Category Archives: Updates

MyBB 1.6.8 Released – Maintenance Release

Posted on by

MyBB 1.6.8 is now available from the MyBB website and is a general maintenance release.

What’s added/changed in this version?

This release fixes over 40 reported issues causing incorrect functionality of MyBB. Please be aware that to be able to provide easy to manage updates not all issues have been fixed in this version.

Please view the 1.6.8 changes in the wiki for more information about the changes in this version.

Standards Update

About half of the files that have changed in this version have been updated to match MyBB Development Standards. A full list of actual changed files (files with bug fixes) and standards changes are available from the Wiki.

These standards include removing whitespace at the end of files and ensuring they are encoded properly.

Upgrading from 1.6.7 and Other Versions

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 4 language files (with 23 having standard updates). 2 templates have been changed.

If you’re using MyBB 1.6.7

If you’re using MyBB 1.6.6 or lower

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

Thanks,

MyBB Team

MyBB 1.8 Tour: Introduction

Posted on by

On April 1st we announced a 1.6.7 Update which updated both MyBB and the Merge System. If you haven’t seen this or not upgraded yet please make sure you read the MyBB and Merge System 1.6.7 Release blog post. We also announced our plans for MyBB 1.8; it was no April Fool.

Back in 2010, just under 2 years ago, we released MyBB 1.6 which introduced over 40 new features – some more at home in commercial software. As MyBB’s popularity continues to grow, the rise of social networks, rival software and the greater expectations of users old and new gives us some of the hardest challenges we’ve faced; to stay on top, to deliver a brilliant product and provide it to you for free.

With our development roadmap for MyBB 2.0 getting underway soon, we quickly felt the need to bridge the large gap that would have been 1.6 to 2.0. We wanted to create something that would provide a legacy to users of the 1.x series – the best of the best – and there was only one way we could get that to our users; MyBB 1.8.

What You Can Expect From 1.8

Whereas 1.2, 1.4 and 1.6 delivered over 100 new features 1.8 aims to be more of a subtle upgrade, a facelift and a move to more open source development so that others too can help create the best free forum software. We’ll of course be providing the usual bug fixes and working with large forum owners to see if we can help further improve performance and stability. MyBB 1.8 is a perfect chance for us to provide changes that we couldn’t typically do within our maintenance cycles.

A New Look

When we announced our new logo and mascot, Bolt, the Team soon realised that we didn’t want to wait until 2.0 was released to use them. The 1.6 default theme made these look out of place in its dated design (which was last updated in 2008) so we needed something more up to date. Justin, our lead designer, who created the Apart theme series (from which many MyBB communities either use or have customised the look for themselves) has worked on developing the series for the new 1.8 default theme. We worked together to figure out a method for enabling the Apart colours to be included by default but without the need for including 14 separate themes before the administrator even opened their forum. This method is what we call attachable base colours.

The new default theme for MyBB 1.8

These changes to the theme system allow you to create colours to which you can attach stylesheets (just like you can attach stylesheets to pages). You can also set a display order for all your stylesheets so that they can override styles. Together, the changes mean you can add a theme with as many custom colours as you want. Using the parent/child theme structure that already exists in 1.x you can restrict or allow certain usergroups to use these colours and, as they inherit the main stylesheets, they’re very easy to manage. So, there is no longer the need to install a dozen different themes just for a different colour header.

A New Look Admin Control Panel (ACP)

Along with the new default theme there needs to be a new look Admin Control Panel (ACP). Our ACP is regarded as one of the easiest to use; it’s friendly and we didn’t want to change it much. Instead, we gave it a similar Apart makeover to our front-end.

Screenshot of the MyBB 1.8 ACP

Please note that along with the default theme the look may change as development continues.

Powered by jQuery

While 1.8 won’t be able to make your cocoa or project your forum’s logo onto the moon, much to our disappointment, we really weren’t pulling a prank on this one; MyBB 1.8 will be powered by jQuery. The lighter and more powerful JavaScript library should be able to extend what both Theme Artists and Plugin Developers are able to do without causing conflicts or heavy loading pages. Both front-end and back-end will use the library. This change is probably the most destructive for themes and plugins in the 1.8 upgrade and we’ll be providing support throughout its beta period ready for a main release. In total, including the changes to the default theme, about 20 templates require updating from 1.6.

