MyBB 1.8.13 is now available, and is a security & maintenance release.
This update includes fixes related to compatibility with PostgreSQL, SQLite and PHP 7.2 and resolves attachment HTML output problems. Note that the theme’s CSS files may need to be updated. Please see this post on the community forum for more information.
- 7 security vulnerabilities addressed:
- High risk: Installer RCE on configuration file write — reported by pabstersac
- High risk: Language file headers RCE — reported by Julian Rittweger
- Medium risk: Installer XSS — reported by pabstersac
- Medium risk: Mod CP Edit Profile XSS — reported by Julian Rittweger
- Low risk: Insufficient moderator permission check in delayed moderation tools — reported by Starpaul20 of MyBB Team
- Low risk: Announcements HTML filter bypass
- Low risk: Language Pack Properties XSS — reported by Julian Rittweger
- 62 issues resolved
Check Release Notes for a list of changes to language files, templates and unresolved issues.
Get latest MyBB Full & Upgrade Packages →
The MyBB Project extends thanks to reporters and researchers following responsible disclosure.
Go to mybb.com/security to report possible security concerns or to learn more about security research at MyBB.
If you would like to contribute to the Project, Get Involved.