MyBB 1.4 end of life announcement.

Posted on by

MyBB 1.4 end of life

MyBB 1.6 was released almost 8 months ago and since then has proven to be stable and secure. Therefore we will be concluding maintenance and support for the MyBB 1.4 series, and we encourage everyone who has not already done so to upgrade to MyBB 1.6 as soon as possible.

The end of life date for MyBB 1.4 will be the 1st of July, 2011.

After this date:

  • We will not be offering official support for MyBB 1.4
  • There will be no further maintenance or security releases for the 1.4 series
  • The 1.4 support forums will be closed and archived

If you require information on how to upgrade please consult our upgrade instructions, if you need further support please visit the support forums.

MyBB 1.6.2 and 1.4.15 – Security Update

Posted on by

MyBB 1.6.2 is a security update to the 1.6 series. It fixes 2 medium risk security vulnerabilities and one low risk issue. We recommend everybody upgrades to this release as soon as possible – or patch their boards with the manual instructions below.

MyBB 1.4.15 is also a security update to the 1.4 series which is affected by the same vulnerabilities.

Thank you to MustLive (Websecurity), MattRogowski and Max Roth for alerting us of these issues.

What’s fixed in this version?

The medium-risk issue reported by Max Roth requires HTML in posts to be enabled in a forum. This issue was fixed as part of Issue #1422. Even if you don’t have HTML enabled in posts, it is still recommended to update to resolve this issue.

MyBB 1.6.1 to MyBB 1.6.2 Patch

This patch is only for users running MyBB 1.6.1. If you are running an older version of MyBB then please download MyBB 1.6.2 from the MyBB site and update to it.

Please download the attached ZIP archive and replace the files in your forum directory with those from the ZIP archive.
This update does not require running the upgrader.

The following files have changed since the initial 1.6.1 release:

  • admin
    • modules
      • tools
        • modlog.php
  • inc
    • class_core.php
    • class_parser.php
  • jscripts
    • validator.js
  • member.php
  • modcp.php
  • xmlhttp.php

* Red represents files that contain security updates
* Green represents new files added in this release

changed_files_1602.zip

If you wish to manually patch your board please download “mybb_1601_patches.txt” and follow the instructions in that file.

mybb_1601_patches.txt

MyBB 1.4.14 to MyBB 1.4.15 Patch

This patch is only for users running MyBB 1.4.14 who have updated their forum when 1.6.1 and 1.4.14 Update was released. If you have not made these updates or are unsure whether you have – and you don’t want to upgrade to 1.6 – then please download 1.4.15 from the MyBB site and update to it.

mybb_1414_patches.txt

To ensure users of the 1.4 series have all the recent security updates the following changed files package contains updates since 1.4.13. The changes to files are mentioned below. If you are still using the 1.4 series, then please make sure that all these files have been updated to keep your forum secure (either by updating to 1.4.15, uploading the changed files package, finding differences using a file difference tool or patches from blog posts).

It is heavily recommended that you upgrade to 1.6.

  • admin
    • modules
      • tools
        • modlog.php
  • inc
    • datahandlers
      • post.php
    • class_core.php
    • class_parser.php
    • functions.php
    • functions_search.php
  • jscripts
    • validator.js
  • attachment.php
  • editpost.php
  • forumdisplay.php
  • member.php
  • modcp.php
  • newreply.php
  • syndication.php
  • xmlhttp.php

* Red represents files that contain security updates
* Green represents new files added in this release

changed_files_1415.zip

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page.

Thank you,
MyBB Team

MyBB Merge System 1.6.1 Release

Posted on by

MyBB Merge System 1.6.1 is now available on the MyBB website and is a maintenance update to the MyBB Merge 1.6 series.

This release is to ensure that all users of MyBB Merge 1.6 have the latest fixes.

This release fixes several reported issues since the release of 1.6.0, which caused some incorrect functionality of the Merge System. These bugs have been fixed to provide a more stable version of for public use.

What’s fixed in this version?

  • 27 bug fixes (view all)
  • Folder renamed from “convert” to “merge” inside the zip, to make it consistent with the fact that this is a Merge System, not a Converter.

As always, you can send through security related messages on the MyBB website from the Contact Us page.

Thank you,
MyBB Team

MyBB 1.6.1 Release & 1.4.14 Update

Posted on by

MyBB 1.6.1 is now available on the MyBB website and is a security and maintenance update to the MyBB 1.6 series. A patch has also been made available to provide the security updates for the MyBB 1.4 series.

This release is to ensure that all users on MyBB 1.6 have the latest fixes, and to patch two medium-risk security issues within MyBB.

