Reporting Bugs and Issues and New Development Changes

Posted on by

As we move closer to the first beta release of MyBB 1.8 the MyBB Team have been hard at work streamlining some of our behind-the-scenes services and workflows.

Changes to Development

A while ago we mentioned moving to a GitFlow workflow over at our GitHub repository. If you’re interested in helping us develop everyone’s favourite forum software take a look at our new Development Workflow and how you can get involved.

MyBB 1.6.x will now start using this workflow. MyBB 1.8.x will start using this when it reaches its first beta phase.

Timed Releases

With our new workflow the master branch in our repository should always be production ready. While only the latest release, available from MyBB.com, is supported on our support forums this allows us to provide set dates for bug fixes and maintenance releases.

You should see new MyBB releases every two months from January 2014 regardless of how many issues are resolved. So you can expect 1.6.13 in March ‘14, 1.6.14 in May ’14 and so on. There is no limit to how many versions we’ll have in the 1.6.x series until its EOL date.

Security releases remain unaffected and patches/releases are created whenever high risk vulnerabilities are reported and fixed.

Reporting Bugs and Issues in MyBB 1.x

One of the last remaining legacies of MyBB’s development cycles, Redmine, is now officially retired and no new members or issues can be created.

Instead, you can now report bugs and issues you find in MyBB in two ways: via the Community Forums (in the 1.6 Bugs & Issues forum or the 1.8 Bugs & Issues forum) or directly at GitHub.

In the near future we’ll be moving all existing open issues to GitHub and archiving Redmine. At the moment existing users there can still comment and act on issues.

Becoming a Contributor

The MyBB Team will also be moving development discussions about the core into the open development sections on our Community Forums. To be able to start new threads and reply to these discussions you need to join our new Contributor group.

More details can be found in the Joining the Contributor Group thread.

Moving 1.8 to Beta

Finally, we’re almost there. After almost 2 long years the MyBB Team have been busy finishing up the last remaining roadmap items for the first beta phase of MyBB 1.8.

Even at this exciting (and long overdue) stage there are still many tasks left to complete before you should be using 1.8 on your live forum.

Why not download a copy of MyBB 1.7 today and give it a test drive on your localhost – and let us know what you think!

MyBB 1.6.12 Released – Security & Maintenance Release

Posted on by

MyBB 1.6.12 is now available from the MyBB website and is a security and maintenance release.

What’s added/changed in this version?

This release fixes 4 vulnerabilities and 10 reported issues causing incorrect functionality of MyBB. Please be aware that to be able to provide easy to manage updates not all issues have been fixed in this version.

  • Vulnerabilities:
    • Medium Risk: A SQL vulnerability when editing smilies in ACP – reported by ChALkeR
    • Medium Risk: A SQL vulnerability when deleting posts with Akismet in ACP – reported by ChALkeR
    • Medium Risk: A XSS vulnerability in video MyCode – reported by ChALkeR
    • Low Risk: A XSS vulnerability in smilie popup – reported by Spenzert
  • Bugs fixed:

Information on upgrading, template changes and language changes can be found on the Docs site.

Please note, that you do not need to run the upgrade script for this version.
There are no database schema changes in this version.

Upgrading from 1.6.11 and Other Versions

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is not required. There are changes to 2 language files. No templates have been changed or added.

If you’re using MyBB 1.6.11

If you’re using MyBB 1.6.10 or lower

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

Thanks,

MyBB Team

MyBB & Team Update

Posted on by

Every so often developments, changes, discussions and events occur that make even the most resilient users, team members and followers lose interest in our project. We, as a group, can only apologise for the miscommunication and missed chances to set things right.

We realise that with every step you take we need to be right beside you and not in the shadows pulling the strings. We need to learn from how you use our software, embrace the unique customisation of your forum and make it as easy as possible for you to see what we’re planning – and how you can help us accomplish that.

We understand that we need to be more open; this week, we’re taking the first steps to do that.

