MyBB 1.4.8 is now available on the MyBB website and is a general maintenance and security release.
This release fixes several reported issues with version released since 1.4.6 causing some incorrect functionality of MyBB. These bugs have been fixed to provide a more stable version of MyBB for public use.
What’s added/changed in this version?
- One Low XSS Vulnerability fixed in the Archive – This is tagged as low because it requires moderator permissions. This vulnerability was discovered and reported by frostschutz.
- One Medium XSS vulnerabilities fixed in Attachments – This vulnerability was reported by frostschutz.
Please note that this patch will remove the ability to open some types of attachments directly in your browser (e.g. QuickTime Movies), and will instead ask you to download them. - … Several other bug fixes
This release has been tested by our Software Quality Assurance group.
MyBB 1.4.7 to MyBB 1.4.8 Patch
This patch is only for users running MyBB 1.4.7. If you are running any other version of the MyBB 1.4 series then please download MyBB 1.4.8 from the MyBB site and update to it.
If you wish to manually patch your board please download “mybb_1407_patches.txt” and follow the instructions in that file.
The manual patch set instructions only fixes the security vulnerabilities and is only made available to temporarily secure your forum until you have time to run the complete upgrade.
Information on upgrading, template changes and language changes can be found in the posts below.
Please note, that you need to run the upgrade script for this version.
This is so the templates may be updated.
There are no database schema changes in this version.
Reporting MyBB security vulnerabilities
If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.
As always, you can send through security related messages on the MyBB website from the Contact Us page.
MyBB 1.2.14 Patch
Users running MyBB 1.2.14 or any previous release of the MyBB 1.2 series may use the same manual instructions provided in the “mybb_1407_patches.txt” attachment (excluding the version change).
Upgrading from the 1.4 series
When upgrading from 1.4.7, you will not lose any custom themes, plugins or language packs which you may have installed.
Follow the general [Wiki: Upgrading] guide outlined on the MyBB Wiki to complete the upgrade process. You may download a ZIP archive of changed files here:
You must then check for modified templates using the instructions below.
Upgrading from other versions
If you are upgrading from a version earlier than 1.2 then you will lose your custom themes, templates and language packs due to the number of changes between your version and the 1.2 series.
Before you attempt to upgrade, ensure you have a database backup and a copy of the files currently in use on your board. This is so you can revert back to your earlier version if you need to or something goes horribly wrong with the upgrade process.
Follow the general [Wiki: Upgrading] guide outlined on the MyBB Wiki to complete the upgrade process.
Changed files since MyBB 1.4.6
- announcements.php
- attachment.php
- forumdisplay.php
- global.php
- member.php
- report.php
- search.php
- sendthread.php
- showthread.php
- syndication.php
- xmlhttp.php
- install/
- resources/
- mybb_theme.xml
- resources/
- archive/
- index.php
- admin/
- inc/
- functions_view_manager.php
- modules/
- forum/
- management.php
- style/
- templates.php
- tools/
- adminlog.php
- config/
- plugins.php
- spiders.php
- user/
- admin_permissions.php
- users.php
- forum/
- inc/
- inc/
- class_core.php
- class_language.php
- class_moderation.php
- functions.php
- functions_search.php
- plugins/
- akismet.php
- cachehandlers/
- memcache.php
- languages/
- english.php
- english/
- global.lang.php
- admin/
- config_spiders.lang.php
- datahandlers/
- pm.php
- post.php
- user.php
* Red represents files that contain security updates
* Green represents new files added in this release
Bugs fixed since MyBB 1.4.6
- #51407 – change permission for admin user
- #51377 – Plugins with Admin CP Hooks run on Plugin Updates page
- #51257 – Syndication.php MySQL Error (Limit Option) [R] [C-StefanT]
- #51177 – [Archive] sticky lack htmlspecialchars_uni() escaping [C-StefanT]
- #51054 – Archive – SQL bug fetching attachments/posts with abandoned thread [C-StefanT]
- #50833 – Birthday without day [C-StefanT]
- #50441 – Search Bug w/ “and” [R] [C-StefanT]
- #50324 – Missing space character [R] [C-Michael S.]
- #50323 – Missing </tr> in Template modcp_ipsearch_result [R] [C-Michael S.]
- #50291 – Validation Issue [C-Chris W B.]
- #50287 – Akismet plugin username link problem [C-StefanT]
- #50240 – Ability to delete templates [C-Chris W B.]
- #49888 – [typo] memcache.php [C-StefanT]
- #49838 – [pgsql] Reporting posts in unmoderated forums [C-StefanT]
- #49461 – [typo] inc/cachehandlers/memcache.php [C-StefanT]
- #49898 – Template problem with announcements and no threads [C-StefanT]
- #49276 – canviewthreads error problem [C-StefanT]
- #49258 – Notification about new reported posts via PM [C-StefanT]
- #49256 – Notification about new PM from MyBB Engine [R] [C-StefanT]
- #49255 – [pgsql] Report posts [C-StefanT]
- #49251 – [Typo] class_moderation.php (1.4.?) [R] [C-StefanT]
- #49111 – Percent of total posts [R] [C-StefanT]
- #48814 – config_spiders.lang.php overrides $lang->language [C-sayakb]
- #48773 – Usergroup email limit off by one error [C-sayakb]
- #48771 – Merged Account Reputation Issue
- #48692 – announcement in password protected forum [C-sayakb]
- #48670 – Find user posts – not displaying new posts (when hitting limit) [R]
- #48668 – Displaying search results as posts for moderators [R] [C-StefanT]
- #48603 – Bug? Admins cannot see user list
- #48601 – [pgsql] SQL error if threads are moderated [C-StefanT]
- #47745 – editpost.php issue with closed forums [R]
Theme and template changes
Using the “Find Updated” link under the “Templates” page in the Admin CP you can find a list of the templates that have changed in this release that you’ve got one or more custom copies of.
After identifying changed templates using the tool you can either revert your custom template to the default (delete it) or use the “diff” tool to perform a difference analysis on your custom template and the default.
“Revert required” indicates that for this template to work correctly with MyBB 1.4.8 you’ll either need to revert it to the default or modify your custom template to include the changes in the default. If a revert is not required your custom version of the template should work perfectly fine.
Template changes
Since MyBB 1.4.6 the following templates have had changes to them:
- modcp_ipsearch_result
- forumdisplay_announcements_announcement
* Red represents the template must be updated or reverted to fix security problems
Language file changes
Since MyBB 1.4.6 the following language files have had changes to them:
- global.lang.php
- admin/
- config_spiders.lang.php
Either update your language packs to include the changes in these files or revert to the standard English language pack.
Plugins
Most of your MyBB 1.4.x plugins will work correctly with 1.4 without any updates.
MyBB Blog 