This release fixes several reported issues since the release of 1.6.0, which caused some incorrect functionality of MyBB. These bugs have been fixed to provide a more stable version of MyBB for public use.

What’s fixed in this version?

  • Two XSS Vulnerabilities in editpost.php, member.php and newreply.php – Thank you to YGN Ethical Hacker Group for alerting us of these issues.
  • 90+ bug fixes (view all)

This release has been tested by our Software Quality Assurance group.

The following files were changed since the initial MyBB 1.6 release:

  • calendar.php
  • editpost.php
  • forumdisplay.php
  • member.php
  • misc.php
  • modcp.php
  • moderation.php
  • newreply.php
  • newthread.php
  • polls.php
  • portal.php
  • printthread.php
  • private.php
  • reputation.php
  • showthread.php
  • usercp.php
  • xmlhttp.php
  • admin
    • inc
      • class_page.php
      • functions.php
      • functions_view_manager.php
    • jscripts
      • codepress
        • languages
          • css.css
      • imodal.js
    • modules
      • config
        • badwords.php
        • banning.php
        • calendar.php
        • help_documents.php
      • forum
        • announcements.php
        • management.php
      • home
        • credits.php
        • preferences.php
      • style
        • templates.php
        • themes.php
      • tools
        • recount_rebuild.php
      • user
        • groups.php
        • users.php
      • styles
        • sharepoint
          • avatar_gallery.css
  • inc
    • datahandlers
      • post.php
      • user.php
    • languages
      • english
        • admin
          • config_badwords.lang.php
          • forum_management.lang.php
          • tools_recount_rebuild.lang.php
          • tools_statistics.lang.php
        • moderation.lang.php
        • portal.lang.php
        • reputation.lang.php
        • usercp.lang.php
        • xmlhttp.lang.php
      • english.php
    • tasks
      • delayedmoderation.php
      • promotions.php
      • userpruning.php
    • class_core.php
    • class_custommoderation.php
    • class_datacache.php
    • class_moderation.php
    • class_parser.php
    • functions.php
    • functions_forumlist.php
    • functions_indicators.php
    • functions_online.php
    • functions_post.php
    • functions_search.php
    • functions_user.php
  • install
    • resources
      • mybb_theme.xml
      • settings.xml
      • upgrade17.php
      • upgrade18.php
    • index.php
  • jscripts
    • editor.js

* Red represents files that contain security updates
* Green represents new files added in this release

MyBB 1.6.0 to MyBB 1.6.1 Security Patch

This patch is only for users running MyBB 1.6.0. If you are running an older version of MyBB then please download MyBB 1.6.0 from the MyBB site and update to it using the general [Wiki: Upgrading] guide.

If you wish to manually patch your board please download “mybb_1600_patches.txt” and follow the instructions in that file.

mybb_1600_patches.txt

The manual patch set instructions only fixes the security vulnerabilities and is only made available to temporarily secure your forum until you have time to run the complete upgrade.

MyBB 1.6.0 to MyBB 1.6.1 Full Upgrade

When upgrading from 1.6.0, you will not lose any custom themes, plugins or language packs which you may have installed.

Follow the general [Wiki: Upgrading] guide outlined on the MyBB Wiki to complete the upgrade process. You may download a ZIP archive of changed files here:

changed_files_1601.zip

Please download the attached ZIP archive and replace the files in your forum directory with those from the ZIP archive.

This update does require running the upgrader.
There are database schema, language string, or template changes in this version.

You must then check for modified templates using the instructions below.

Theme and template changes

Using the “Find Updated” link under the “Templates” page in the Admin CP you can find a list of the templates that have changed in this release that you’ve got one or more custom copies of.

After identifying changed templates using the tool you can either revert your custom template to the default (delete it) or use the “diff” tool to perform a difference analysis on your custom template and the default.

“Revert required” indicates that for this template to work correctly with MyBB 1.6.1 you’ll either need to revert it to the default or modify your custom template to include the changes in the default. If a revert is not required your custom version of the template should work perfectly fine.

Template changes

Since MyBB 1.6.0 the following templates have had changes to them:

  • portal_latestthreads_thread
  • showthread_poll_option_multiple
  • usercp_nav_misc

* Red represents the template must be updated or reverted to fix security problems

Language file changes

Since MyBB 1.6.0 the following language files have had changes to them:

  • moderation.lang.php
  • portal.lang.php
  • reputation.lang.php
  • usercp.lang.php
  • xmlhttp.php
  • admin
    • config_badwords.lang.php
    • forum_management.lang.php
    • tools_recount_rebuild.lang.php
    • tools_statistics.lang.php

Either update your language packs to include the changes in these files or revert to the standard English language pack.