Along with jQuery comes a change in post editor. Although I’ve had my eye on an ‘off the shelf’ editor for quite some time we’ve yet to make a decision on whether we write our own or not; we’ll be covering that in a future tour. However, please don’t suggest which editor to use as our aim is to make it interchangeable so you can use your favourite one.

Trash Can

One of the most requested features for MyBB is a trash can – or as I prefer, the ability to recover deleted posts. In 1.8, you’ll be able to decide if a user’s deleted post is obliterated forever or is recoverable via the Mod CP. Global and usergroup permissions will allow this to be controlled across your users.

Spam Improvements

For those of you waiting for Spam Ninja I’m very sorry to disappoint as I did promise it to you last year. As soon as 1.8 was decided, I stopped developing it as a plugin and started integrating relevant parts into the core instead. We’ll be looking to improve spam prevention and detection in 1.8 which we’ll cover in a future tour.

Upgrading to 1.8

Upgrading to 1.8 will be similar to upgrading from 1.4 to 1.6; many plugins will only need to change their compatibility line and will only need some major changes if they use Prototype JavaScript, use login functions or make large theme changes. Throughout the beta period, we’ll be upgrading the Wiki with new information and providing support to plugin developers to help them with their new plugins.

Github

The Team has been trying to plan a move away from our current SVN setup to the popular social coding site Github for some time. We’ve come up against problems but feel confident that now is the time to open up our development to people outside of the MyBB Team. Github can be an extremely powerful tool for development and it is something we’re eager to do – we have been working on 1.8 in secret in one of our repositories there which will be made available after our first beta release.

We’ve gone outside of our usual box with 1.8 in that we’re actually telling you what we’re doing and what we’re planning even though none of this is public. We’re aiming to provide a beta of 1.8 in May so please be patient while we’re polishing our development and removing all the takeaways and soft drink cans.

Wrap

With MyBB 1.8, our aim is to fully complete the series with features and improvements that make us a better rival not only to our free forum software friends but also to commercial community software too. We want to make it more friendly, faster and go further than any of our products have been before. Everyone here at MyBB is looking forward to 1.8 and hope you are too!

See you at the next tour!

Tomm

MyBB 1.6.7 Release, Merge 1.6.7 & MyBB 1.8 Development

Posted on by

MyBB 1.6.7 – Security, Maintenance and Feature Release

MyBB 1.6.7 is now available from the MyBB website and is a security, maintenance and feature update.

In 1.6.7 there are 5 new feature updates and over 70 reported issues fixed. Please be aware that to be able to provide easy to manage updates not all issues have been fixed in this version.

1.6.7 fixes 5 low-risk security vulnerabilities.

  • SQL injection vulnerability within the Admin Control Panel (ACP) in user search (reported by Nathan Malcolm, MyBB SQA Team)
  • SQL injection vulnerability within the ACP in Mail Log (reported by Nathan Malcolm, MyBB SQA Team)
  • SQL injection vulnerability within the ACP in User Inline Moderation (reported by Jammerx2, MyBB Developer)
  • XSS within the ACP where an orphaned attachment has a malformed filename (reported by Nathan Malcolm, MyBB SQA Team)
  • Full Path Disclosure if malformed forumread cookie is used

ACP vulnerabilities require Administrator permissions and so considered low-risk. We recommend planning your upgrade as quickly as possible to ensure your forum is as secure as it can be.

New features included in 1.6.7 update include the ability to login with a username, an email or both. For more information about new features, please see the Wiki on 1.6.7.

View 1.6.7 Changes in the Wiki

Upgrading from 1.6.6 and Other Versions

Before performing any upgrade, please remember to backup your forum’s files and database and store them safely. If you have edited core files, including languages files, please make sure you make a change log for these changes so you can make them again once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is required. There are also language and theme changes.

If you’re using MyBB 1.6.6

 

If you’re not using MyBB 1.6.6

 

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

MyBB Merge System 1.6.7

MyBB Merge System 1.6.7 is now available on the MyBB website and is a maintenance update to the MyBB Merge 1.6 series.

This release is to ensure that all users of MyBB Merge 1.6 have the latest fixes.

This release fixes several reported issues since the release of 1.6.3, which caused some incorrect functionality of the Merge System. These bugs have been fixed to provide a more stable version of the Merge System for public use.

What’s new in this version?

