Author Archives: Euan T

Looking to the Future

Posted on by

As we near the release of MyBB 1.8.27, we’re starting to look towards the future of the Project and where we’re headed. In this post, we’ll lay out our plans going forward.

1.8.27 Is a Big Release

The upcoming 1.8 maintenance release is shaping up to be the second biggest in the series, with over a hundred Issues already resolved.

Among others, we have changes to how the mail queue is processed, the addition of some new PDO based database drivers for MySQL and PostgreSQL, some additional plugin hooks, pagination added to some ACP modules, an alteration to exclude bots and spiders from increasing thread view counts, enhanced the attachments upload user experience, and much more!

We’ve also added some other quality of life enhancements behind the scenes, such as some automated tools to check PHP syntax for all Pull Requests and Commits to the GitHub repository and some improvements to our support for PHP 8.0.

The release has been a long time coming, but it’s now just around the corner. I’d like to take this opportunity to thank all of our wonderful contributors, and to ask a favour: if you can, please test the current code as much as you can! We want to make sure that 1.8.27 is a rock solid release. As usual, once the final Pull Requests are merged, you will find a pre-release thread in the 1.8 Development forum.

The Future of 1.8

With 1.8.27 being such a large release, we’ve been thinking about the future of where MyBB is headed.

As such, we’ve decided that MyBB 1.8.27 will be the last major release of MyBB 1.8.

From this point forwards, the 1.8 series shall only receive security fixes and bug fixes for critical bugs that break core functionality.

The reasoning for this change is simple: we need to focus all of our limited resources on one single task – namely, getting MyBB 1.9 released.

MyBB 1.9

MyBB 1.9 is something we’ve been talking about for a long time (too long, a lot of us would say).

We’ve been working on it side-by-side along with supporting the MyBB 1.8 series, which has unfortunately meant the new release has only had limited attention paid to it.

With 1.8.27 being the last big 1.8 series version, all attention will now be turned to 1.9. There will be a freeze made to the merging of any Pull Requests to the project for a period of roughly two weeks in order to finalise the rebase of MyBB 1.9 to incorporate all of the changes present in 1.8.27.

Once this is complete, attention will turn to the following tasks:

  • Scrutinising all new templates to ensure that all changes made to 1.8 in recent releases are reflected in the new templates.
  • Tracking down any remaining usages of the old $templates based code for templates.
  • Writing the ACP management module for the new template system.

Once these tasks are complete, we’ll be at the stage of beginning testing the release in full. At that point, we’ll put a demo install online for everybody to play with, which will reset every day at midnight. This should give everybody a chance to help us debug the release and polish it up.

An Apology and a Thanks

On a final personal note, I’d like to apologise to the Community for the severe lack of progress with the Project and communication from us.

When I joined, forums were booming and MyBB in particular was abuzz with activity. We had a large bustling Team with members from all over the world contributing many changes and improvements. I’ve watched the Project go from MyBB 1.2 to 1.4; from 1.4 to 1.6 and 1.6 to 1.8. Over that time, things have changed a lot! The rise of social media and smartphones have changed the landscape of internet communities significantly.

Unfortunately, with these changes we’ve seen quite a decline in the progress we’ve made with the Project recently. I wish we had an easy fix to this and we could go back to the activity levels that we’ve seen before, and if anybody has any concrete ideas we’d be very happy to hear them in a constructive manner.

I’d like to take the opportunity to thank everybody who has stuck with us over the years and contributed in any way — be it via financial support on OpenCollective; via bug reports; via Pull Requests; via providing support to other members of the Community; or via any other means. Without you, MyBB simply would not exist.

MyBB 1.8.17 Released — Maintenance Release

Posted on by

MyBB 1.8.17 is now available, and is a maintenance release.

This update fixes several issues introduced by MyBB 1.8.16 such as not being able to log into forums.

Check Release Notes for a list of changes to language files, templates and unresolved issues.

Get latest MyBB Full & Upgrade Packages →

Go to mybb.com/security to report possible security concerns or to learn more about security research at MyBB.
If you would like to contribute to the Project, Get Involved.

Thanks,
MyBB Team

MyBB 1.8 Dockerfile & Docker Compose Recipe

Posted on by

With the recent announcements of the 1.10 branch we’ve also got some great news for both plugin developers and theme designers. In recent weeks, work has been underway to create an official Docker image for the MyBB 1.8 series. This work has been taken on by a community member who proposed such a solution and set to work on getting it done. Also provided within the repository are two example docker-compose.yml files, to be used with Docker Compose or Swarm. Docker is a technology for creating lightweight containers to manage and orchestrate software. It works across multiple platforms, and makes it easy to quickly get a live instance of the current MyBB version running with a variety of different configurations without requiring much effort to install database management systems and such on your machine. Docker is a brilliant tool for developers to quickly prototype ideas in a fresh, consistent environment. You can find out more information on Docker here.

