Category Archives: Merge System

MyBB 1.8.11 & Merge System 1.8.11 Release

Posted on by

MyBB 1.8.11 is now available from the MyBB website, and is a security and maintenance release.

What’s added/changed in this version?

This release fixes 3 security vulnerabilities and 32 reported issues causing incorrect functionality of MyBB. Please be aware that not all issues have been fixed in this version in order to provide easy to manage updates.

  • Vulnerabilities:
    • High risk: XSS Injection in Email MyCode – reported by Zhiyang Zeng of Tencent security platform department
    • Medium risk: SSRF protection can be bypassed – reported by Orange Tsai of DEVCORE and Jasveer Singh of SEC Consult Vulnerability Lab
    • Low risk: Directory Traversal in smilie module – reported by Zhiyang Zeng of Tencent security platform department

Please view the 1.8.11 changes on the Docs site for more information about the changes in this version.

Please note, that you do need to run the upgrade script for this version.

Upgrading from 1.8.10 and Other Versions

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 5 language files and 7 templates were changed or added.

If you’re using MyBB 1.8.10:

  • Download and use the Changed Files Package
    • MD5: f99cdecf3d96c8c39441c81d8468e4f6
    • SHA1: 323bec46d3da051fe5e9899e1a4ffdd8e538b5f5
    • SHA256: f3a50f31dc6045e63ccad826fd4fa35f1240891238f4fbcdaeb724835cd58f4d
    • SHA512: 4d9018f2e1f286dd447e4c4db0ba9be18b1c407ed63272711d11deb6a09d7e301967917d465e368d8ebdd046cc0c7c5a23308b8ed72f8d5f9e9307ba6a81f8e3
  • Follow the Docs Upgrading Instructions

If you’re using MyBB 1.8.9 or lower:

  • Download and use the full 1.8.11 Release Package
    • MD5: d4d3de795b69b076264a007e7a989f64
    • SHA1: 5ca8bf23a8efe0940bfe3c6fba852676144ea134
    • SHA256: c95cf770fffb37f811bee17a828cea8f0c789f22069c1783f3fb6f567fa7ca43
    • SHA512: 9db6ec3894cd66a26dffb5682109e25073148f1c885f2e0638be8c7d95eb2ba5e16db6dc66087431e919d849acdb7c2c11c95e247e99f6f8f44bcc19fe721015
  • Follow the Docs Upgrading Instructions

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

MyBB Merge System 1.8.11

MyBB Merge System 1.8.11 is now available on the MyBB website and is a maintenance update to the MyBB Merge 1.8 series.

This release is to ensure that all users of MyBB Merge 1.8 have the latest fixes.

What’s new in this version?

Thanks,

MyBB Team

Note about updated packages

The original packages have been replaced by updated packages to fix a compatibility issue causing warnings on certain PHP environments.

If you installed or updated your forums using either the full or changed files packages prior to 19:00 on April 6, 2017 GMT please download a fresh package from the links above and replace the following file:

  • inc/functions.php

You do not need to run the installer or make any further changes. You can use the file verification tool to determine whether you have the latest package, the file above will appear to be modified if you need to download an updated copy.

We apologise of any inconvenience.

MyBB 1.8.8 & Merge System 1.8.8 Release

Posted on by

MyBB 1.8.8 is now available from the MyBB website, and is a security and maintenance release.

What’s added/changed in this version?

This release fixes 7 security vulnerabilities and 58 reported issues causing incorrect functionality of MyBB. Please be aware that not all issues have been fixed in this version in order to provide easy to manage updates.

  • Vulnerabilities:
    • Medium risk: Style import CSS overwrite on Windows servers – reported by patryk
    • Medium risk: SQL Injection in the users data handler – reported by afinepl
    • Medium risk: SSRF attack in fetch_remote_file() – reported by dawid_golunski
    • Medium risk: Possible short name access to ACP backups on Windows servers – reported by kevinoclam
    • Low risk: Stored XSS in the ACP – reported by patryk
    • Low risk: Loose comparison false positives – reported by Devilshakerz
    • Low risk: Possible XSS injection in ACP users module – reported by afinepl

Please view the 1.8.8 changes on the Docs site for more information about the changes in this version.

Please note, that you do need to run the upgrade script for this version.