MyBB 1.4.14 Update

MyBB 1.4.14 was released on August 3rd 2010 to provide full PHP 5.3 functionality as well as improved attachment management. If you’re still using 1.4.13, it is recommended to upgrade to 1.4.14. You can do this by following the instructions in the MyBB 1.4.14 Release Announcement. The changed files package has been updated with the latest security fixes.

Please note all users of the 1.4.x series are urged to upgrade to the latest release of MyBB (1.6.1).

This patch is only for users running MyBB 1.4.14 or any previous release of the MyBB 1.4 series. Please download “mybb_1414_patches.txt” below and follow the manual patching instructions.

mybb_1414_patches.txt

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page.

Thank you,
MyBB Team

Ryan Gordon’s Departure From MyBB

Posted on by

All,

As a few have noticed, Ryan Gordon, the lead developer of MyBB has parted ways with us. A message from Ryan is below.

All of us here at the MyBB Group wish Ryan well in his future endeavours, and I personally am extremely grateful for the role that Ryan has been able to step up and fulfil over the past few years whilst I’ve not been able to dedicate much personal time toward the project. Ryan’s dedication and passion for everything he did, as well as bringing us some of the greatest MyBB releases to date, will be missed.

What does this mean for MyBB?

The most important thing to keep in mind is whilst this is a big change for us, you can still look forward to exceptional releases of your favourite forum software. Work is underway planning out MyBB 2.0, and from our top-secret prototypes, it’s already looking great.

We’ll have more to announce shortly, but again thank you for your continued support.

A message from Ryan to all…

Dear community,

It is with time that with every profession, interest and passion fade and something new comes along to take over it’s place. It is with this in mind, among other things, that I have decided to enlist my resignation from the MyBB Team.

Over the past 5 years I’ve had the unique experience of journying with this team and working on this product that has taught me so much. Together we have built hundreds of thousands of communities and I know that this will continue for a long time into the future.

I wish the MyBB team and the community best of luck in the future, as I open up this new chapter in my life.

Sincerely,
Ryan Gordon

A roundup of our new developers

Posted on by

There has been a great deal of curiosity about the recent additions to the MyBB family so finally I am proud to formally introduce all our new developers to you.

Ryon H

Ryon is an enthusiastic PHP developer with a unique sense of humor. He also happens to speak several languages and apparently lives in a town between a tree and a rock (those are his words). We are also very glad his parents decided to name him Ryon rather than Ryan because that saves us a lot of confusion.

Morgoth

Update: Unfortunately Morgoth has had to leave us already due to some unforeseen issues. We wish him the best of luck with his future.

Morgoth (also known as -Calypso-) is an experienced PHP developer and has come to us from the IPB community where he was well known for developing a number of highly successful plugins.

Sacred

Sacred has also come to us from the IPB community and also has many brilliant plugins to his name. By day he is a Digital Media Manager for a leading online advertising agency and specializes in SEO and e-commerce as well as PHP development.

Dylan M.

Dylan has extensive programming experience and prior to joining the team was well known for his work with extending the MyBB merge system. We are very glad to have him aboard the team as the lead developer for the merge system.

So, please make all our new developers feel welcome and if you see them looking lost and dazed out on the forums don’t hesitate to lend them a hand ;).

Imad Jomaa answers your questions

Posted on by

Imad Jomaa has answered in some detail a few questions.

Please tell us a bit about yourself.

As you might have guessed, my name is Imad Jomaa; I happened to be one boring college Student studying to obtain a B.S. degree in Computer Science as well as a degree in Mathematics. I have been working on a start-up Company for two years now with two other partners, hoping we open our doors sometime soon.

What does your dream job look like?

I am hoping one of my ideas end up going somewhere. However, to be realistic here, I would love to end up working for a Company who love to innovate and share ideas, and possibly have a catchy mission statement. 😛 The other side of me wants to work for an organization aiming for global change in education as I believe education is a key factor in anyone’s life. Furthermore, whichever of the two directions I end up in, you can call it “my dream job”.

In your opinion, what is the most useful and simple feature of MyBB?

This is a tough decision since I have recently been using many features in MyBB I thought I would never use. However, to correlate with “most useful”, I have to say it is the mark as read feature used on forum icons. I use that feature whenever I am on the forums and it saves a lot of time from entering each individual forum to perform such task.

Other than MyBB, what are some of your hobbies?