Developers can immediately download and start using the current MyBB 1.8.13 Docker image from our official Docker Hub registry account (found here) by running the following command:

docker pull mybb/mybb:latest

Alternatively, for those who would like to view the source, make amendments or just generally prefer to build their own images – you can view the official GitHub repository here. Ample instructions for use are provided within the README.md file. This project is far from complete and we do not recommend it for production use, only for development and staging systems. MyBB’s current installation and upgrade systems make full automation with Docker a difficult feat to accomplish but we’re hoping to include easier ways to do this in the future 1.10 series of releases.

We hope that avid plugin and theme developers make good use of the Docker images that we’ll be releasing and improving upon, any and all constructive feedback (and pull requests!) is welcome.

MyBB 1.8.12 Released – Security & Maintenance Release

Posted on by

MyBB 1.8.12 is now available from the MyBB website, and is a security and maintenance release.

What’s added/changed in this version?

This release fixes 3 security vulnerabilities and 14 reported issues causing incorrect functionality of MyBB. Please be aware that not all issues have been fixed in this version in order to provide easy to manage updates.

  • Vulnerabilities:
    • Medium risk: Insufficient permission check in multiquote feature – reported by frostschutz
    • Medium risk: CSV macro injection on PM export – reported by Rico A. Silvallana
    • Low risk: Weak password reset codes & false positives – reported by Devilshakerz

Please view the 1.8.12 changes on the Docs site for more information about the changes in this version.

Please note, that you do need to run the upgrade script for this version.

Upgrading from 1.8.11 and Other Versions

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 9 language files and 9 templates were changed or added.

If you’re using MyBB 1.8.11:

  • Download and use the Changed Files Package
    • MD5: 9ebfae510ec51bc27f7b0062f4f99394
    • SHA1: d97f0e13799661b5811245030ef9e56c597086ff
    • SHA256: 17eab833ae6f1a7653d324da3866573437a566f0c2e4f7b4ceddb23795a933f0
    • SHA512: 1b10d9d85dca44a854783f1e37afbec2aac9d657689d09147d414ae41835386f4d97ea0c686edb06fd5de13d2a929bccf7af67fd8af7d95cddc009c6f81812d8
  • Follow the Docs Upgrading Instructions

If you’re using MyBB 1.8.10 or lower:

  • Download and use the full 1.8.12 Release Package
    • MD5: aa0e92e5e55b69f33cab3401994f767a
    • SHA1: 1a406afbb9343145877b0382ab479dc5d17d7813
    • SHA256: a6decde96ae84a2f34a40c2f175172be163ca1fb294c5e4cef5a6396c3eb9f42
    • SHA512: c5292eab2b9a6dbefe1a696aecdb3202a7d4c9f27de3983ba975c3381aaadd775537f4bd5e389eee18ee2237506a2c8e8bb60e2ec7f0f48483335c8e3a6a5ce4
  • Follow the Docs Upgrading Instructions

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

Thanks,

MyBB Team

MyBB 1.8.8 & Merge System 1.8.8 Release

Posted on by

MyBB 1.8.8 is now available from the MyBB website, and is a security and maintenance release.

What’s added/changed in this version?

This release fixes 7 security vulnerabilities and 58 reported issues causing incorrect functionality of MyBB. Please be aware that not all issues have been fixed in this version in order to provide easy to manage updates.

  • Vulnerabilities:
    • Medium risk: Style import CSS overwrite on Windows servers – reported by patryk
    • Medium risk: SQL Injection in the users data handler – reported by afinepl
    • Medium risk: SSRF attack in fetch_remote_file() – reported by dawid_golunski
    • Medium risk: Possible short name access to ACP backups on Windows servers – reported by kevinoclam
    • Low risk: Stored XSS in the ACP – reported by patryk
    • Low risk: Loose comparison false positives – reported by Devilshakerz
    • Low risk: Possible XSS injection in ACP users module – reported by afinepl

Please view the 1.8.8 changes on the Docs site for more information about the changes in this version.

Please note, that you do need to run the upgrade script for this version.

Upgrading from 1.8.7 and Other Versions

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 23 language files and 64 templates were changed or added.