Upgrading from 1.8.7 and Other Versions

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 23 language files and 64 templates were changed or added.

If you’re using MyBB 1.8.7:

  • Download and use the Changed Files Package
    • MD5: 43028accb46eecf8016ef5fdc4fe522a
    • SHA1: 2c9985353e87c8710bdcdcf1856b0a6c63961317
    • SHA256: bb479145b44f169c301c21425f78742d8cacd9fd9ef4543c2a5e39ab540f769e
    • SHA512: 47ddbd601d008e9cb7309b328d36df95f901d1935593ded61e70cef22dc1312257266e056e5ea9d214babfd47a0aeb9560e9d11a5abb8d68a244f442467c41854a73f915ee3f4e6bd2f654334ca0f75
  • Follow the Docs Upgrading Instructions

If you’re using MyBB 1.8.6 or lower:

  • Download and use the full 1.8.8 Release Package
    • MD5: 2e09c9fd3b2416ac3fea9bada18d61e5
    • SHA1: 2b8469cb42c3a66ec7e3253aa0cced464585d3dd
    • SHA256: e63bd3ce5b8a7c4166102baa75f0aab1d12fc64379658a027d8bf49a437a469a
    • SHA512: 8dec5923737b11deae578ed02f259acda01ca5bcc9032bc01df1e2d77ce36c54f87e66e42850460c8ea07515d99d4b5da4a73f915ee3f4e6bd2f654334ca0f75
  • Follow the Docs Upgrading Instructions

This update includes security fixes that may need your attention:

  • Additional rules disallowing access to the database backups directory (admin/backups/) were added to htaccess.txt and htaccess-nginx.txt, addressing a security issue affecting Windows installations – remember to update your configuration files.
  • $config['disallowed_remote_hosts'] and $config['disallowed_remote_addresses'] variables, containing default loopback hosts and IPv4 addresses, were added to the inc/config.php file, addressing a SSRF vulnerability – remember to update your configuration files and, if applicable, add further hosts and/or addresses that MyBB shouldn’t attempt to access.

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

MyBB Merge System 1.8.8

MyBB Merge System 1.8.8 is now available on the MyBB website and is a maintenance update to the MyBB Merge 1.8 series.

This release is to ensure that all users of MyBB Merge 1.8 have the latest fixes.

This release fixes several reported issues since the release of 1.8.7, which caused some incorrect functionality of the Merge System. These bugs have been fixed to provide a more stable version of the Merge System for public use.

What’s new in this version?

  • 5 bug fixes (View all)
  • Preliminary support for merges from vBulletin 5 installations. This module hasn’t had a lot of testing, so please report back with how vBulletin 5 merges go and always test your merge on a local machine first.

Important note

This will be the last release of the Merge System 1.8. We’re instead concentrating development efforts on MyBB 2.0 and a brand new Merge System to accompany it – please stay tuned for more news on the new merge system!

Thanks,

MyBB Team

MyBB 1.8.7 & Merge System 1.8.7 Release

Posted on by

MyBB 1.8.7 – Security & Maintenance Release

MyBB 1.8.7 is now available from the MyBB website, and is a security and maintenance release.

What’s added/changed in this version?

This release fixes 13 security vulnerabilities and 83 reported issues causing incorrect functionality of MyBB. Please be aware that not all issues have been fixed in this version in order to provide easy to manage updates.

  • Vulnerabilities:
    • Medium risk: Possible SQL Injection in moderation tool – reported by jamslater
    • Low risk: Missing permission check in newreply.php – reported by StefanT
    • Low risk: Possible XSS Injection on login – reported by Devilshakerz
    • Low risk: Possible XSS Injection in member validation – reported by Tim Coen
    • Low risk: Possible XSS Injection in User CP – reported by Tim Coen
    • Low risk: Possible XSS Injection in Mod CP logs – reported by Starpaul20
    • Low risk: Possible XSS Injection when editing users in Mod CP – reported by Tim Coen
    • Low risk: Possible XSS Injection when pruning logs in ACP – reported by Devilshakerz
    • Low risk: Possibility of retrieving database details through templates – reported by Tim Coen
    • Low risk: Disclosure of ACP path when sending mails from ACP – reported by sarisisop
    • Low risk: Low adminsid & sid entropy – reported by Devilshakerz
    • Low risk: Clickjacking in ACP – reported by DingjieYang
    • Low risk: Missing directory listing protection in upload directories – reported by Tim Coen

Please view the 1.8.7 changes on the Docs site for more information about the changes in this version.