Team Changes

  • There will be one ‘MyBB Team’ usergroup to which all team members will belong to.
    This change is mainly for our internal processes only as there are a number of shared tasks and responsibilities across the group. Each member still belongs to a sub-group, such as Support or SQA, to which they’ll focus the bulk of their time. The member’s team will be visible by their usergroup badge and not username colour.
  • There will be no application process or job vacancies for team member positions.
    Being more open will allow users and followers to discuss changes, make commits and write documentation without being a member of the team. We encourage anyone and everyone to help in all aspects of the project and, if they accept, can be invited to join the team for a more permanent group position and a pretty usergroup badge.
  • Members of the MyBB Team should be considered core workers who regularly contribute to the project.
    With open development forums we’ll be relying more on user contributions and interactions to move the project forward. The team will be there to help and guide you through the hoops whether you’re a beginner or an expert.

Forum Changes

  • We’re reorganising Support forums to help provide the quickest service possible.
    A new Installation and Upgrade Support forum is being created to help users who are struggling to get their forum going. General Support, Security Management and Support, Merge System Support and International Support will also be a part of this category.
  • We’re moving International Support to 3rd party sites for users to get help in their native language.
    MyBB has a large non-English following and we struggle to support these users. By providing easy access to the best support forum in their native language they’ll benefit from their local community. International Support will be closed to posting and have only one thread per language – which will include language pack addons for the language and a list of support forums available.
  • We’re making an official repository for language packs.
    The mybb-translations repository on GitHub will hold all official language pack addons for MyBB and we hope translators will move to this model. They’ll be able to get support from other members of their community to help translate MyBB into their language. Greater communication with translators will help have packs ready for new releases.
  • We’re centralising the Resources forums to provide a one-stop place for modifications.
    The Resources section on our forum will change to include Plugins, Themes, Translations, Third Party Integrations, MyCodes and Tutorials. Sub-forums in these categories will provide Releases, Support, Development and Requests threads.
  • We’re removing the Requests/Services/Jobs forum.
    This area has been a near constant thorn for team members and moderation and, by redirecting users to the Resources forums (for plugins/themes/logos) or Web Development forum (for domains and general help), we’ll have more time to concentrate on our project.
  • Being a part of the MyBB Team is a privilege, not a hindrance.

    While we actively promote user contributions we expect all members of the community to rightfully respect team members, who are dedicating their time to help.

    Personal attacks, trolling and disrespect is not acceptable anywhere; whether on a forum or workplace; and it will not be tolerated. Past history and rules have cultured a group whose sole intention is to disrupt, disengage and challenge and this has to change.

    We feel those who are responsible for this change know who they are. We want the MyBB community to be friendly, mature, creative and open. If users of the community can’t do this new forum permissions can restrict them from certain areas and, ultimately, a permanent ban will be issued.

    No users, regardless of length of membership, status in the community or reputation, are immune to this.

Development

  • There will be new development forums for MyBB 1.6, MyBB 1.8 and MyBB 2.0. These include Discussion, Bugs and Issues, and Suggestions and Feedback.
  • While these will be available for everyone only members of the new Contributors group will be able to post in the Discussion forum. This usergroup can be joined via your User CP and is exclusively for people who contribute to the project (via making resources, tutorials, guides etc. or interacting on GitHub).
  • We’ll be turning off new issues on Redmine, our development site, and moving bug reporting to the forums. Once confirmed these bugs will be reported automatically on GitHub by a team member. While we would prefer users to follow this to be able to discuss bugs and reproduction, we won’t reject issues posted directly on GitHub if you prefer that method.
  • We’ll be moving to a GitFlow workflow for our main repository.
  • We’ll be running scheduled releases so that you can expect regular updates for your forum (this won’t affect security releases).

Summary

These changes are all about cleaning up, refreshing and changing the way the MyBB project works to focus on our primary aim – to make great forum software – and for others to help us do that.

We’ll be making most of these changes this Friday, 1st November. Development changes will happen at a later date and more information will be available soon.

Q&A

The prospect of a Q&A has been openly suggested quite a few times and I’m pleased to say that, alongside these changes, several team members and I will be available this weekend to take your questions. Look out for a thread in the Community and on Twitter for more details of this.

We hope to see you there!

MyBB Team

Interview with Shemo

Posted on by

Hello MyBB fans!

It’s time for our next forum showcase, and this time we have Shemo’s forum, ShaveNook.  A forum concentrated on a very unique and small niche, “Traditional Wet Shaving”, it surprises some when they see the post count at nearly 300,000.

