MyBB 2.0 is being put on hold

The community spoke and we are listening.

Effective immediately, the MyBB team will be putting 2.0 on hold and working towards a more viable & gradual approach to rewriting the core software. Rather than a total rewrite all at once that could take years to complete, we’re going to roll out smaller updates in a quicker fashion. Starting with MyBB 1.9 and onwards, each release (1.10, 1.11, 1.12, etc.) will have new features and rewritten code until we reach the ultimate goal of a totally rewritten and modern forum software.

First up is MyBB 1.9. This update will feature a responsive theme built on a new and improved, Twig template system. This system will allow template conditionals, variable loops, template includes, and much more. Along with a new theme and template system, we’re reworking & improving all of the javascript code and moving it from being inline with the theme to external files. Doing this will make it easier to manage and allow site owners to more easily implement better Content Security Policies on their forum.

In addition to the theme work outlined above, we’re going to be replacing SCEditor with TinyMCE as well as introducing the Swiftmailer mail handler. TinyMCE should be a vast improvement to the overall user experience compared to the current editor we’re using in the 1.8 series. TinyMCE is well-supported & maintained, modern and easily extensible with plugins if you’re looking for extra functionality. Swiftmailer will improve our core email functionality and should integrate better with most SMTP hosts. Swiftmailer will also allow us to retry sending failed emails, add attachments, use the BCC & CC functionality, support servers that require usernames & passwords and/or encryption and much more.

We are excited to embark on this path together with the end goal being to restore MyBB’s place as the best forum software available today— free or commercial.

Thank you for you feedback. Please continue to voice your opinion about the things that are important to you. We are all in this together!

Follow the links below to view the MyBB 1.9 repository and MyBB 1.9 forum topic, respectively:

MyBB 1.9 RepositoryMyBB 1.9 Forum Topic

Building software packages with Docker and Phing

Every meaningful set of development activity in open-source projects like MyBB is followed by an official release that merges in additional lines of production, like security updates, and wraps it up with descriptions and instructions easy to understand for non-developers and site maintainers. Currently the most popular way of distributing updates to PHP-based software is file packages: project managers have to scramble to gather and bundle all files and associated documentation while site administrators are expected to keep track of (and sometimes interpret) this information.

This, to convenience of site administrators and ours, is planned to improve upon adoption of concepts like continuous integration that put emphasis on making all products deployable after every change to the code, and the integration of tools like Composer, which ease the pains of managing third-party solutions and allow to separate one big product into small, handy modules. Even though conveniences like fully automated updates will take time to become reality with informal open-source projects (where the technicalities are much easier to implement than procedures that provide a reasonable level of security), MyBB moves closer to that with eliminating manual tasks covering a broad range of activities that precede each release—the last 4 versions of MyBB (starting with 1.8.12) have been build using the recently published package builder.

The MyBB build repository

Rewriting Memos in XML & PHP

The core part of the builder’s logic is Phing, an Apache Ant-based PHP task build system. This engine enables developers to specify operations related i.a. to git & patch (extensively used to apply sensitive patches before the release), file encoding and archiving saved in an XML build file. It’s also used to call sub-scripts that list changed files and calculate archive size and checksums, but also perform some project-specific operations like counting modified language files, searching for templates that changed between versions or update plugin hook locations with line number precision. Since the Jekyll-powered website is generated from Markdown & Front Matter data files, the builder also prepares the version’s YaML metadata ready to be put into the repository allowing Release Notes and the Release Blog Post content to be generated.

You Want to Run it on What?

Another important role plays Docker, a platform introducing container systems. You might recognize it from the recently put out image recipe that can be used to deploy MyBB 1.8, however this environment is also used whenever packages need to be assembled. No matter who, where or when participates in the building process, they should be able to use the same precisely defined tools—by running the script inside a container we can assure a degree of confidence in that, given the separation from the host operating system. Our Docker image, based on a trimmed down version of Debian, contains an unsuspicious development toolset including basic packages and a PHP interpreter with customized configuration and the strip-nondeterminism tool that normalizes the output to make it possible to arrive with byte-to-byte equal archives identified by matching checksums. This practice is called build reproducibility which will serve as a vital part in download verification.