Please note, that you do need to run the upgrade script for this version.

Upgrading from 1.8.6 and Other Versions

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 15 language files and 41 templates were changed or added.

If you’re using MyBB 1.8.6:

If you’re using MyBB 1.8.5 or lower:

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

MyBB Merge System 1.8.7

MyBB Merge System 1.8.7 is now available on the MyBB website and is a maintenance update to the MyBB Merge 1.8 series.

This release is to ensure that all users of MyBB Merge 1.8 have the latest fixes.

This release fixes several reported issues since the release of 1.8.6, which caused some incorrect functionality of the Merge System. These bugs have been fixed to provide a more stable version of the Merge System for public use.

What’s new in this version?

Thanks,

MyBB Team

Note about updated packages

The original packages have been replaced by updated packages to fix minor compatibility issues with PHP 5.2 and PostgreSQL and to fix issues with font MyCode and search functionality.

If you installed or updated your forums using either the full or changed files packages prior to 19:00 p.m. on March 25, 2016 GMT please download a fresh package from the links above and replace the following files:

  • inc/cachehandlers/apc.php
  • inc/cachehandlers/eaccelerator.php
  • inc/cachehandlers/interface.php
  • inc/cachehandlers/memcache.php
  • inc/cachehandlers/memcached.php
  • inc/cachehandlers/xcache.php
  • inc/class_parser.php
  • install/resources/upgrade35.php
  • search.php

You do not need to run the installer or make any further changes. You can use the file verification tool to determine whether you have the latest package, the file above will appear to be modified if you need to download an updated copy.

We apologise of any inconvenience.

MyBB 1.8.6, 1.6.18 & Merge System 1.8.6 Release

Posted on by

MyBB 1.8.6 – Security & Maintenance Release

MyBB 1.8.6 is now available from the MyBB website, and is a security and maintenance release.

What’s added/changed in this version?

This release fixes 5 security vulnerabilities and 51 reported issues causing incorrect functionality of MyBB. Please be aware that not all issues have been fixed in this version in order to provide easy to manage updates.

  • Vulnerabilities:
    • Medium Risk: Forum password bypass in xmlhttp.php – reported by Devilshakerz
    • Low Risk: SQL Injection in Grouppromotions module (ACP) – reported by Devilshakerz
    • Low Risk: Possible XSS Injection in the error handler – reported by FooBar123
    • Low Risk: Possible XSS issues in old upgrade files – reported by FooBar123
    • Low Risk: Possible Full Path Disclosure in publicly accessible error log files – reported by Devilshakerz

Please view the 1.8.6 changes on the Docs site for more information about the changes in this version.

Please note, that you do need to run the upgrade script for this version.

Upgrading from 1.8.5 and Other Versions

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 7 language files and 19 templates were changed or added.

If you’re using MyBB 1.8.5:

If you’re using MyBB 1.8.4 or lower:

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

MyBB 1.6.18 – Security Release

MyBB 1.6.18 is now available from the MyBB website. It fixes 1 medium risk and 3 low risk vulnerabilities.

Please note that we’ve extended support period for MyBB 1.6 to give you additional time for upgrading your forum until 1st of October 2015. After that time no support will be provided for MyBB 1.6.

What’s added/changed in this version?

The vulnerabilities are:

Please view the 1.6.18 changes on the Docs site for more information about the changes in this version.

Please note, that you do not need to run the upgrade script for this version.
There are no database schema changes in this version.

Upgrading from 1.6.17 and Other Versions

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is not required. There are no changes to language files. No templates have been changed or added.

If you’re using MyBB 1.6.17:

If you’re using MyBB 1.6.16 or lower

  • Download and use the full 1.6.18 Release Package (MD5: ad17b498116831a1d1d75bf07351ea0c)
  • Follow the Docs Upgrading Instructions

MyBB Merge System 1.8.6

MyBB Merge System 1.8.6 is now available on the MyBB website and is a maintenance update to the MyBB Merge 1.8 series.

