MyBB 1.8.6, 1.6.18 & Merge System 1.8.6 Release

Posted on by

MyBB 1.8.6 – Security & Maintenance Release

MyBB 1.8.6 is now available from the MyBB website, and is a security and maintenance release.

What’s added/changed in this version?

This release fixes 5 security vulnerabilities and 51 reported issues causing incorrect functionality of MyBB. Please be aware that not all issues have been fixed in this version in order to provide easy to manage updates.

  • Vulnerabilities:
    • Medium Risk: Forum password bypass in xmlhttp.php – reported by Devilshakerz
    • Low Risk: SQL Injection in Grouppromotions module (ACP) – reported by Devilshakerz
    • Low Risk: Possible XSS Injection in the error handler – reported by FooBar123
    • Low Risk: Possible XSS issues in old upgrade files – reported by FooBar123
    • Low Risk: Possible Full Path Disclosure in publicly accessible error log files – reported by Devilshakerz

Please view the 1.8.6 changes on the Docs site for more information about the changes in this version.

Please note, that you do need to run the upgrade script for this version.

Upgrading from 1.8.5 and Other Versions

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 7 language files and 19 templates were changed or added.

If you’re using MyBB 1.8.5:

If you’re using MyBB 1.8.4 or lower:

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

MyBB 1.6.18 – Security Release

MyBB 1.6.18 is now available from the MyBB website. It fixes 1 medium risk and 3 low risk vulnerabilities.

Please note that we’ve extended support period for MyBB 1.6 to give you additional time for upgrading your forum until 1st of October 2015. After that time no support will be provided for MyBB 1.6.

What’s added/changed in this version?

The vulnerabilities are:

Please view the 1.6.18 changes on the Docs site for more information about the changes in this version.

Please note, that you do not need to run the upgrade script for this version.
There are no database schema changes in this version.

Upgrading from 1.6.17 and Other Versions

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is not required. There are no changes to language files. No templates have been changed or added.

If you’re using MyBB 1.6.17:

If you’re using MyBB 1.6.16 or lower

  • Download and use the full 1.6.18 Release Package (MD5: ad17b498116831a1d1d75bf07351ea0c)
  • Follow the Docs Upgrading Instructions

MyBB Merge System 1.8.6

MyBB Merge System 1.8.6 is now available on the MyBB website and is a maintenance update to the MyBB Merge 1.8 series.

This release is to ensure that all users of MyBB Merge 1.8 have the latest fixes.

This release fixes several reported issues since the release of 1.8.5, which caused some incorrect functionality of the Merge System. These bugs have been fixed to provide a more stable version of the Merge System for public use.

What’s new in this version?

  • 11 bug fixes (View all)
    • New module: Avatars are now finally merged!
    • Counters are finally updated automatically – no need to run them manually after the merge
    • Multiple changes to make the merge system more intuitive

Thanks,

MyBB Team

10 thoughts on “MyBB 1.8.6, 1.6.18 & Merge System 1.8.6 Release

  1. Pingback: Support for MyBB 1.6.x has ended | MyBB Blog

  3. The announcement says that the upgrade script is not required. However, the changed file package contains an “install” directory. I had to manually delete the “install” directory, but this might be a mistake in the changed file package. Would you please verify this? Thank you.

      • The existence of an “install” directory causes an error to be displayed until this directory is deleted. If an upgrade script is not required as stated in the announcement, then the scripts inside this directory won’t be used. Therefore, what is the purpose of including this directory? Would you please provide an example where this serves any purpose? Taking into account that the changed files package is to be used for forums running “just one point behind the newest version”, according to the help docs.

  4. Hi people!

    I have a question. I would like to have a mybb forum for my wordpress website, but I cant install mybb_1806.zip.

    It says that it doesnt recognize the files.

    What to do??

    Thank you in advance!!

Comments are closed.