Real output (with real git errors) when building MyBB 1.8.15 packages

Visit the mybb/mybb-build repository to set up own production line basing on our code and compare against the latest MyBB release packages (starting with 1.8.15, releases on GitHub include a build package with input necessary to reproduce the output).

The MyBB build repository

Automated packaging does not only leave more time for other aspects of running large-scale projects, but also assures that every update is brought to users without potential mistakes that could have been made otherwise with manual assembling. Furthermore, whenever mistakes are spotted, the archives can be quickly rebuilt and pushed out—less emphasis will be put on singular releases and more on their continuous delivery with seamless upgrades that MyBB will be working on.

MyBB 1.8.15 Released — Security & Maintenance Release

MyBB 1.8.15 is now available, and is a security & maintenance release.

This update includes compatibility improvements for PostgreSQL and recent PHP versions as well as minor optimizations.

Check Release Notes for a list of changes to language files, templates and unresolved issues.

Get latest MyBB Full & Upgrade Packages →

The MyBB Project extends thanks to reporters and researchers following responsible disclosure.
Go to to report possible security concerns or to learn more about security research at MyBB.
If you would like to contribute to the Project, Get Involved.

MyBB Team

MyBB Support Policy Changes

MyBB 1.8.14 Released — Security & Maintenance Release

MyBB 1.8.14 is now available, and is a security & maintenance release.

This update applies security patches and fixes minor issues related to the upgrade script included in the previous version.

  • 2 security vulnerabilities addressed:

    • High risk: Language file headers RCE — reported by Julian Rittweger
    • Low risk: Language Pack Properties XSS — reported by Julian Rittweger
  • 2 issues resolved

Check Release Notes for a list of changes to language files, templates and unresolved issues.

Get latest MyBB Full & Upgrade Packages →

The MyBB Project extends thanks to reporters and researchers following responsible disclosure.
Go to to report possible security concerns or to learn more about security research at MyBB.
If you would like to contribute to the Project, Get Involved.

MyBB Team

MyBB 1.8 Dockerfile & Docker Compose Recipe

With the recent announcements of the 1.10 branch we’ve also got some great news for both plugin developers and theme designers. In recent weeks, work has been underway to create an official Docker image for the MyBB 1.8 series. This work has been taken on by a community member who proposed such a solution and set to work on getting it done. Also provided within the repository are two example docker-compose.yml files, to be used with Docker Compose or Swarm. Docker is a technology for creating lightweight containers to manage and orchestrate software. It works across multiple platforms, and makes it easy to quickly get a live instance of the current MyBB version running with a variety of different configurations without requiring much effort to install database management systems and such on your machine. Docker is a brilliant tool for developers to quickly prototype ideas in a fresh, consistent environment. You can find out more information on Docker here.

Developers can immediately download and start using the current MyBB 1.8.13 Docker image from our official Docker Hub registry account (found here) by running the following command:

docker pull mybb/mybb:latest

Alternatively, for those who would like to view the source, make amendments or just generally prefer to build their own images – you can view the official GitHub repository here. Ample instructions for use are provided within the file. This project is far from complete and we do not recommend it for production use, only for development and staging systems. MyBB’s current installation and upgrade systems make full automation with Docker a difficult feat to accomplish but we’re hoping to include easier ways to do this in the future 1.10 series of releases.

We hope that avid plugin and theme developers make good use of the Docker images that we’ll be releasing and improving upon, any and all constructive feedback (and pull requests!) is welcome.

MyBB 1.8.13 Released — Security & Maintenance Release

MyBB 1.8.13 is now available, and is a security & maintenance release.

This update includes fixes related to compatibility with PostgreSQL, SQLite and PHP 7.2 and resolves attachment HTML output problems. Note that the theme’s CSS files may need to be updated. Please see this post on the community forum for more information.

