Tag Archives: 1.6

MyBB 1.6.10 Released – Security & Maintenance Release

Posted on by

MyBB 1.6.10 is now available from the MyBB website and is a security and maintenance release.

What’s added/changed in this version?

This release fixes 7 vulnerabilities and over 95 reported issues causing incorrect functionality of MyBB. Please be aware that to be able to provide easy to manage updates not all issues have been fixed in this version.

A considerable amount of effort has been put in to MyBB 1.6.10 to fix a myraid of issues with PHP 5.4. This is the main reason why the release has been delayed until now. MyBB 1.6.10 should now be compatible with PHP 5.4 hosts.

  • Vulnerabilities:
    • Low Risk: Potential SQL Injection when optimizing the database – reported by Jakub Galczyk
    • Low Risk: Potential SQL Injection when creating the database backups – reported by StefanT
    • Low Risk: Potential XSS vulnerability in theme name – reported by pandaa
    • Low Risk: Improper permission checks for forums where you can only see your own threads – reported by Jordan Mussi and StefanT
    • Non Critical: XSS vulnerability on debug page – reported by 1llusion
    • Non Critical: Improper input validation in modcp.php – reported by 1llusion
    • Non Critical: Improper input validation in calendar.php – reported by Jakub Galczyk
  • Fixed issues in 1.6.10
  • Unfixed issues

Please view the 1.6.10 changes on the Docs site for more information about the changes in this version.

Upgrading from 1.6.9 and Other Versions

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 12 language files. 25 templates have been changed or added.

If you’re using MyBB 1.6.9

If you’re using MyBB 1.6.8 or lower

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

Thanks,

MyBB Team

MyBB 1.6.9 Security Release

Posted on by

MyBB 1.6.9 is now available from the MyBB website and is a security release for the 1.6 series.

What’s added/changed in this version?

It has come to our attention that there is an SQL injection vulnerability in all versions of MyBB, including MyBB 1.6.8. We advise all MyBB forum owners to upgrade their forum as soon as possible.

With thanks to frostschutz and StefanT for finding and reporting these issues.

Vulnerabilities fixed:

  • High Risk: An SQL vulnerability when editing a post
  • Medium Risk: CAPTCHA systems non effective, providing possible brute-force access

Bugs fixed:

  • An issue with the editor not working in Firefox 16 and above

We apologise for any inconvenience.

Upgrading from 1.6.8 and Other Versions

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 1 language file (messages.lang.php). There are changes to 3 templates (portal_welcome_guesttext, loginbox & codebuttons).

If you’re using MyBB 1.6.8

If you’re using MyBB 1.6.7 or below

Reporting MyBB Security Vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

Thank you,

MyBB Team

MyBB 1.6.8 Released – Maintenance Release

Posted on by

MyBB 1.6.8 is now available from the MyBB website and is a general maintenance release.

What’s added/changed in this version?

This release fixes over 40 reported issues causing incorrect functionality of MyBB. Please be aware that to be able to provide easy to manage updates not all issues have been fixed in this version.

Please view the 1.6.8 changes in the wiki for more information about the changes in this version.

Standards Update

About half of the files that have changed in this version have been updated to match MyBB Development Standards. A full list of actual changed files (files with bug fixes) and standards changes are available from the Wiki.

These standards include removing whitespace at the end of files and ensuring they are encoded properly.

Upgrading from 1.6.7 and Other Versions

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 4 language files (with 23 having standard updates). 2 templates have been changed.

If you’re using MyBB 1.6.7

If you’re using MyBB 1.6.6 or lower

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

Thanks,

MyBB Team

MyBB 1.6.7 Release, Merge 1.6.7 & MyBB 1.8 Development

Posted on by

MyBB 1.6.7 – Security, Maintenance and Feature Release

MyBB 1.6.7 is now available from the MyBB website and is a security, maintenance and feature update.

In 1.6.7 there are 5 new feature updates and over 70 reported issues fixed. Please be aware that to be able to provide easy to manage updates not all issues have been fixed in this version.

1.6.7 fixes 5 low-risk security vulnerabilities.

  • SQL injection vulnerability within the Admin Control Panel (ACP) in user search (reported by Nathan Malcolm, MyBB SQA Team)
  • SQL injection vulnerability within the ACP in Mail Log (reported by Nathan Malcolm, MyBB SQA Team)
  • SQL injection vulnerability within the ACP in User Inline Moderation (reported by Jammerx2, MyBB Developer)
  • XSS within the ACP where an orphaned attachment has a malformed filename (reported by Nathan Malcolm, MyBB SQA Team)
  • Full Path Disclosure if malformed forumread cookie is used

ACP vulnerabilities require Administrator permissions and so considered low-risk. We recommend planning your upgrade as quickly as possible to ensure your forum is as secure as it can be.

New features included in 1.6.7 update include the ability to login with a username, an email or both. For more information about new features, please see the Wiki on 1.6.7.