  • 3 bug fixes (view all)
  • Version jump to 1.6.7 from 1.6.3 to match the current MyBB Version. From now on we’ll do our best to keep these in sync.

This includes some critical fixes for phpBB that caused infinite loops.

MyBB Mascot Update


We recently held our MyBB Mascot Naming Contest.   Many community members proposed names and after a week a poll with the top names was put up.  After another week of voting, the name “Bolt”, after MyBB founder Chris Boulton, was chosen.  Proposed by Mebes Net, we of the MyBB Team feels this name conveys the strength and speed of MyBB very effectively.

We are proud to present to you the MyBB Mascot, Bolt!

MyBB 1.8 – The Bridge to 2.0

Everyone here at MyBB are proud to announce the impending arrival of our next major feature release – MyBB 1.8.

Over the last 2 months we’ve been developing in secret at our Github lair, plotting to once again attempt to take over the forum world with our evil plans and awesome free software and to celebrate the 10th anniversary of DevBB – our supreme overlord predecessor.

1.8 isn’t as big of an overhaul as 1.2, 1.4 or 1.6 upgrades which introduced more than 100 features; this is more of a facelift. We took Justin, our lead designer, and locked him in a room with nothing but bacon and water until he came up with a new default theme which is taken from one of (if not the) most popular theme collections used by MyBB communities across the world; his Apart series. That’s not all – we developed attachable base colours to themes so that creating (and using) multi-coloured themes no longer involve adding 14 separate styles. You add just one. A new default theme for your Admin Control Panel (ACP) is available too.

For more than half of MyBB’s rule of the forum world, our JavaScript has been powered by Prototype. It was a popular library when we started using it but it has fallen behind a more powerful (and popular) rival and so we’ve consigned it to MyBB history; MyBB 1.8 is powered by jQuery.

Two of the most requested features for MyBB will also be heading to 1.8. With our switch to jQuery, along comes a new post editor (yet to be decided) and a Trash Can – or more the ability to recover deleted posts via the Mod CP.

Along with the regular bug fixes and a host of other planned improvements, such as an APC cache handler, being able to make a cup of hot cocoa, separating the plugin list to active/inactive, making some functions a bit easier to use and projecting your forum’s logo onto the face of the Moon, we’ll be working with MyBB gurus to improve performance, plugin integrations and we’re looking into making the authentication to 3rd party software much easier too with a dedicated login datahandler. It doesn’t have to be just gurus though; we’ll be opening up 1.8 to everyone on Github so that they too can fork, improve, update and become one with the MyBB Team.

We’re all very excited about this release and hope you are too! More information will be coming soon but in the mean time please feel free to suggest more improvements in our Suggestions and Feedback Forum!

Thanks,

MyBB Team

Learn and Network at ForumCon in San Francisco June 12th!

Posted on by

We don’t come across many events that are tailored exclusively to the forum industry, however we are pleased to announce our involvement with ForumCon.  ForumCon is an annual event was launched just a few years ago with the goal of bringing together the industry’s leading forum owners and experts to discuss growth, management, and monetization strategies for forums.

This years I’m pleased to announce that MyBB will be among a select group of media partners who will have a presence at the show.  We are hoping to have at least two team members attending, and we may have a couple of tickets to give away to lucky members of the community.

Key Details
ForumCon SF will take place on June 12th at the Hotel Kabuki in the heart of downtown San Francisco. The event will kick off at 9am and conclude with a cocktail hour for networking / conversation at a restaurant / lounge nearby.

More information on location as well as how to get tickets can be found here.

Key Sessions

  • Kris Jones, author of SEO: Your visual blueprint for effective internet marketing will show you how to better leverage Google Search, Mobile, News, +, to generate more traffic to your forum.
  • Tyler Tanaka of PostRelease will share best practices for content curation & creation that will wow your community members and keep them coming back.
  • Steve Dodd of Boardreader will lead a panel of social media experts, and forum owners that have successfully leveraged social media, to discuss ways forum owners can successfully leverage Facebook, Twitter, and other social media sites to drive traffic to their sites (rather than away from).
  • A panel of monetization experts (representing all types of forum monetization options — images, banner ads, content, link insertion, data, video) will answer all your questions on how to EARN MORE from your forum.
  • And much more, to be shared within this thread as the information become available.