  • 7 security vulnerabilities addressed:
    • High risk: Installer RCE on configuration file write — reported by pabstersac
    • High risk: Language file headers RCE — reported by Julian Rittweger
    • Medium risk: Installer XSS — reported by pabstersac
    • Medium risk: Mod CP Edit Profile XSS — reported by Julian Rittweger
    • Low risk: Insufficient moderator permission check in delayed moderation tools — reported by Starpaul20 of MyBB Team
    • Low risk: Announcements HTML filter bypass
    • Low risk: Language Pack Properties XSS — reported by Julian Rittweger
  • 62 issues resolved

Check Release Notes for a list of changes to language files, templates and unresolved issues.

Get latest MyBB Full & Upgrade Packages →

The MyBB Project extends thanks to reporters and researchers following responsible disclosure.

Go to to report possible security concerns or to learn more about security research at MyBB.

If you would like to contribute to the Project, Get Involved.


MyBB Team

A Fresh Perspective

Blog header image

MyBB has been making some changes lately, and if you haven’t noticed we’re here to give you the scoop. Discussion about bridging 1.x closer to 2.0 has been settling, and as such we have decided on the best course of action moving forward. This comes with some other updates, including the main site going responsive, our blog getting way more fun, setting up an official demo site, and speeding up that darn extension approval process.

If you’ve browsed our site lately on mobile, you may have noticed that it can be a real pain to navigate. We believe it is time to change that. Rather than awaiting MyBB 2 to bring our website into the modern age, you can expect it to be updated very soon. The new site will feature a few things:

  • Modern Design – We are making sure to get the site up to modern design standards.
  • Fully Responsive – This is part of a larger goal to get all MyBB products responsive, we’re starting with the main site.
  • SEO – Finding pages on MyBB should be a much better experience through search engines.

If you have some time and want to leave some feedback, or if you just want to look at the new design, please visit the thread or repository linked below. Thanks!

New MyBB responsive design New MyBB responsive design repository


Our blog will be getting some love as well. We’re now creating our blog posts via a repository on GitHub, so you can help (Or just get a sneak peek at what the next blog will be about). If you have an idea for a blog post that we haven’t done yet, or think we could be doing something better, feel free to open an issue in the repository linked below.

New MyBB responsive design

Official Demo Site

You may or may not know this, but we keep the community forum as vanilla as possible so users can get a feel for what MyBB is, right out of the box. Unfortunately this limits some decisions we make where improving the community forum is concerned. Not only that, but it limits how users can explore a vanilla MyBB installation as well. We are going to be creating a demo website to solve both of these issues, allowing you as users to browse a clean installation of MyBB easily. Obviously these demo installs will be lacking a couple of features that a full blown install contains, such as the ability to install custom themes and plugins – this is purely a security precaution.

Providing a clean demo system for users also opens up the possibility for more changes to be made to the official community forum – such as updating the styling to fit in with the rest of the website – in the future.

You can expect work to begin on this project after the new website has launched. Stay tuned for further updates!

MyBB Extensions

Approval Process

It’s no secret that getting a modification approved on the MyBB website can be a slow process. The main offender for this is our mission to make sure submissions are safe and of good quality, which means exploring the code and installing them for ourselves. This just isn’t a sustainable practice and results in a lot of frustration.

To speed up your addon submissions, we’re going to be easing our policy for allowing submissions. The policy has been published in our documentation, check it out at the following link.

Mod submission policy

If you find an issue with one of these unapproved addons, or even one that has been approved, please report it to us via the Private Inquiries forum so we can investigate properly.

Paid Modification Support

We are also taking a look into our support of paid modifications. In the past, these have been banned from being posted anywhere on the forum. Paid authors create some great things, so we’d like to embrace them more going forward. Our current solution is allowing paid modifications in the Requests/Services/Jobs forum, which you can find below.

We’re also considering the possibility of adding thread prefixes to the Requests/Services/Jobs forum in an effort to easily distinguish the types of services available. If you have any suggestions regarding these categories, we’re all ears!

