MyBB 1.8.19 is now available, and is a security & maintenance release.
This update includes improved compatibility with PostgreSQL and resolves regressions from previous versions. Administrators may need to update CSS code in global.css for customized themes.
4 security vulnerabilities addressed:
- High risk: Email field SQL Injection — reported by StefanT
- Medium risk: Video MyCode Persistent XSS in Visual Editor — reported by Numan OZDEMIR of InfinitumIT
- Low risk: Insufficient permission check in User CP’s attachment management — reported by StefanT
- Low risk: Insufficient email address verification — reported by StefanT
- 8 issues resolved
Check Release Notes for a list of changes to language files, templates and unresolved issues.
The MyBB Project extends thanks to reporters and researchers following responsible disclosure.
Go to mybb.com/security to report possible security concerns or to learn more about security research at MyBB.
If you would like to contribute to the Project, Get Involved.