Some screenshots of unique parts of ShaveNook are below.  The community, like brad-t’s previously featured Harajuju, also uses the XThreads plugin, specifically RateU’s Product Review mod.

This slideshow requires JavaScript.

How did you first get involved in forums?

I first got involved in forums when I used to game a lot and ran a gaming clan with a few friends. Seeing the need to stay informed about game practices, matches and other clan related information, the best medium to accomplish this was to establish a forum so that threads and posts could be posted whenever, without having to worry about people missing out on any information because they weren’t around when things were being discussed.

How did you find MyBB?

I found mybb through a friend.

When I originally started my gaming clan and then set up the discussion forum, I installed phpbb. After wanting to extend the features of phpbb and realizing how daunting of a task it had become, I was ranting to a friend of mine who worked in IT.

My friend had mentioned that he had used mybb and that it had a much simpler template and plugin system than phpbb, which made it a snap to add a new look and add functionality to the forum. After checking out mybb, I gave him a few bucks and he converted my forum from phpbb to mybb.

The rest is history after that. Every single forum I’ve ever ran and/or had a hand in establishing and setting up has ran mybb.

Well, we’re glad you found us! Moving onto your current forum, how did ShaveNook come about? It’s obviously a very unique niche. (Note: Shemo relayed the question to his team and the following reply is from “bullgoose” on ShaveNook. Teiste is the second admin, and Andrew is Shemo.)

bullgoose: The start of the Shave Nook dates back to Simply Shaving. I was an administrator on Simply Shaving and many of the mods here were also moderators at Simply Shaving. Late last summer, Teiste approached me about updating the software of simply shaving. Unfortunately, we could not facilitate an upgrade on the site. In February, Teiste and I decided to form the Shave Nook and we formally launched the site in late February of this year. I want to say the official opening was February 25th. We wanted to retain the spirit of Simply Shaving while being more up-to-date in terms of forum software. Teiste brought Andrew on board a couple of days after our launch and he has been our IT guy. I am really proud of the team of moderators and administrators that we assembled…they have done a bang-up job!

What is wet shaving even?  What makes it great compared to other forms of shaving, and how is it gaining popularity?

Wet shaving offers the shaver choices that are simply not available to the modern multiblade cartridge razor and canned foam user. The wet shaving choices of razors, blades, shaving soaps and shaving creams are considerably more than that of the modern counterparts mentioned above. For example, using a Gillette Fusion or a Schick Hydro 5 will both feel the same and give the same type of shave. Except for scent, using a canned foam or gel will be pretty much identical across brands.

With more traditional wet shaving, the products used can make a distinct difference in the resulting shave. For example, a double edge (DE) razor may shave differently depending on the DE blade that is inserted into it. Also, different DE razors can offer different types of shaves. One razor might give a mild shave while another a more aggressive shave.

Then, there are the types of razors and the techniques needed to use each. A straight razor (sometimes known as a cut throat) uses a completely different technique than a single edge (SE) razor and a single edge razor can use a different shaving style than a double edge razor. There are no “pivoting heads” on these to do the work for the shaver. The interesting part about the different razors is that some are antiques in excess of one hundred years in age and some are being produced today so the choices are many and varied.

The shaving soaps and creams come in a much wider assortment than the canned foam or gel one typically sees in places like drugstores or supermarkets. Once again, like the razors and blades, different products offer differing characteristics. There are creams which are generally soft and usually very easy to lather, soaps which are hard and take a certain technique to lather, and so called croaps (cream+soap) which are not as soft as creams nor as hard as soaps. Each has its fans and detractors and it is simply personal preference that determines which will be used. Many like all three types and just use whatever one might be in the mood for on any given day.

The choice of scents of the various creams, soaps, and croaps is vastly superior to the supermarket foams and gels. While artificial scents can be and are used, many contain true essential oils so lavender, rose, or other such scented soaps and creams will smell exactly like that with no artificial scents detected. There are also some very intriguing scents produced by artisan soap makers that at first thought may not seem to make sense but work quite nicely.

To go along with these various soaps, creams, and croaps one needs a brush. Once again, the choices are many, from the material of the handle and the hair used in the brush knot to the style of both the handle and the knot. There is no right or wrong brush but simply user preference.