MyBB R/S/J Forum

MyBB Software Development Path

After a lot of discussion internally, on the forum and in Discord, we’ve decided on the path that the MyBB software will be following leading up to MyBB 2. While we can all agree that MyBB needs to be more modern, rewriting it entirely from scratch is an enormous task and is taking much longer than we anticipated. Judging from the input from users, as well as discussion among staff, our best option moving forward will be to further bridge the 1.x series toward MyBB 2, while updating it to be more usable and modern.

MyBB Poll results

We have not decided on any specifics, but have discussed some of the following options:

  • Use Twig
  • Use Sass
  • New, responsive theme
  • Improved user experience, meaning changes like alerts or conversations

All that we know for now is that the MyBB 1.x line needs to be improved, and we need your help on deciding what exactly will be changing. If you’d like to join in on the discussion, head over to the forum thread we’ve been using to discuss the software.

MyBB 2.0 forum thread

Moving Forward

Overall we think these changes will help bring MyBB into the modern age, and make things a lot more fun to take part in. We love reading what you, the users of MyBB have to say and take it all into consideration. If you’d like to have a discussion with us, please hop on Discord and let us know about it!

Join Discord

MyBB 1.8.12 Released – Security & Maintenance Release

MyBB 1.8.12 is now available from the MyBB website, and is a security and maintenance release.

What’s added/changed in this version?

This release fixes 3 security vulnerabilities and 14 reported issues causing incorrect functionality of MyBB. Please be aware that not all issues have been fixed in this version in order to provide easy to manage updates.

  • Vulnerabilities:
    • Medium risk: Insufficient permission check in multiquote feature – reported by frostschutz
    • Medium risk: CSV macro injection on PM export – reported by Rico A. Silvallana
    • Low risk: Weak password reset codes & false positives – reported by Devilshakerz

Please view the 1.8.12 changes on the Docs site for more information about the changes in this version.

Please note, that you do need to run the upgrade script for this version.

Upgrading from 1.8.11 and Other Versions

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 9 language files and 9 templates were changed or added.

If you’re using MyBB 1.8.11:

  • Download and use the Changed Files Package
    • MD5: 9ebfae510ec51bc27f7b0062f4f99394
    • SHA1: d97f0e13799661b5811245030ef9e56c597086ff
    • SHA256: 17eab833ae6f1a7653d324da3866573437a566f0c2e4f7b4ceddb23795a933f0
    • SHA512: 1b10d9d85dca44a854783f1e37afbec2aac9d657689d09147d414ae41835386f4d97ea0c686edb06fd5de13d2a929bccf7af67fd8af7d95cddc009c6f81812d8
  • Follow the Docs Upgrading Instructions

If you’re using MyBB 1.8.10 or lower:

  • Download and use the full 1.8.12 Release Package
    • MD5: aa0e92e5e55b69f33cab3401994f767a
    • SHA1: 1a406afbb9343145877b0382ab479dc5d17d7813
    • SHA256: a6decde96ae84a2f34a40c2f175172be163ca1fb294c5e4cef5a6396c3eb9f42
    • SHA512: c5292eab2b9a6dbefe1a696aecdb3202a7d4c9f27de3983ba975c3381aaadd775537f4bd5e389eee18ee2237506a2c8e8bb60e2ec7f0f48483335c8e3a6a5ce4
  • Follow the Docs Upgrading Instructions

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.


MyBB Team

MyBB Forum Owner Interview #2 – spork985

This is our second interview for MyBB forum owners and it is spork985. Some of you may know of him from the forum and free mybb hosting website called IcyBoards. IcyBoards is featuring on this blog post and spork speaks to us exclusively about MyBB.

What features do you hope to see in MyBB 2.0 that would enable you to further develop your offering to the community?

