MyBB 1.8.32 is now available, and is a security & maintenance release.
This version addresses reported security problems and updates SCEditor to the latest version.
-
3 security vulnerabilities addressed:
- High risk: Visual editor persistent XSS (advisory) — reported by Aleksey Solovev (Positive Technologies)
- Medium risk: ACP Users SQL injection (advisory) — reported by Aleksey Solovev (Positive Technologies)
- Low risk: Attachment upload XSS (advisory) — reported by Aleksey Solovev (Positive Technologies)
- 1 issues resolved
Check the Release Notes for more information.
Get latest MyBB Full & Upgrade Packages →
The MyBB Project extends thanks to reporters and researchers following responsible disclosure.
Go to mybb.com/security to report possible security concerns or to learn more about security research at MyBB.
If you would like to contribute to the Project, Get Involved.
Thanks,
MyBB Team