Category Archives: Uncategorized

MyBB 2.0 is being put on hold

Posted on by

The community spoke and we are listening.

Effective immediately, the MyBB team will be putting 2.0 on hold and working towards a more viable & gradual approach to rewriting the core software. Rather than a total rewrite all at once that could take years to complete, we’re going to roll out smaller updates in a quicker fashion. Starting with MyBB 1.9 and onwards, each release (1.10, 1.11, 1.12, etc.) will have new features and rewritten code until we reach the ultimate goal of a totally rewritten and modern forum software.

First up is MyBB 1.9. This update will feature a responsive theme built on a new and improved, Twig template system. This system will allow template conditionals, variable loops, template includes, and much more. Along with a new theme and template system, we’re reworking & improving all of the javascript code and moving it from being inline with the theme to external files. Doing this will make it easier to manage and allow site owners to more easily implement better Content Security Policies on their forum.

In addition to the theme work outlined above, we’re going to be replacing SCEditor with TinyMCE as well as introducing the Swiftmailer mail handler. TinyMCE should be a vast improvement to the overall user experience compared to the current editor we’re using in the 1.8 series. TinyMCE is well-supported & maintained, modern and easily extensible with plugins if you’re looking for extra functionality. Swiftmailer will improve our core email functionality and should integrate better with most SMTP hosts. Swiftmailer will also allow us to retry sending failed emails, add attachments, use the BCC & CC functionality, support servers that require usernames & passwords and/or encryption and much more.

We are excited to embark on this path together with the end goal being to restore MyBB’s place as the best forum software available today— free or commercial.

Thank you for you feedback. Please continue to voice your opinion about the things that are important to you. We are all in this together!

Follow the links below to view the MyBB 1.9 repository and MyBB 1.9 forum topic, respectively:

MyBB 1.9 RepositoryMyBB 1.9 Forum Topic

MyBB Support Policy Changes

Posted on by

MyBB Seeking Your Help – Open Staff Positions

Posted on by

Hi,

We currently have some open positions on the MyBB Team, especially in SQA. If you’re interested in becoming a part of the team, we’d like to hear from you.

Please note that all positions are on a volunteer basis, you’re under no obligation to stay with the MyBB Group if you have other commitments that need attending.

Requirements

Development

Continued contribution to the quality of either the 1.x or 2.x series, including:

  • Good MyBB and PHP (OOP)/MySQL/JS (jQuery) and/or HTML/CSS knowledge
  • Basic understanding of testing and git/GitHub
  • Laravel familiarity for 2.x development would be welcome
  • At least several qualitative contributions to our GitHub repositories/mods site and/or external GitHub repositories and/or external GitHub repositories (themes if you’re a designer, plugins/code changes if you’re a programmer)
  • Good communication skills in English

Support

Continued support on our forums:

  • Good MyBB/CSS/HTML knowledge, MySQL/PHP/JS (jQuery) knowledge would also be welcome
  • At least 50-100 high-quality support posts
  • Adequate patience when helping inexperienced forum admins
  • Good communication skills in English

Quality Assurance

Continued contribution to the quality of either the 1.x or 2.x series, including:

  • Good MyBB/MyBB plugins/PHP (OOP)/MySQL/JS (jQuery) knowledge
  • Ability to detect and confirm vulnerabilities
  • Basic understanding of testing and git/GitHub
  • Good communication skills in English

How to Apply

All applications should be submitted in the Private Inquiries section: http://community.mybb.com/forum-135.html

Please include the position you’re applying for, background information on yourself, information on your knowledge of MyBB, PHP, MySQL and JavaScript, if necessary, your experience/works and any other information you wish to include.

We will aim to reply to all applications but if you don’t receive a reply, no – we haven’t forgotten about you, it’s just that there are usually too many applications to individually reply to each one. Private messages containing applications/team position queries will be ignored.

Thank you,
MyBB Team

Transparency on the hijacking of our Twitter account and 2.0 leaks

Posted on by

Recently our Twitter account was compromised and there have been questions in the community about what happened.  We’d like to take some time for a short explanation of what happened.

On January 27th, a MyBB group team member’s account was compromised, as well as his personal website.  We had unfortunately been storing out Twitter account password in plaintext in a thread.  The attacker found the password and changed the email & password of the @MyBB twitter account and began to post offensive messages.  IPs of staff members were also released during this time, as well as installation statistics.  Within two hours, we had isolated the breach and banned the staff member’s account to prevent any further purusing of private data.  The staff member in question does not have access the the Admin Control Panel, so no private user data was accessible.  We have no reason to believe any other information was accessed.  The staff member is currently on a leave of absence related to personal issues not related to MyBB.

We immediately contacted Twitter and Chris talked to a former co-worker who works at Twitter to escalate the ticket. The hacker’s access to the account was locked, and Twitter began to investigate our claim to the account.  The issue was quickly sorted and we regained access.

There was also recently a thread posted on TheAdminZone with screenshots of the 2.0 GitHub repository.  The poster claimed to be selling the 2.0 source code.  The code the user had was simple the initial commit of Laravel into the repository, none of the actual 2.0 code was present. As for seeing some of that 2.0 code, watch the blog over the next few days!

At MyBB we have a strong commitment to security.  All staff with ACP access use a secret PIN, a form of 2FA.  We release patches to any serious issues usually within hours of them being reported.  We have Two Factor Authentication enabled on our staff email accounts and Github, and are actively working on getting 2FA for our other development tools.  Security is a process, as former staff member Nathan Malcolm, now of @sintheticlabs, says.  We continue to improve our processes and incorporate more secure policies and features.