This release is to ensure that all users of MyBB Merge 1.8 have the latest fixes.

This release fixes several reported issues since the release of 1.8.5, which caused some incorrect functionality of the Merge System. These bugs have been fixed to provide a more stable version of the Merge System for public use.

What’s new in this version?

  • 11 bug fixes (View all)
    • New module: Avatars are now finally merged!
    • Counters are finally updated automatically – no need to run them manually after the merge
    • Multiple changes to make the merge system more intuitive

Thanks,

MyBB Team

MyBB 1.8.5, 1.6.17 & Merge System 1.8.5 Release

Posted on by

MyBB 1.8.5 – Security & Maintenance Release

MyBB 1.8.5 is now available from the MyBB website, and is a security and maintenance release.

What’s added/changed in this version?

This release fixes 6 security vulnerabilities and 58 reported issues causing incorrect functionality of MyBB. Please be aware that not all issues have been fixed in this version in order to provide easy to manage updates.

  • Vulnerabilities:
    • Medium Risk: Reset password code check could be circumvented in member.php – reported by solati.sadegh
    • Medium Risk: Sender email could be spoofed when sending an email to a user in member.php – reported by onlinedevelopers
    • Medium Risk: Permissions not checked for post search with old sid in search.php – reported by pedder55655
    • Medium Risk: XSS in quick edit function of xmlhttp.php – reported by TiberiusG
    • Low Risk: CSRF in ACP mass mail cancellation – reported by Destroy666
    • Low Risk: Use of the U+200E Unicode character to create “duplicate” username – reported by mahdy2021

Please view the 1.8.5 changes on the Docs site for more information about the changes in this version.

Please note, that you do need to run the upgrade script for this version.

Upgrading from 1.8.4 and Other Versions

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 12 language files and 9 templates were changed or added.

If you’re using MyBB 1.8.4:

If you’re using MyBB 1.8.3 or lower:

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

MyBB 1.6.17 – Security Release

MyBB 1.6.17 is now available from the MyBB website. It fixes 2 medium risk and 5 low risk vulnerabilities.

Please note that MyBB 1.6 is approaching its end of life and no support will be provided after 1st of September 2015 (see the EOL announcement).

What’s added/changed in this version?

The vulnerabilities are:

  • Medium Risk: Reset password code check could be circumvented in member.php – reported by solati.sadegh
  • Medium Risk: Permissions not checked for post search with old sid in search.php – reported by pedder55655
  • Low Risk: CSRF in ACP mass mail cancellation – reported by Destroy666
  • Low Risk: Use of the U+200E Unicode character to create “duplicate” username – reported by mahdy2021
  • Low Risk: Multiple XSS vulnerability requiring admin permissions – reported by adamziaja, Devilshakerz, DingjieYang and sroesemann
  • Low Risk: A CSRF vulnerability within ACP login – reported by Devilshakerz
  • Low Risk: Cache handler using var_export without encoding checks – reported by chtg

Please view the 1.6.17 changes on the Docs site for more information about the changes in this version.

Please note, that you do not need to run the upgrade script for this version.
There are no database schema changes in this version.

Upgrading from 1.6.16 and Other Versions

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is not required. There are no changes to language files. No templates have been changed or added.

If you’re using MyBB 1.6.16:

If you’re using MyBB 1.6.15 or lower

  • Download and use the full 1.6.17 Release Package (MD5: b9dd9e8cd9c6390626f850bb83cb03cb)
  • Follow the Docs Upgrading Instructions

MyBB Merge System 1.8.5

MyBB Merge System 1.8.5 is now available on the MyBB website and is a maintenance update to the MyBB Merge 1.8 series.

This release is to ensure that all users of MyBB Merge 1.8 have the latest fixes.

This release fixes several reported issues since the release of 1.8.4, which caused some incorrect functionality of the Merge System. These bugs have been fixed to provide a more stable version of the Merge System for public use.

What’s new in this version?

  • 26 bug fixes (View all)
    • Including several changes to the private message modules, forum permissions, the usergroup module and attachments
    • Support for phpBB 3.1
    • Support for IPB 4

Note about the loginconvert Plugin

The official loginconvert plugin was also updated to version 1.4.1, including fixes for password resets and special passwords. If you’ve run a merge in the past please update your plugin. Also the plugin was added to our mods site.