Jack Bafia, ForumCon co-founder and Chief Monetization Officer of VigLink, shares why he started ForumCon in the short video below.

Thank you,
MyBB Team

Google Translation Plugins

Posted on by

A warning to anyone using any of the various Google Translation Plugins. They will no longer work. Google has disabled the Translation API v1 due to abuse. Someone may write new ones using the new v2 API, however that is a paid service.

You can read more about it here:
http://code.google.com/apis/language/translate/overview.html

I’ve gone ahead and disabled all of the mods on our mods site that are using the v1 API (That I know of anyways), so anything on the mods site should be using v2. If you find one I missed, please respond in this thread with which ones, and a Staff member will take care of it.

Thank you,
MyBB Team

MyBB Merge System 1.6.3

Posted on by

MyBB Merge System 1.6.3 is now available on the MyBB website and is a maintenance update to the MyBB Merge 1.6 series.

This release is to ensure that all users of MyBB Merge 1.6 have the latest fixes.

This release fixes several reported issues since the release of 1.6.2, which caused some incorrect functionality of the Merge System. These bugs have been fixed to provide a more stable version of the Merge System for public use.

What’s fixed in this version?

This includes some critical fixes for things that will cause the system to catastrophically fail.
NOTE: After this release the merge system will jump to match MyBB’s version. So when MyBB 1.6.7 is released, MyBB Merge System 1.6.7 will be released with it. We’re going to try very hard to use that scheme from now on.

As always, you can send through security related messages on the MyBB website from the Contact Us page.

Thank you,
MyBB Team

Problems with the 1.6.6 release package

Posted on by

A few days ago we released version 1.6.6, unfortunately we have since realized that the version released was a newer SVN revision than intended, and as a result contains some development code that may compromise the stability of your board.

Please note that this is not a security issue, and we are not aware of any security implications arising from the release.

The issue was rectified shortly after the release and only the main release was affected, not the changed files package.

We advise anyone who used the full release package within the first 24 hours of its release to run the file verification tool in their admin control panel (Tools & Maintenance > File Verification). If any files show differences which are not manual file modifications they should be replaced with files from the current version of the release package.

Thank you,
MyBB Team

MyBB 1.6.6 Security Release

Posted on by

MyBB 1.6.6 is now available from the MyBB website and is a security release for the 1.6 series.

What’s added/changed in this version?

In 1.6.6, 1 major issue and 14 low risk vulnerabilities have been fixed. Only the issues listed below are fixed; a further maintenance release will be available with general fixes to functionality in the near future.

  • Vulnerabilities:
    • Non Critical: Import a non-CSS stylesheet (Theme)
    • Low Risk: CSRF vulnerability on Admin CP logout (Issue #1769)
    • Low Risk: CSRF vulnerability when clearing a stored password (Issue #1824)
    • Low Risk: CSRF vulnerability when removing a buddy (Issue #1825)
    • Low Risk: CSRF vulnerability with Admin CP join requests (Issue #1834)
    • Low Risk: CSRF vulnerability in Group Promotions Enable/Disable
    • Low Risk: CSRF vulnerability in ACP Edit User (Avatar)
    • Low Risk: CSRF vulnerability with activating a user
    • Low Risk: XSS vulnerability when moving an event (Calendar)
    • Low Risk: XSS vulnerabilities in Akismet plugin
    • Low Risk: XSS vulnerabilities in Forum Subscriptions (User CP)
    • Low Risk: XSS vulnerability in Moderator Logs
    • Low Risk: XSS vulnerability in Edit Post
    • Low Risk: XSS vulnerability when editing Announcements

    Thanks to SQA Team Member Nathan Malcolm for finding all of these!

  • Vanishing Announcements in 1.6.5 (Issue #1781, #1785) – with thanks to Paul H and Vini Holden.

For more information on these vulnerabilities, please view the 1.6.6 Changes in the Wiki.

Upgrading from 1.6.5 and Other Versions

Before performing any upgrade, please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 1 language file. There is 1 change to themes. Please view the 1.6.6 Changes in the Wiki for more information about these changes.

If you’re using MyBB 1.6.5

If you’re not using MyBB 1.6.5

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

Thank you,
MyBB Team

MyBB Rebranding: New Logo and Mascot

Posted on by

Early last year, we announced the development of an official mascot which would be used in a variety ways to promote MyBB and its official merchandise. After countless hours of hard work, we’re proud to unveil our lustrous new mascot.