Admittedly, most of these wet shaving accoutrements will have to be purchased on line unless one lives in a large city such as New York or Chicago where bricks and mortar stores can be found that sell many of these supplies. However, if there is not a physical store nearby, internet stores are plentiful and usually offer reasonable shipping costs.

While all of this may sound a bit complicated, a web site dedicated to wet shaving, such as The Shave Nook has members who are always happy to offer advice to those just starting out on this wonderful journey. Free to join, the wealth of information on these sites makes it easy to get started and to learn about new ideas, techniques, and products.

Did you ever think the forum would reach the size that it did?

No. We knew that wet shavers were a dedicated bunch, but to have 300K+ posts in just over a year with less than 3,000 users registered is pretty remarkable. I believe it goes to show that if you listen to your audience and are welcoming, the community will keep coming back and invite friends.

If you could add one thing to MyBB, what would it be?

One thing I’d add to mybb is a mobile theme. In 2013, almost everyone visits websites from some sort of mobile device, whether it be their cell phone or a tablet. Having something that scales down to mobile viewing size and strips away some of its functionality to make it more mobile friendly would be nice.

What do you like about MyBB that puts it above other forum software?

The biggest thing I like about mybb is the fact that it’s free and open source. Something else I like about the product is that it’s easy to install and activate new plugins and themes.

Any advice that you would like to give to anyone aspiring to create a community with MyBB?

If you put in the work that it takes to run, manage and foster a newly built community, it’ll eventually pay off. At The Shave Nook, we try to keep the environment friendly and relaxed. If there happens to be a problem that arises, we try to nip it in the bud to prevent it from growing into a bigger problem.

 

 

The MyBB team thanks Shemo for his and his team’s time for this interview!  Stop by ShaveNook and take a peek a very unique and special community!

MyBB 1.6.11 Released – Security & Maintenance Release

Posted on by

MyBB 1.6.11 is now available from the MyBB website and is a security and maintenance release.

Important Security Patches

It was reported to us by Philly that a user was able to register on his forum with three ’emoji’ characters which led to the user becoming “unregistered”. After looking in to this issue we discovered it was more complex than originally thought.

The technical explanation is MySQL’s UTF8 implementation only supports up to 3 bytes per character. When someone tries to insert a string containing a 4 byte utf8 character in to the database, MySQL truncates the string immediately before the 4 byte character. Not only does this affect security, it affects the user’s experience as half their post or private message could be lost without them knowing why.

The vulnerability was exploited by a user registering on a forum with a username consisting of only 4 byte UTF8 characters. As I explained before, MySQL truncates the string before the first occurrence of a 4 byte UTF8 character which led to the username column becoming empty. When someone sent a PM it would be automatically sent to the nameless user and they would be able to read it.

This security issue affects MySQL databases with a utf8_general_ci collation (This may also affect utf8_unicode_ci collations too). If you’re using a SQLite or PostgreSQL database you’re not affected by this.

What’s added/changed in this version?

This release fixes 5 vulnerabilities and over 65 reported issues causing incorrect functionality of MyBB. Please be aware that to be able to provide easy to manage updates not all issues have been fixed in this version.

  • Vulnerabilities:
    • High Risk: Authorization bypass vulnerability within the PM system – reported by Philly
    • Medium Risk: Accounts without login keys could be hijacked – reported by StefanT
    • Low Risk: Weakness within the generate_post_check() function – reported by Nathan Malcolm
    • Low Risk: Anonymous statistics may not always be anonymous – reported by Nathan Malcolm
    • Low Risk: Database backups are exposed in logs – reported by Nathan Malcolm
  • Fixed issues in 1.6.11
  • Unfixed issues

Please view the 1.6.11 changes on the Docs site for more information about the changes in this version.

Upgrading from 1.6.10 and Other Versions

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 4 language files. 5 templates have been changed or added.

If you’re using MyBB 1.6.10

If you’re using MyBB 1.6.9 or lower

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

Thanks,

MyBB Team

Interview with Brad T.

Posted on by

MyBB would like to kick off our first social media showcase with Harajuju, the Japanese Fashion forum!

