MyBB 1.8.37 is now available, and is a security & maintenance release.

This version includes improvements for compatibility with mailing configurations and recent PHP versions.

• 2 security vulnerabilities addressed:
  • Medium risk: Visual editor size code persistent XSS (advisory) — reported by Paulos Yibelo (Octagon Networks)
  • Low risk: ACP Themes persistent XSS (advisory) — reported by Or4nG.M4n
• 12 issues resolved

Check the Release Notes for more information.

Get latest MyBB Full & Upgrade Packages →

The MyBB Project extends thanks to reporters and researchers following responsible disclosure.
Go to mybb.com/security to report possible security concerns or to learn more about security research at MyBB.
If you would like to contribute to the Project, Get Involved.

Thanks,
MyBB Team

MyBB 1.8.36 is now available, and is a security release.

After applying the patch, we recommend using the Admin CP’s Tools & Maintenance → System Health → Check Templates tool to scan for security issues that may not have been detected before this version.

• 1 security vulnerability addressed:
  • High risk: ACP Templates RCE (advisory) — reported by Emmet Leahy

Check the Release Notes for more information.

Get latest MyBB Full & Upgrade Packages →

The MyBB Project extends thanks to reporters and researchers following responsible disclosure.
Go to mybb.com/security to report possible security concerns or to learn more about security research at MyBB.
If you would like to contribute to the Project, Get Involved.

Thanks,
MyBB Team

MyBB 1.8.34 is now available, and is a security & maintenance release.

• 1 security vulnerability addressed:
  • Low risk: User CP email persistent XSS (advisory) — reported by Ahmet Altuntaş
• 13 issues resolved

Check the Release Notes for more information.

Get latest MyBB Full & Upgrade Packages →

The MyBB Project extends thanks to reporters and researchers following responsible disclosure.
Go to mybb.com/security to report possible security concerns or to learn more about security research at MyBB.
If you would like to contribute to the Project, Get Involved.

To keep up with Project news, you can now follow MyBB on Mastodon.

Thanks,
MyBB Team

MyBB 1.8.33 is now available, and is a security & maintenance release.

This version improves cache system stability, and compatibility with PostgreSQL (PDO) and recent PHP versions.

• 1 security vulnerability addressed:
  • High risk: ACP Languages local file inclusion (advisory) — reported by yelang123 (Stealien), NGA (Stealien)
• 8 issues resolved

Check the Release Notes for more information.

Get latest MyBB Full & Upgrade Packages →

The MyBB Project extends thanks to reporters and researchers following responsible disclosure.
Go to mybb.com/security to report possible security concerns or to learn more about security research at MyBB.
If you would like to contribute to the Project, Get Involved.

Thanks,
MyBB Team

MyBB 1.8.32 is now available, and is a security & maintenance release.

This version addresses reported security problems and updates SCEditor to the latest version.

• 3 security vulnerabilities addressed:
  • High risk: Visual editor persistent XSS (advisory) — reported by Aleksey Solovev (Positive Technologies)
  • Medium risk: ACP Users SQL injection (advisory) — reported by Aleksey Solovev (Positive Technologies)
  • Low risk: Attachment upload XSS (advisory) — reported by Aleksey Solovev (Positive Technologies)
• 1 issues resolved

Check the Release Notes for more information.

Get latest MyBB Full & Upgrade Packages →

The MyBB Project extends thanks to reporters and researchers following responsible disclosure.
Go to mybb.com/security to report possible security concerns or to learn more about security research at MyBB.
If you would like to contribute to the Project, Get Involved.

Thanks,
MyBB Team

MyBB 1.8.31 is now available, and is a security & maintenance release.

This version resolves discovered bugs and regressions, and improves compatibility with database engines and recent PHP versions.

Please note that the value of Additional Parameters for PHP’s mail() (Mail Settings) now only takes effect when saved in the Configuration File.

• 1 security vulnerability addressed:
  • Medium risk: Mail settings command parameter injection (advisory)
• 21 issues resolved

Check the Release Notes for more information.

Get latest MyBB Full & Upgrade Packages →

Go to mybb.com/security to report possible security concerns or to learn more about security research at MyBB.
If you would like to contribute to the Project, Get Involved.

Thanks,
MyBB Team

MyBB 1.8.30 is now available, and is a security release.

• 1 security vulnerability addressed:
  • High risk: ACP Settings management RCE (advisory) — reported by Cillian Collins / Trend Micro Zero Day Initiative

Check the Release Notes for more information.

Get latest MyBB Full & Upgrade Packages →

The MyBB Project extends thanks to reporters and researchers following responsible disclosure.
Go to mybb.com/security to report possible security concerns or to learn more about security research at MyBB.
If you would like to contribute to the Project, Get Involved.

Thanks,
MyBB Team

MyBB 1.8.29 is now available, and is a security release.

• 1 security vulnerability addressed:
  • High risk: ACP Settings management RCE (advisory) — reported by Xiangwen (Evan) Yu

Check the Release Notes for more information.

Get latest MyBB Full & Upgrade Packages →

The MyBB Project extends thanks to reporters and researchers following responsible disclosure.
Go to mybb.com/security to report possible security concerns or to learn more about security research at MyBB.
If you would like to contribute to the Project, Get Involved.

Thanks,
MyBB Team

MyBB 1.8.28 is now available, and is a security & maintenance release.

This version resolves discovered bugs and regressions, and addresses known PHP 8 compatibility problems.

This version enables validation of HTML code generated by the MyCode parser — check the Documentation page and previous announcement for more details.

• 1 security vulnerability addressed:
  • Medium risk: ACP Template Name XSS (advisory) — reported by Andrey Stoykov
• 28 issues resolved

Check the Release Notes for more information.

Get latest MyBB Full & Upgrade Packages →

The MyBB Project extends thanks to reporters and researchers following responsible disclosure.
Go to mybb.com/security to report possible security concerns or to learn more about security research at MyBB.
If you would like to contribute to the Project, Get Involved.

Thanks,
MyBB Team

MyBB 1.8.26 is now available, and is a security release.

• 6 security vulnerabilities addressed:
  • High risk: Nested Auto URL persistent XSS (advisory) — reported by Simon Scannell & Carl Smith
  • Medium risk: Theme properties SQL injection (advisory) — reported by Simon Scannell & Carl Smith
  • Medium risk: Poll vote count SQL injection (advisory) — reported by Devilshakerz (MyBB Team)
  • Medium risk: Forum Management SQL injection (advisory) — reported by Devilshakerz (MyBB Team)
  • Medium risk: Usergroups SQL injection (advisory) — reported by Devilshakerz (MyBB Team)
  • Low risk: Custom moderator tools reflected XSS (advisory) — reported by Devilshakerz (MyBB Team)

Check the Release Notes for more information.

Get latest MyBB Full & Upgrade Packages →

The MyBB Project extends thanks to reporters and researchers following responsible disclosure.
Go to mybb.com/security to report possible security concerns or to learn more about security research at MyBB.
If you would like to contribute to the Project, Get Involved.

Thanks,
MyBB Team