MyBB Mascot

During the planning stages, the MyBB team heavily debated on what would best represent MyBB. After numerous ideas, we finally decided on an astronaut, because we feel it best demonstrates the following attributes of our forum software: strength, power, friendliness and dominance.

However, the astronaut is currently unnamed; but you can help change that. We will be announcing a naming competition soon, so stay tuned for the details.

MyBB Logo

Is it a bird? Is it a pig? No! It’s the MyBB logo! It’s great that our users always find new ways of describing our speech bubbles logo but it’s getting quite old and the team decided, along with our new mascot, we needed a new logo too.

We’ll be using the new mascot and logo across MyBB when we launch 2.0, but we just couldn’t wait to introduce them to you!

Lastly, none of this would have been possible without the talented work of Mike Creuzer (if you’re interested in his services you can find him over at Audentio Design). We’ve been extremely honored to work along side him the past few months to bring you these new and exciting assets to MyBB.

MyBB 1.6.5 Released – Feature Update, Security & Maintenance Release

Posted on by

MyBB 1.6.5 is now available from the MyBB website and is a feature update, security and maintenance release for the 1.6 series.

What’s added/changed in this version?

In 1.6.5, there are 3 vulnerabilities and over 70 reported issues fixed. Please be aware that not all of the existing problems have been fixed in this version.

  • Vulnerabilities:
    • Non Critical: Unparsed user avatar in the buddy list – reported by labrocca
    • Non Critical: Potential XSS vulnerability validating usernames via AJAX – reported by Will G
    • Low Risk: CSRF vulnerability in ?language – reported by Nathan Malcolm (Issue #1729)

    Thanks to everyone who helped find and resolve the issues!

  • Fixed issues in 1.6.5
  • Unfixed issues

There are also over 10 new feature updates in 1.6.5. These range from the ability to locate spam users from the ACP to reCAPTCHA support. To get a summary of these new updates and for a list of changed files and language pack changes, please see the Wiki on 1.6.5.

View 1.6.5 Changes in the Wiki

Upgrading from 1.6.4 and Other Versions

Before performing any upgrade, please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again once the upgrade is complete.

If you have any plugins installed that limit signatures or provide reCAPTCHA, or might not be needed because of the new default settings available, it’s suggested to uninstall these before the upgrade. If you’re unsure, create a thread in the General Support section of the Community Forum with your plugin list and a useful member will be able to tell you the plugins that need to be disabled.

To upgrade, follow the Upgrading process. The upgrade script is required. There are also language and theme changes.

If you’re using MyBB 1.6.4

If you’re not using MyBB 1.6.4

Plugin System Changes

In 1.6.5, there are some fundamental changes to the Plugin System. These changes were made to provide greater support for PHP 5.3 and above.

These changes mean that you may need to upgrade some of the plugins you are running on your forum before upgrading to 1.6.5. If you are a Plugin Developer, you need to check your plugins to see if you are required to change them so they work with the new version.

Please see the 1.6.5 Plugin System Changes Wiki for an explanation of the changes. There is also the Plugin Changes coming in 1.6.5 thread on the Community Forums.

MyBB Merge System 1.6.2 Update

For those users who have been using Merge System 1.6.1 and earlier, there is a new update ready for you.

You can read more about it in the 1.6.2 Update Blog Post.

In the near future, the Merge System will be following the main branch of MyBB – for example, if you’re using MyBB 1.6.8 you’ll need Merge System 1.6.8. This will mean that the Merge System will jump several minor points. These changes have yet to come into effect, so please continue to use Merge System 1.6.2. We’ll announce further details nearer the time of the changes.

MyBB 1.6.4 Vulnerability

In October, we found that a 3rd party had compromised the MyBB server and the 1.6.4 release was modified to contain a hidden vulnerability. If you’re current using 1.6.4 and have had no prior knowledge of this, then we urge you to upgrade to 1.6.5 as soon as possible.

As a result of the compromise to our systems we will be hosting our download packages on github, we will continue to do this until we are confident our systems here are just as secure as what github can offer.

Here are the MD5 checksums for the release packages:

mybb_1605.zip: 032403cee9d25110370ace935803ab9d

1605_changedfiles.zip: 91e6055b758c0aa233503a2a7528a7b0

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page.

Thank you,
MyBB Team