Harajuju is one of the more interesting MyBB projects, because of the extensive ways it has been customized such as the excellent usage of the XThreads system and the wonderful theme. Some of the features and looks of Harajuju can be seen below:

This slideshow requires JavaScript.

We wanted to talk to brad-t – the prolific MyBB community manager and UX expert who previously worked on the World Beyblade Organization, about how he uses MyBB and what makes his ethos unique.

How did you first get involved in forums?

I’ve been running my own websites since I was about 12 years old, when I started an online RPG on GeoCities. I got really interested in Beyblade around 13 years old, and I started looking for forums to join and discuss it.

None of them were any good. So I decided to start my own – Off the Chain, which ran phpBB2. I ran that site from 2003 until 2005, when I closed it due to a lack of interest.

A few years went by, and I was wondering how my old Beyblade friends were doing … there weren’t any communities for Beyblade around anymore, so I decided to start again. I created Beywiki – the Beyblade encyclopedia – in 2007 in order to bring everyone back together. I chose MyBB for this project, though I sadly can’t remember how I discovered it. Shortly after that, it was announced Beyblade would resume production again, and we transitioned to become the World Beyblade Organization. After a few years I was offered a job at a toy company and resigned due to a conflict of interest, but those guys are still going strong.

I decided I wanted to start a community about Japanese fashion in 2010, and chose MyBB because I was familiar with it and knew that I could customize it a lot. And well, here we are now.

Given the excellent design of Harajuju, your Japanese fashion forum, do you have any background in web design?

I don’t. I’m entirely self taught. It’s just something I’ve developed from running many websites, I guess. I’m a hobbyist at best; I think I can give valuable design feedback, but I’m under no impression that I’m a professional. I have a big interest in UI and UX and have done a small amount of real work in those areas.

What sites do you visit daily? Do you subscribe to any web development/design type blogs?

I find reading about app design interesting, and I think there’s a lot of lessons that can be taken and adapted for web design. Some tech blogs I read include: Daring Fireball, Marco.org, LittleBigDetails, iOS.tumblr.com.

What do you like about MyBB that puts it above other forum software?

Its extensibility. It’s very easy to bend MyBB to your will, so to speak. There are some MyBB plugins that are completely indispensable to me, such as xThreads and Template Conditionals. I’m not sure that I would’ve been able to accomplish things like Haralooks and the Brand Directory with another forum software … at the least, it would’ve been much more work.

If you could add one thing to MyBB, what would it be?

There are a lot of things, frankly. If I had to pick one thing, it would be a revamped conversations feature similar to Facebook’s. Threaded messaging is not optional anymore. I’m hopeful that we’ll see a plugin to add this functionality in the near future, but I had sincerely hoped to see it in 1.8. C’est la vie.

What do you think the next big trend in forums will be?

It’s hard to say. Forums themselves are definitely on the decline in terms of both relevance and popularity as conversations shift to giant platforms like Facebook. If they want to regain any foothold outside of techy niches, they need to become simpler. They need to shed extraneous features and checkboxes and menus. And just hiding that complexity is not enough – things really need to be simpler.

I know XenForo is a big deal right now, and they’ve done a lot well, but I still think they are adhering to forum standards too rigidly. Discourse is a really interesting development, but its interface is pretty indecipherable in a lot of ways. It feels like a product made for the technologically inclined.

We should be designing forums in a world where nobody knows what the hell a “forum” is.

Any advice for people aspiring to make forums as thriving as yours?

Haha, well, Harajuju is a fairly quiet project by design right now. I’ve been quietly tuning things under the hood; I hope to generate a lot more activity over the next year.

I’ve posted this maybe a million times, but it’s important to fill a need other than your own. A lot of people create forums because they want to run a forum. That’s just not enough – your desire has to be not one of control, but one of invitation. I created Harajuju because I wanted to create a community space for people who love Japanese fashion and who were sick of the shallow and petty conversations in other spaces. I created Off the Chain because there were no good Beyblade communities. I founded the World Beyblade Organization because sanctioned Beyblade play outside of Asia was essentially non-existent.

Of course, I get a thrill from running these communities; it’s great to create something and to own it. But it’s not just my needs I’m serving. My needs take a backseat to the needs of my community’s members.