Thanks,

MyBB Team

MyBB 1.8.1 & Merge System 1.8.1 Release

Posted on by

MyBB 1.8.1 – Maintenance Release

MyBB 1.8.1 is now available from the MyBB website and is a maintenance release.

What’s added/changed in this version?

This release fixes 74 reported issues causing incorrect functionality of MyBB. Please be aware that to be able to provide easy to manage updates not all issues have been fixed in this version.

Please view the 1.8.1 changes on the Docs site for more information about the changes in this version.

Please note, that you do need to run the upgrade script for this version.

Upgrading from 1.8.0 and Other Versions

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 13 language files. 15 templates have been changed or added.

If you’re using MyBB 1.6.15 or lower

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

MyBB Merge System 1.8.1

MyBB Merge System 1.8.1 is now available on the MyBB website and is a maintenance update to the MyBB Merge 1.8 series.

This release is to ensure that all users of MyBB Merge 1.8 have the latest fixes.

This release fixes several reported issues since the release of 1.8.0, which caused some incorrect functionality of the Merge System. These bugs have been fixed to provide a more stable version of the Merge System for public use.

What’s new in this version?

  • 7 bug fixes (View all)
    • Including a big update to the BBCode Parser
  • We decided to readd the vBulletin 3 module after some requests. It’s now fully supported again

Thanks,

MyBB Team

MyBB Merge System 1.8

Posted on by

The MyBB Merge System for 1.8 is now available from the MyBB website.

What’s new in this version?

First we decided to drop some old modules which aren’t supported by their developers:

  • BBPress 1
  • IP.Board 2
  • Mingle
  • phpBB 2
  • vBulletin 3

And of course we’ve added more new modules (including some which you requested fairly often in the past)

  • BBPress 2
  • WoltLab Burning Board Lite 2
  • WoltLab Burning Board 3
  • WoltLab Burning Board 4
  • IP.Board 3
  • IP.Board 4 (Based on the latest Preview Release)
  • vBulletin 4
  • FluxBB
  • XenForo

And yes, we fixed finally a lot of known issues with the merge system: Fixed Bugs
But (as always) there’re still some Known Bugs.

Translations and the Merge System

Till now the Merge System was only available in english, however we decided to make the Merge System translatable too. The language file is located at “merge/language/”.

Help us!

You can report bugs and help us with the development at GitHub but even if you can’t code you can help us with sending us some sample databases (more infos on the forums).

MyBB Merge System 1.6.14

Posted on by

MyBB Merge System for 1.6.14 is now available from the MyBB website and is a maintenance update to the MyBB Merge 1.6 series.

What’s new in this version?

  • 10 bug fixes (View all)
  • Version jump to 1.6.14

Unfixed issues

Future development

We decided that 1.6.14 will be the last update for the MyBB Merge 1.6 series. At the moment everyone on the team is working on 1.8 so the next Merge Release will be after the gold release of 1.8.

How to help?

We moved the merge system to GitHub so everyone is able to help us with the development.
But even if you can’t help us with the code, you can still send us your database so we can test our modules with different databases.

MyBB Merge System 1.6.10

Posted on by

MyBB Merge System for 1.6.10 is now available from the MyBB website and is a maintenance update to the MyBB Merge 1.6 series.

This release is to ensure that users of the MyBB Merge System are able to upgrade and continue to use MyBB 1.6.10.

If you are using or looking to upgrade to MyBB 1.6.10 it is imperative you use this version of the Merge System.

Development Updates

The MyBB Team are working hard to create and update modules for the MyBB Merge System. More information is coming soon!

MyBB 1.6.7 Release, Merge 1.6.7 & MyBB 1.8 Development

Posted on by

MyBB 1.6.7 – Security, Maintenance and Feature Release

MyBB 1.6.7 is now available from the MyBB website and is a security, maintenance and feature update.

In 1.6.7 there are 5 new feature updates and over 70 reported issues fixed. Please be aware that to be able to provide easy to manage updates not all issues have been fixed in this version.

1.6.7 fixes 5 low-risk security vulnerabilities.