If you’re using MyBB 1.8.7:

  • Download and use the Changed Files Package
    • MD5: 43028accb46eecf8016ef5fdc4fe522a
    • SHA1: 2c9985353e87c8710bdcdcf1856b0a6c63961317
    • SHA256: bb479145b44f169c301c21425f78742d8cacd9fd9ef4543c2a5e39ab540f769e
    • SHA512: 47ddbd601d008e9cb7309b328d36df95f901d1935593ded61e70cef22dc1312257266e056e5ea9d214babfd47a0aeb9560e9d11a5abb8d68a244f442467c41854a73f915ee3f4e6bd2f654334ca0f75
  • Follow the Docs Upgrading Instructions

If you’re using MyBB 1.8.6 or lower:

  • Download and use the full 1.8.8 Release Package
    • MD5: 2e09c9fd3b2416ac3fea9bada18d61e5
    • SHA1: 2b8469cb42c3a66ec7e3253aa0cced464585d3dd
    • SHA256: e63bd3ce5b8a7c4166102baa75f0aab1d12fc64379658a027d8bf49a437a469a
    • SHA512: 8dec5923737b11deae578ed02f259acda01ca5bcc9032bc01df1e2d77ce36c54f87e66e42850460c8ea07515d99d4b5da4a73f915ee3f4e6bd2f654334ca0f75
  • Follow the Docs Upgrading Instructions

This update includes security fixes that may need your attention:

  • Additional rules disallowing access to the database backups directory (admin/backups/) were added to htaccess.txt and htaccess-nginx.txt, addressing a security issue affecting Windows installations – remember to update your configuration files.
  • $config['disallowed_remote_hosts'] and $config['disallowed_remote_addresses'] variables, containing default loopback hosts and IPv4 addresses, were added to the inc/config.php file, addressing a SSRF vulnerability – remember to update your configuration files and, if applicable, add further hosts and/or addresses that MyBB shouldn’t attempt to access.

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

MyBB Merge System 1.8.8

MyBB Merge System 1.8.8 is now available on the MyBB website and is a maintenance update to the MyBB Merge 1.8 series.

This release is to ensure that all users of MyBB Merge 1.8 have the latest fixes.

This release fixes several reported issues since the release of 1.8.7, which caused some incorrect functionality of the Merge System. These bugs have been fixed to provide a more stable version of the Merge System for public use.

What’s new in this version?

  • 5 bug fixes (View all)
  • Preliminary support for merges from vBulletin 5 installations. This module hasn’t had a lot of testing, so please report back with how vBulletin 5 merges go and always test your merge on a local machine first.

Important note

This will be the last release of the Merge System 1.8. We’re instead concentrating development efforts on MyBB 2.0 and a brand new Merge System to accompany it – please stay tuned for more news on the new merge system!

Thanks,

MyBB Team

Shuttering of the 2.0 host compatibility repository

Posted on by

Not long ago, we started a new project to gather information about the PHP versions that various web hosts support. The aim of this project was to gather a list of web hosting companies who would be able to host the upcoming MyBB 2.0 release.

Since starting that project, we have received several contributions. However, we’ve also since changed the PHP version requirements that we will require for 2.0. As such, we are closing the mybb/2.0-Hosts repository and instead asking that users please make use of the PHP Versions website to track the PHP versions on offer at different hosts. This website operates in a similar way to the old MyBB project, but is much more widely used and already contains information for lots of different hosts. For more information on contribution to the PHP Versions website, please see the contributing guide.

MyBB Seeking Your Help – Open Staff Positions

Posted on by

Hi,

We currently have some open positions on the MyBB Team, especially in SQA. If you’re interested in becoming a part of the team, we’d like to hear from you.

Please note that all positions are on a volunteer basis, you’re under no obligation to stay with the MyBB Group if you have other commitments that need attending.

Requirements

Development

Continued contribution to the quality of either the 1.x or 2.x series, including:

  • Good MyBB and PHP (OOP)/MySQL/JS (jQuery) and/or HTML/CSS knowledge
  • Basic understanding of testing and git/GitHub
  • Laravel familiarity for 2.x development would be welcome
  • At least several qualitative contributions to our GitHub repositories/mods site and/or external GitHub repositories and/or external GitHub repositories (themes if you’re a designer, plugins/code changes if you’re a programmer)
  • Good communication skills in English

Support

Continued support on our forums:

  • Good MyBB/CSS/HTML knowledge, MySQL/PHP/JS (jQuery) knowledge would also be welcome
  • At least 50-100 high-quality support posts
  • Adequate patience when helping inexperienced forum admins
  • Good communication skills in English

Quality Assurance

Continued contribution to the quality of either the 1.x or 2.x series, including:

  • Good MyBB/MyBB plugins/PHP (OOP)/MySQL/JS (jQuery) knowledge
  • Ability to detect and confirm vulnerabilities
  • Basic understanding of testing and git/GitHub
  • Good communication skills in English

How to Apply

All applications should be submitted in the Private Inquiries section: http://community.mybb.com/forum-135.html

Please include the position you’re applying for, background information on yourself, information on your knowledge of MyBB, PHP, MySQL and JavaScript, if necessary, your experience/works and any other information you wish to include.