Anything else you’d like to say?

MyBB’s power is in its flexibility. Don’t stop with a few CSS changes and a list of forums. Think about what you can do with the powerful templating options and the huge library of existing plugins out there. Work with developers to create new ones – or if you can develop, create your own.

MyBB is at a tumultuous place in its lifespan. Interest in forums among the general populace of internet users is on the downswing and competition in the space is heating up. MyBB 1.8 is going to be the last version of the 1.x series and the last version that’s compatible with the existing plugins out there today. So we all need to work hard to maximize its potential.

MyBB Merge System 1.6.10

Posted on by

MyBB Merge System for 1.6.10 is now available from the MyBB website and is a maintenance update to the MyBB Merge 1.6 series.

This release is to ensure that users of the MyBB Merge System are able to upgrade and continue to use MyBB 1.6.10.

If you are using or looking to upgrade to MyBB 1.6.10 it is imperative you use this version of the Merge System.

Development Updates

The MyBB Team are working hard to create and update modules for the MyBB Merge System. More information is coming soon!

MyBB 1.8 Tour: Roadmap

Posted on by

MyBB 1.8 is the next minor release for the 1.x series. The aim of this release is to introduce a level of standardisation and organisation that MyBB has previously lacked and to bring the series into line with other products and services that we hope to bring to you in the near future.

1.8 is a huge leap forward for the 1.x series. It will introduce some powerful new features while also providing a stable forum solution for your community for years to come. It will also allow us, the MyBB Group, to focus on the next generation of our software – the anticipated 2.x series.

Status

Due to the extended development and testing phase of 1.6.10, as well as the usual lull in activity due to workload, exams and holidays, MyBB 1.8 isn’t as far along its roadmap as we would like. Naturally we are disappointed but we remain committed to creating and providing one of the most advanced free forum software packages available.

Further to this we are, as a group, undergoing huge changes to how we work to help make releases quicker. These past 12 months has seen an insane amount of work completed by our team, much of which is behind-the-scenes, and we hope to bring news of this to you very soon.

With updates in mind, you can now find the MyBB 1.8 Roadmap on our community forums. This thread will be kept up to date with the latest news, features and bug fixes that are happening during its development.

Release Date

As always, MyBB 1.8 will be released when we feel it is ready. We opened our GitHub project to the public so that anyone – not just the MyBB Team – can help with development of the 1.x series. Even if you can’t code, anyone can download both branches (1.6 & 1.8) to help test bugs and offer suggestions for improvements. Alongside our roadmap you can keep up to date with the project and see what is coming next.

1.8 is not feature locked at this moment in time. However, we don’t plan on introducing further major overhauls to help avoid plugin and theme incompatibilities.

Joining the Team

There has never been a more exciting time in MyBB’s history; with 1.6 ready for new technologies, 1.8 on the way and starting 2.x soon (which is looking absolutely awesome) 2013 is already proving to be a busy year. If you feel you have got what it takes to be a dedicated volunteer for the project we’d love to have you on the team!

We’re currently looking for developers for the 1.x series, SQA team members and members for our new Resources Team – who will be focused on managing our community services. If you are interested in any of these PM a staff member, post an application in our Private Inquiries forum or send us an email.

MyBB 1.6.10 Released – Security & Maintenance Release

Posted on by

MyBB 1.6.10 is now available from the MyBB website and is a security and maintenance release.

What’s added/changed in this version?

This release fixes 7 vulnerabilities and over 95 reported issues causing incorrect functionality of MyBB. Please be aware that to be able to provide easy to manage updates not all issues have been fixed in this version.

A considerable amount of effort has been put in to MyBB 1.6.10 to fix a myraid of issues with PHP 5.4. This is the main reason why the release has been delayed until now. MyBB 1.6.10 should now be compatible with PHP 5.4 hosts.

  • Vulnerabilities:
    • Low Risk: Potential SQL Injection when optimizing the database – reported by Jakub Galczyk
    • Low Risk: Potential SQL Injection when creating the database backups – reported by StefanT
    • Low Risk: Potential XSS vulnerability in theme name – reported by pandaa
    • Low Risk: Improper permission checks for forums where you can only see your own threads – reported by Jordan Mussi and StefanT
    • Non Critical: XSS vulnerability on debug page – reported by 1llusion
    • Non Critical: Improper input validation in modcp.php – reported by 1llusion
    • Non Critical: Improper input validation in calendar.php – reported by Jakub Galczyk
  • Fixed issues in 1.6.10
  • Unfixed issues

Please view the 1.6.10 changes on the Docs site for more information about the changes in this version.