There are a lot of plugins we have installed that make very minor changes to the software. I feel MyBB could benefit from rolling some of these ideas in to the baseline code. Some examples include a “users online today” section, defaults for profile fields, redirect warning when the user clicks an external link, latest profile visits, and profile comments. I realize the importance of separation with regards to what a forum is designed to do, but I feel many of these features should be part of the core code and wouldn’t take much to implement. This would substantially cut down on the amount of 3rd party plugins we need to make available, maintain, and worry about upgrading. In most aspects, less plugins also means a more secure forum.

What is your most favourite feature of MyBB currently?

My favorite feature has to be the “purge spammer” button. It’s such a simple concept, yet I feel the person who came up with it is a genius. I always hated those mornings when I wake up, am eating my breakfast, open the forum, and… oh, this dude posted the same message 3 times in every single forum possible. Now I have to spend the next 20 minutes going through and deleting them one by one. Thank you to whoever came up with and implemented this idea.

What is your LEAST favourite feature, and how can this feature be improved to better suit your personal requirements or wishes.

One area I feel could use a little improvement is managing group permissions assigned to forums. It’s very easy at first, but once you have an established forum and want to add a group or even see the overall permissions a group has, it gets complex fast. This is made especially apparent once you start setting custom permissions beyond what the permissions interface has. Unfortunately, I’m not the creative type and don’t have a good suggestion for improvement. I do think a button to copy permissions between two forums would be extremely useful and eliminate some of the tediousness in setting things up/tediousness in an established forum where you have dozens of forums and user groups.

What do you feel is done well at MyBB, and what would you like changing?

Simply put, the code. Most good coding standards are being followed. When debugging and/or modifying, it is very easy to know where to look and quickly troubleshoot issues. Any developer is going to understand the headache of picking up someone else’s poorly-formatted code and trying to work with it. With MyBB, there is no headache at all. As for what I would like to change, we can go down the whole “opening brace on the same line” road, but I have a feeling most are not going to agree with me judging by the standards that were decided upon for MyBB 2.0 Smile It really comes down to a matter of personal preference.

Looking at IcyBoards, why do you choose to solely host MyBB?

Most of the reasons just come down to personal preference, again. Before I started working on IcyBoards, I ran a few forums of my own. I tried several different software solutions, including phpBB, SMF, and PunBB. Honestly, I just didn’t like any of them. After IcyBoards was up and running for a few years, I did look at SMF hosting but the code was just… not fun. It was messy. Additionally, I decided that I would rather have one solid high quality service rather than have my time split between two separate services.

Do you plan to provide hosting for 2.0?

Absolutely. I am very excited to see what MyBB 2.0 brings to the table. IcyBoards is set up in such a way that we can host multiple versions of the software in parallel. We most likely will follow the same path we followed when MyBB 1.8 was released. Once MyBB 2.0 is made available in a stable release, we will begin providing hosting right away. At the same time, we will start working on a migration path for MyBB 1.8 users. We will continue to host and provide support for our MyBB 1.8 users as long as possible, if not indefinitely (to be determined).

What was the most challenging thing to accomplish while developing IcyBoards?

Believe it or not, the most challenging part of developing and running IcyBoards has been spam management. The majority of spammers are automated bots that join and post. They hit thousands and thousands of forums and sometimes make hundreds of posts per forum. If you’re an admin or moderator, it’s no problem. You log in and delete spam when you come across it. When you’re running a hosting service like IcyBoards, you are hosting tens thousands of forums on one system all sharing resources. When you get hundreds of bots making hundreds of posts on tens of thousands of forums, you get… a big mess. On top of this, you get old inactive forums where the staff are never logging in and the spam just accumulates. It’s not unusual for such forums to consume 30-40-50, or even more, gigabytes of database space. I developed several ways of detecting/blocking these posts over the past 1-2 years that have been working well.

Do you have anything to add that hasn’t been mentioned in the earlier questions or answers?

Most importantly, I would like to give a big thank you to all of the developers at MyBB. A service like this would not be possible without their long and hard work. Secondly, we are always looking for ways to improve our service and really appreciate suggestions. You may post suggestions in our thread in the “Showcase” forum.