  • SQL injection vulnerability within the Admin Control Panel (ACP) in user search (reported by Nathan Malcolm, MyBB SQA Team)
  • SQL injection vulnerability within the ACP in Mail Log (reported by Nathan Malcolm, MyBB SQA Team)
  • SQL injection vulnerability within the ACP in User Inline Moderation (reported by Jammerx2, MyBB Developer)
  • XSS within the ACP where an orphaned attachment has a malformed filename (reported by Nathan Malcolm, MyBB SQA Team)
  • Full Path Disclosure if malformed forumread cookie is used

ACP vulnerabilities require Administrator permissions and so considered low-risk. We recommend planning your upgrade as quickly as possible to ensure your forum is as secure as it can be.

New features included in 1.6.7 update include the ability to login with a username, an email or both. For more information about new features, please see the Wiki on 1.6.7.

View 1.6.7 Changes in the Wiki

Upgrading from 1.6.6 and Other Versions

Before performing any upgrade, please remember to backup your forum’s files and database and store them safely. If you have edited core files, including languages files, please make sure you make a change log for these changes so you can make them again once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is required. There are also language and theme changes.

If you’re using MyBB 1.6.6

 

If you’re not using MyBB 1.6.6

 

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

MyBB Merge System 1.6.7

MyBB Merge System 1.6.7 is now available on the MyBB website and is a maintenance update to the MyBB Merge 1.6 series.

This release is to ensure that all users of MyBB Merge 1.6 have the latest fixes.

This release fixes several reported issues since the release of 1.6.3, which caused some incorrect functionality of the Merge System. These bugs have been fixed to provide a more stable version of the Merge System for public use.

What’s new in this version?

  • 3 bug fixes (view all)
  • Version jump to 1.6.7 from 1.6.3 to match the current MyBB Version. From now on we’ll do our best to keep these in sync.

This includes some critical fixes for phpBB that caused infinite loops.

MyBB Mascot Update


We recently held our MyBB Mascot Naming Contest.   Many community members proposed names and after a week a poll with the top names was put up.  After another week of voting, the name “Bolt”, after MyBB founder Chris Boulton, was chosen.  Proposed by Mebes Net, we of the MyBB Team feels this name conveys the strength and speed of MyBB very effectively.

We are proud to present to you the MyBB Mascot, Bolt!

MyBB 1.8 – The Bridge to 2.0

Everyone here at MyBB are proud to announce the impending arrival of our next major feature release – MyBB 1.8.

Over the last 2 months we’ve been developing in secret at our Github lair, plotting to once again attempt to take over the forum world with our evil plans and awesome free software and to celebrate the 10th anniversary of DevBB – our supreme overlord predecessor.

1.8 isn’t as big of an overhaul as 1.2, 1.4 or 1.6 upgrades which introduced more than 100 features; this is more of a facelift. We took Justin, our lead designer, and locked him in a room with nothing but bacon and water until he came up with a new default theme which is taken from one of (if not the) most popular theme collections used by MyBB communities across the world; his Apart series. That’s not all – we developed attachable base colours to themes so that creating (and using) multi-coloured themes no longer involve adding 14 separate styles. You add just one. A new default theme for your Admin Control Panel (ACP) is available too.

For more than half of MyBB’s rule of the forum world, our JavaScript has been powered by Prototype. It was a popular library when we started using it but it has fallen behind a more powerful (and popular) rival and so we’ve consigned it to MyBB history; MyBB 1.8 is powered by jQuery.

Two of the most requested features for MyBB will also be heading to 1.8. With our switch to jQuery, along comes a new post editor (yet to be decided) and a Trash Can – or more the ability to recover deleted posts via the Mod CP.

Along with the regular bug fixes and a host of other planned improvements, such as an APC cache handler, being able to make a cup of hot cocoa, separating the plugin list to active/inactive, making some functions a bit easier to use and projecting your forum’s logo onto the face of the Moon, we’ll be working with MyBB gurus to improve performance, plugin integrations and we’re looking into making the authentication to 3rd party software much easier too with a dedicated login datahandler. It doesn’t have to be just gurus though; we’ll be opening up 1.8 to everyone on Github so that they too can fork, improve, update and become one with the MyBB Team.

We’re all very excited about this release and hope you are too! More information will be coming soon but in the mean time please feel free to suggest more improvements in our Suggestions and Feedback Forum!

Thanks,

MyBB Team