Despite programming, I love the great outdoors where I am always mesmerized by the vast lands of beauty. I also enjoy expanding my knowledge in wide varieties of subjects ranging from chemistry to biology to marketing and pretty much anything else I find interesting.

Your favourite piece of hardware/software is… Why?

I am not necessarily sure if I happened to favor a specific piece of hardware or software over others as each of such have different functions and purposes. However, if we were to compare apples with apples in relation to operating systems I would use for conventional purposes, I would definitely say Microsoft’s Windows since it seems like a complete functional package over others. However, if I happened to be after a great GUI, I would definitely use OSX by Apple since it seems to have that aspect well laid out.

What are some of your pet hates?

This is another tough question to answer, but I would say the usage of foul language. The usage of such language seems ever increasing especially with young children. It seems as if it became an ongoing trend whether they understand it or not, or whether it is appropriate or not; thus it definitely annoys me.

Is there a feature you’ve come up with (or seen elsewhere) that you would like to see implemented into MyBB one day? What is it and why would it be good for MyBB?

One of the interesting projects I have seen for security CAPTCHA is dragging and dropping objects. I found it very intuitive to have your potential users be able to bypass the sometimes-unreadable characters to something simple and easy to use. The whole idea behind it is asking your user to drag a certain shape from a pool of them to the right – it is simple, intuitive and depending on how it is developed, secure from today’s and possibly future bots.

What is your favourite TV series?

I definitely say it has to be the Mythbusters TV series since they put popular myths to the test and in the end, finally clear up some unanswered questions in an entertaining form.

What do you enjoy most about your life?

I think it has to be the motivation in me that always wants me to expand my knowledge into many categories which gives me a better understanding of many aspects of today’s world.

Anything else you would like to add?

None at all, I think the nine questions asked covered everything I wanted to mention. 🙂

Alan Crisp answers your questions

Posted on by

Alan Crisp, a long standing and proud staff member of MyBB, answers your questions.

Please tell us a bit about yourself.

I’m 23 and currently live in [not very] sunny Doncaster in the UK. I started out writing small modifications for MyBB more years ago than I would care to count up and also created the MyBB Mods website as a side project. In 2004 I joined Chris as a developer following the departure of many of the original team. For a little while there was only really Chris and I actively developing MyBB but more people were quickly recruited to help out. I’ve been here ever since and am involved in both maintaining and developing the MyBB Mods website and also developing MyBB itself. My career is also in web development and I’m currently working at one of the largest online retailers of computer and electrical products in the UK. Primarily I’m a PHP developer although my job occasionally takes me into other programming languages such as Perl and basic bash scripting.

Other than MyBB, what are some of your hobbies?

I’m a saxophone player and also an aspiring composer in my free time. I’m very much into jazz, funk and blues music and enjoy listening to all sorts from Cannonball Adderley, Dave Brubeck and Herbie Hancock to Chuck Mangione, Dave Weckl and Spyro Gyra. I do like some other more mainstream bands too such as Muse, Snow Patrol and Captain. Whilst I was still in full-time education, music was very much my main focus and programming was the hobby on the side. I even went on to do a music degree and then put it to great use by going into a career as a web developer. Essentially music and programming are now the reverse of before – I’m spending most of my time each day doing web development at work and keeping my musical interests going in my spare time. On the plus side I can listen to music at work so that is perhaps the best of both worlds. I can’t imagine how I would cope without Last.fm when I’m at work.

What is your favourite food?

This is a tough call, although I’ve recently become addicted to BBQ chicken pizzas. In fact, I’m probably going to end up eating one shortly after I’ve written this. Failing that a good fry-up with lots of grease is always a meal suitable for any coming day.

How long per day, on average, would you spend at a computer and doing what?

I spend at least eight hours a day in front of a computer at work doing web development, then often another four or five in the evening when I get home during which I could be doing almost anything from gaming to composing, general web surfing or even more programming – it did start as a hobby after all.

What is a feature you would love to see in MyBB by default one day?

Several years ago when I was primarily a modification developer for MyBB I created a modification for allowing entire user groups to become forum moderators. This was mentioned for possible inclusion in future releases of MyBB several times but unfortunately it never happened. That is of course until MyBB 1.6, but then you already know that because you’ve all read the features list and/or tried the beta by now, haven’t you?

What is your dream career?

I’m certainly enjoying my career so far in web development. I’ve picked up so much knowledge and worked with some great people so this is certainly where I’m staying for the moment. That said however, if I suddenly had an opportunity to join a touring band as a saxophonist or become the next big film composer I could probably be tempted to make an unplanned career move.

