgrading Instructions
Reporting MyBB security vulnerabilities
If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.
As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.
Thanks,
MyBB Team
Note about updated package for 1.8.4
Due to a minor issue with the original packages an updated package set has been released.
If you installed or updated your forums using either the full or changed files packages prior to 10:00 a.m. on February 16, 2015 GMT please download a fresh package from the links above and replace the following file:
moderation.php
You do not need to run the installer or make any further changes. You can use the file verification tool to determine whether you have the latest package, the file above will appear to be modified if you need to download an updated copy.
We apologise of any inconvenience.
Merge System 1.8.4
MyBB Merge System 1.8.4 is now available on the MyBB website and is a maintenance update to the MyBB Merge 1.8 series.
This release fixes a compatibility issue with MyBB 1.8.4.
well done Mybb Team
A lot of small fixes, that is good for stability.
Since the update I am not able to enter the admin panel on my spañish fórum. I get the mesage.
MyBB has experienced an internal SQL error and cannot continue.
SQL Error:1054 – Unknown column ‘2fasecret’ in ‘field list’Query:SELECT 2fasecret FROM mbb_adminoptions WHERE uid=’1’
Please contact the MyBB Group for technical support.
What can I do?
Please help.
I use Directnic hosting services
You haven’t run the upgrade script.
Next time please use our forums for getting support: http://community.mybb.com/
Good update @MyBB Team new year release #cute!
Pingback: MyBB: 1.8.4 Released and Why I love it - ThemeFreak Blog
Re: “Note about updated package for 1.8.4”
Anyone who gets these updates via RSS won’t see this edited version of the announcement, since it was added after the RSS feed was polled/sent. I’d suggest writing a new blog post/announcement when there’s something to add or the information has changed.
Writing a new blog post for a minor bug fix would be a bit exaggerated.
Seriously?
Given to the fact it was neither security related nor affecting a major feature there is actually no indication writing another announcement. There also haven’t been support threads about the issue.
Nice to see MyBB making improvements. 🙂
невозможно загрузить файлы обновления, проверьте, пожалуйста
i can not download the update files, please check
Both downloads work fine for me.
Now – works, thanks
thanks, very nice news, I will intall it
Hope this one resolves the existing minor bugs and issues! Good i backed up my test forum’s files and data
I don’t know whats wrong with my installation. I tried to use the update package and the complete package (override existing files). Both Upgrades lead me to an update “Upgrade my existing copy of MyBB to 1.8.3”
After the upgrade I’m still on 1.8.3
Please use our forum for support: http://community.mybb.com/