MyBB 1.6.7 – Security, Maintenance and Feature Release
MyBB 1.6.7 is now available from the MyBB website and is a security, maintenance and feature update.
In 1.6.7 there are 5 new feature updates and over 70 reported issues fixed. Please be aware that to be able to provide easy to manage updates not all issues have been fixed in this version.
1.6.7 fixes 5 low-risk security vulnerabilities.
- SQL injection vulnerability within the Admin Control Panel (ACP) in user search (reported by Nathan Malcolm, MyBB SQA Team)
- SQL injection vulnerability within the ACP in Mail Log (reported by Nathan Malcolm, MyBB SQA Team)
- SQL injection vulnerability within the ACP in User Inline Moderation (reported by Jammerx2, MyBB Developer)
- XSS within the ACP where an orphaned attachment has a malformed filename (reported by Nathan Malcolm, MyBB SQA Team)
- Full Path Disclosure if malformed forumread cookie is used
ACP vulnerabilities require Administrator permissions and so considered low-risk. We recommend planning your upgrade as quickly as possible to ensure your forum is as secure as it can be.
New features included in 1.6.7 update include the ability to login with a username, an email or both. For more information about new features, please see the Wiki on 1.6.7.
Upgrading from 1.6.6 and Other Versions
Before performing any upgrade, please remember to backup your forum’s files and database and store them safely. If you have edited core files, including languages files, please make sure you make a change log for these changes so you can make them again once the upgrade is complete.
To upgrade, follow the Upgrading process. The upgrade script is required. There are also language and theme changes.
If you’re using MyBB 1.6.6
- Download and use the Changed Files Package
If you’re not using MyBB 1.6.6
- Download and use the full 1.6.7 release package
Reporting MyBB security vulnerabilities
If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.
As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.
MyBB Merge System 1.6.7
MyBB Merge System 1.6.7 is now available on the MyBB website and is a maintenance update to the MyBB Merge 1.6 series.
This release is to ensure that all users of MyBB Merge 1.6 have the latest fixes.
This release fixes several reported issues since the release of 1.6.3, which caused some incorrect functionality of the Merge System. These bugs have been fixed to provide a more stable version of the Merge System for public use.
What’s new in this version?
- 3 bug fixes (view all)
- Version jump to 1.6.7 from 1.6.3 to match the current MyBB Version. From now on we’ll do our best to keep these in sync.
This includes some critical fixes for phpBB that caused infinite loops.
MyBB Mascot Update
We recently held our MyBB Mascot Naming Contest. Many community members proposed names and after a week a poll with the top names was put up. After another week of voting, the name “Bolt”, after MyBB founder Chris Boulton, was chosen. Proposed by Mebes Net, we of the MyBB Team feels this name conveys the strength and speed of MyBB very effectively.
We are proud to present to you the MyBB Mascot, Bolt!
MyBB 1.8 – The Bridge to 2.0
Everyone here at MyBB are proud to announce the impending arrival of our next major feature release – MyBB 1.8.
Over the last 2 months we’ve been developing in secret at our Github lair, plotting to once again attempt to take over the forum world with our evil plans and awesome free software and to celebrate the 10th anniversary of DevBB – our supreme overlord predecessor.
1.8 isn’t as big of an overhaul as 1.2, 1.4 or 1.6 upgrades which introduced more than 100 features; this is more of a facelift. We took Justin, our lead designer, and locked him in a room with nothing but bacon and water until he came up with a new default theme which is taken from one of (if not the) most popular theme collections used by MyBB communities across the world; his Apart series. That’s not all – we developed attachable base colours to themes so that creating (and using) multi-coloured themes no longer involve adding 14 separate styles. You add just one. A new default theme for your Admin Control Panel (ACP) is available too.
For more than half of MyBB’s rule of the forum world, our JavaScript has been powered by Prototype. It was a popular library when we started using it but it has fallen behind a more powerful (and popular) rival and so we’ve consigned it to MyBB history; MyBB 1.8 is powered by jQuery.
Two of the most requested features for MyBB will also be heading to 1.8. With our switch to jQuery, along comes a new post editor (yet to be decided) and a Trash Can – or more the ability to recover deleted posts via the Mod CP.
Along with the regular bug fixes and a host of other planned improvements, such as an APC cache handler, being able to make a cup of hot cocoa, separating the plugin list to active/inactive, making some functions a bit easier to use and projecting your forum’s logo onto the face of the Moon, we’ll be working with MyBB gurus to improve performance, plugin integrations and we’re looking into making the authentication to 3rd party software much easier too with a dedicated login datahandler. It doesn’t have to be just gurus though; we’ll be opening up 1.8 to everyone on Github so that they too can fork, improve, update and become one with the MyBB Team.
We’re all very excited about this release and hope you are too! More information will be coming soon but in the mean time please feel free to suggest more improvements in our Suggestions and Feedback Forum!
Thanks,
MyBB Team
MyBB Blog 