Do you plan on sticking with MyBB or will you move off to something else?

My connection with MyBB is something I’m incredibly proud of and it means a lot to me. It’s largely because I joined MyBB that I became interested in web development and lead to me deciding to make a career of it when it became apparent that I was not going to be the next Hans Zimmer. So with that in mind I certainly want to stick around with MyBB for as long as I’m able, although inevitably the real world will ultimately dictate how long that will be. I certainly hope to be around for a while yet.

Anything else you would like to add?

It’s been truly great to be a part of this community for so long. I’ve seen MyBB grow from a little-known script that powered the Messenger Plus! community forums to the fully featured product it is today which can really contend with some of the biggest bulletin board scripts available. I’d like to thank everyone who has supported MyBB over the years and hope you continue to show that support in the future. Seeing your positive feedback has always been great encouragement to continue at times when motivation is low and it’s a really great feeling to be a part of something that so many people now know and hopefully enjoy to use.

New recruiting initiative

Posted on by

We are pleased to announce some new initiatives that will be rolled out over the coming weeks to help in our search for valuable new additions to our team.

The quality of MyBB is largely dictated by the quality of our staff and as we look towards development of MyBB 2.0 we hope that these new recruitment strategies will help ensure the longevity and quality of MyBB in the future.

The main changes to our recruitment process is that we will be extending our search to outside our community and formalizing the process, making our selection process similar to applying for a regular job. As a result we will be actively advertising the positions available but also more stringent in our selection criteria.

We are primarily looking to fill development positions and we are looking for people will make a long term commitment to MyBB and hopefully become an integral part of the MyBB team in the future.

We are looking for the types of people who:

  • Are  true industry professionals
  • Have extensive and consolidated skills in PHP & SQL
  • Are familiar with modern object oriented program design
  • Understand security and how important it is
  • Already have proven experience in the field
  • Believe in the open source software model

Although developers are the focus of our search we will are also open to suitable applicants for other positions.

Below are some of our initiatives:

Setting up the MyBB.com/apply page

We have set up a page specifically for recruitment at http://www.MyBB.com/apply which will act as a gateway for anyone interested in a position here. It has information on the roles we have available and what we expect in our applicants.

Notice board flyer:

If you attend a tertiary education institution such as University then there will probably be a lot of notice boards around for community notices. We have prepared a simple flyer which your welcome to print and put up on Computer Science/IT department noticeboards at your University. You can find the flyer here.

Off-site advertising:

We will be identifying a number of websites and communities which are frequented by the kind of people we wish to recruit and have a section suitable for job advertisements. We will then be submitting articles to these sites outlining our organization and the positions we have available. Hopefully this will enable us to reach a broader group of quality developers who might be interested in a position here.

Ensuring the integrity of our team:

We realize many of our community members will be concerned that by recruiting outside our community we will be less familiar with our applicants and therefore there is the possibility of accepting someone who will be untrustworthy and detrimental to our product. We have recognized this and have implemented a number of new policies internally including an initial probation period and a revised permission hierarchy that will restrict the access of new staff to critical aspects of our project. As stated earlier we will also be more stringent in our selection process and ensure that only applicants of the highest integrity will be accepted.

How can I help?

Even if a position on the MyBB team isn’t for you then you can still help by spreading the word of MyBB to people you know who might be suitable for one of our positions. You can also put up flyers as described above.

Welcome Tim B., your new product manager

Posted on by

I am pleased to announce that we have promoted Tim B. to be our new product manager and to take care of our day-to-day operations.

Tim joined us early this year on the support team.  He has shown his dedication to the team throughout his tenure on the support team, and his eagerness to find solutions to problems of any scale.  In addition he has helped with several projects internally such as re-writing our forum rules and reorganizing our forums.  Coupled with his experience in business and also in software engineering, Tim will be able to lead the MyBB team as we head to our next generation product, MyBB 2.0.

A few things you probably didn’t know about Tim:  He’s an Aussie, but doesn’t ride kangaroos to work.  Instead he loves riding anything with two wheels; he has a dirt bike, and many mountain bikes.  He also has an obsession with his non-contact thermometer…

He will be taking over all of my responsibilities with the management of the community and systems here at MyBB, as well as the marketing aspect of the MyBB product.  He will lead the team making sure that progress is being made in the right direction as a whole.

As for me, I will be focusing more on the software design and development of the MyBB product and as such I will be working more with Ryan Gordon and the development team.

Once again let us extend our congratulations to Tim B. as we move forward in this new era of the MyBB team.