We will aim to reply to all applications but if you don’t receive a reply, no – we haven’t forgotten about you, it’s just that there are usually too many applications to individually reply to each one. Private messages containing applications/team position queries will be ignored.

Thank you,
MyBB Team

MyBB 2.0 Repositories Are Finally Public

Posted on by

Yep, you read that right. The MyBB 2.0 repositories are finally open to the public for browsing and contribution. The repositories we are opening are:

  • mybb/mybb2 – the core of MyBB 2.0, based on a Laravel skeleton template. This repository contains the core forum and is where the majority of work happens. The overall structure of this repository will be changing through the New Year to make deployment easier on shared hosts and other setups.
  • mybb/Auth – a modified authentication package for MyBB 2.0. This is based around the Laravel 5.0 Auth package, and is about to receive a major overhaul to make use of the Laravel 5.1 and 5.2 authentication changes.
  • mybb/Parser – the core post parser for MyBB 2.0. The majority of the parsing logic has simply been imported from MyBB 1.x in the current incarnation in order to get a working parser implementation. The future plans for this repository include adding further unit tests and refactoring the BBCode/MyCode parsing to use a proper parser/lexer rather than a large jumble of regular expressions.
  • mybb/Settings – the core settings system of MyBB 2.0. This package provides both site-wide and user settings and can easily be used for other projects and plugins. Settings are split into “packages”, with “mybb/core” being the core MyBB package. Further documentation and details will be explained about this package in an upcoming development post.

Browsing these repositories should make it fairly clear that while MyBB 2.0 has had a good start so far, it is still far from done. Original plans were to have an Alpha release available by the end of 2015, but these plans have unfortunately not come to fruition. It is our hope that making these repositories public will bring more contributions, suggestions and feedback from you the community.

For now we are simply opening these repositories, but over the New Year and Christmas holidays we will be documenting our code formatting, contribution guidelines and our roadmap and plans for MyBB 2.0 more fully in the MyBB 2.0 Planned Features forum. Rather than blogging about each of these, we will be writing topics that will be stuck to that forum to provide guidelines about our expectations.

We also plan to keep up our (recently lacking) development blog posts which will cover the usage of the components we are open sourcing as well as other components that will be created in the future. Future components and progress will be developed fully in the open, utilising our new BSD-3 licence.

As a closing note, MyBB 2 is in no way stable yet and should not be used on a live forum at all right now. Open sourcing these repositories is aimed primarily at developers and experienced administrators wanting to provide input and feedback on the future direction of MyBB. No support will be provided for any of the code in these repositories until we reach a Beta release.

We wish all of our users a happy holiday season,

The MyBB team

2.0 Dev Post #6

Posted on by

It’s that time again, time for another MyBB 2.0 dev blog! This post is the sixth in a series of development update posts regarding MyBB 2.0. Currently in pre-alpha, MyBB 2.0 is the long awaited upcoming major version of the open source MyBB forum software. We’ll be posting regular updates (we promise!) in regards to the development to keep you all updated. The development team have been hard at work since our last dev post, adding new features and polishing existing functionality. This post will take a slightly different approach to previous posts by focusing on a single aspect of 2.0 in slightly more detail, namely the new responsive styling. Continue reading

2.0 Dev Post #5

Posted on by

It’s that time again, time for another MyBB 2.0 dev blog! This post is the fifth in a series of development update posts regarding MyBB 2.0. Currently in pre-alpha, MyBB 2.0 is the long awaited upcoming major version of the open source MyBB forum software. We’ll be posting regular updates (we promise!) in regards to the development to keep you all updated. The development team have been hard at work since our last dev post, adding new features and polishing existing functionality. This post will explore some of these new features and highlight our approach to the development of the system.

Note that all screenshots and details contained within these posts are subject to change and is taken from early developmental software; details are in no way indicative of the features or presentation of the final software. Continue reading