Upgrading from 1.6.9 and Other Versions

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 12 language files. 25 templates have been changed or added.

If you’re using MyBB 1.6.9

If you’re using MyBB 1.6.8 or lower

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

Thanks,

MyBB Team

Getting Involved: MyBB GitHub Now Available

Posted on by

Back in June 2012, after our MyBB.com domain was hijacked, we removed public access to our development repositories and moved to GitHub.

Today we are pleased to announce that our main repository, where the 1.x series is developed, is now available to the public!

Visit the MyBB repository on GitHub →

The Basics

The mybb repository consists of 3 main branches: Master, Stable and Feature. These branches contain a different set of code depending on the name of the branch.

At the moment of writing this post:

  • Master contains code that has been (or is to be) publically released (currently 1.6.9)
  • Stable contains work and bug fixes for the next minor version of MyBB (so 1.6.10, 1.6.11 etc)
  • Feature contains all our work on the next feature version of MyBB – 1.8

Please note that, although all this work is available to you, MyBB only officially supports the latest release. Stable and Feature code may contain partially-committed features which are broken, incomplete or may never make it to public release and for these reasons we do not recommend using either of these branches on your own forums.

They will NOT be supported by the Support Team.

For Developers

Access to our repository provides plugin and theme developers the opportunity to work with the latest code. We hope members of our community, and those interested in our project, become more closely involved with MyBB’s development.

Cutting edge development is designed for advanced users only. While we will try and support you with your work MyBB can’t provide support for Git or GitHub. We’re working on improving our documentation about development.

About MyBB 1.8 Alpha

With the opening of our repository MyBB 1.8 is now publically available via the Feature branch. Please note that this only contains a handful of optimizations, features and changes that we are going to implement into this series.

Major features, such as the Report Centre, Spam Centre and our jQuery conversion are just starting to be worked on but accessing 1.8 should, however, give you an idea of the direction we’re heading in and what we’re trying to achieve with this version of MyBB. It should also allow developers to keep on track with what changes we’re making and, with that in mind, we do encourage anyone interested in working with 1.8 to get involved or get in touch via the 1.8 sections on our forum (coming soon).

Getting Involved

To get involved with MyBB development you will first need a GitHub account. Then, follow these steps:

  • Fork the repository
  • If you want to fix a bug – switch to the stable branch
  • If you want to work with 1.8 – switch to the feature branch
  • Make your changes (ensuring you follow the MyBB Development Standards) and push them to your forked repository
  • Send us a pull request via GitHub with your changes and make sure you reference the issue ticket number your changes relate to (update the ticket too to tell us you’ve fixed it)
  • SQA will provide feedback and, if it passes verification, your changes are merged into MyBB

GitHub Issues to replace Redmine

At the moment MyBB uses Redmine to power our issue tracker. Over time, we will be migrating to use GitHub’s inbuilt Issues tracker to provide closer integration between the repository and reported issues. It should also create a one-point resource for all development.

We’re starting this migration with MyBB 1.8. If you find a bug or problem within the feature branch you should first report it in the MyBB 1.8 Bugs & Issues forum. This allows members of the community to discuss the issue and confirm that it is, in fact, a bug. Once confirmed, a member of the MyBB Team will use a clever custom plugin (developed by Nathan Malcolm) to move the issue to GitHub for developers to work on a fix.

The new workflow eliminates the need for a separate account on Redmine and should allow more members to contribute towards development.

The MyBB 1.8 sections on the Community Forum will be available soon. In the mean time, please use the MyBB 1.6/1.8 Suggestions & Feedback forum.

Summary

There is a lot of new information here but it’s just the start of a new journey for MyBB and our community. By improving reporting methods, making it possible for non-team members to contribute and continuing to work on our new series we feel confident that MyBB will continue to be the best free forum software for years to come.

With thanks,

The MyBB Team