View 1.6.7 Changes in the Wiki

Upgrading from 1.6.6 and Other Versions

Before performing any upgrade, please remember to backup your forum’s files and database and store them safely. If you have edited core files, including languages files, please make sure you make a change log for these changes so you can make them again once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is required. There are also language and theme changes.

If you’re using MyBB 1.6.6

 

If you’re not using MyBB 1.6.6

 

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

MyBB Merge System 1.6.7

MyBB Merge System 1.6.7 is now available on the MyBB website and is a maintenance update to the MyBB Merge 1.6 series.

This release is to ensure that all users of MyBB Merge 1.6 have the latest fixes.

This release fixes several reported issues since the release of 1.6.3, which caused some incorrect functionality of the Merge System. These bugs have been fixed to provide a more stable version of the Merge System for public use.

What’s new in this version?

  • 3 bug fixes (view all)
  • Version jump to 1.6.7 from 1.6.3 to match the current MyBB Version. From now on we’ll do our best to keep these in sync.

This includes some critical fixes for phpBB that caused infinite loops.

MyBB Mascot Update


We recently held our MyBB Mascot Naming Contest.   Many community members proposed names and after a week a poll with the top names was put up.  After another week of voting, the name “Bolt”, after MyBB founder Chris Boulton, was chosen.  Proposed by Mebes Net, we of the MyBB Team feels this name conveys the strength and speed of MyBB very effectively.

We are proud to present to you the MyBB Mascot, Bolt!

MyBB 1.8 – The Bridge to 2.0

Everyone here at MyBB are proud to announce the impending arrival of our next major feature release – MyBB 1.8.

Over the last 2 months we’ve been developing in secret at our Github lair, plotting to once again attempt to take over the forum world with our evil plans and awesome free software and to celebrate the 10th anniversary of DevBB – our supreme overlord predecessor.

1.8 isn’t as big of an overhaul as 1.2, 1.4 or 1.6 upgrades which introduced more than 100 features; this is more of a facelift. We took Justin, our lead designer, and locked him in a room with nothing but bacon and water until he came up with a new default theme which is taken from one of (if not the) most popular theme collections used by MyBB communities across the world; his Apart series. That’s not all – we developed attachable base colours to themes so that creating (and using) multi-coloured themes no longer involve adding 14 separate styles. You add just one. A new default theme for your Admin Control Panel (ACP) is available too.

For more than half of MyBB’s rule of the forum world, our JavaScript has been powered by Prototype. It was a popular library when we started using it but it has fallen behind a more powerful (and popular) rival and so we’ve consigned it to MyBB history; MyBB 1.8 is powered by jQuery.

Two of the most requested features for MyBB will also be heading to 1.8. With our switch to jQuery, along comes a new post editor (yet to be decided) and a Trash Can – or more the ability to recover deleted posts via the Mod CP.

Along with the regular bug fixes and a host of other planned improvements, such as an APC cache handler, being able to make a cup of hot cocoa, separating the plugin list to active/inactive, making some functions a bit easier to use and projecting your forum’s logo onto the face of the Moon, we’ll be working with MyBB gurus to improve performance, plugin integrations and we’re looking into making the authentication to 3rd party software much easier too with a dedicated login datahandler. It doesn’t have to be just gurus though; we’ll be opening up 1.8 to everyone on Github so that they too can fork, improve, update and become one with the MyBB Team.

We’re all very excited about this release and hope you are too! More information will be coming soon but in the mean time please feel free to suggest more improvements in our Suggestions and Feedback Forum!

Thanks,

MyBB Team

MyBB 1.6.6 Security Release

Posted on by

MyBB 1.6.6 is now available from the MyBB website and is a security release for the 1.6 series.

What’s added/changed in this version?

In 1.6.6, 1 major issue and 14 low risk vulnerabilities have been fixed. Only the issues listed below are fixed; a further maintenance release will be available with general fixes to functionality in the near future.

  • Vulnerabilities:
    • Non Critical: Import a non-CSS stylesheet (Theme)
    • Low Risk: CSRF vulnerability on Admin CP logout (Issue #1769)
    • Low Risk: CSRF vulnerability when clearing a stored password (Issue #1824)
    • Low Risk: CSRF vulnerability when removing a buddy (Issue #1825)
    • Low Risk: CSRF vulnerability with Admin CP join requests (Issue #1834)
    • Low Risk: CSRF vulnerability in Group Promotions Enable/Disable
    • Low Risk: CSRF vulnerability in ACP Edit User (Avatar)
    • Low Risk: CSRF vulnerability with activating a user
    • Low Risk: XSS vulnerability when moving an event (Calendar)
    • Low Risk: XSS vulnerabilities in Akismet plugin
    • Low Risk: XSS vulnerabilities in Forum Subscriptions (User CP)
    • Low Risk: XSS vulnerability in Moderator Logs
    • Low Risk: XSS vulnerability in Edit Post
    • Low Risk: XSS vulnerability when editing Announcements

    Thanks to SQA Team Member Nathan Malcolm for finding all of these!

  • Vanishing Announcements in 1.6.5 (Issue #1781, #1785) – with thanks to Paul H and Vini Holden.

For more information on these vulnerabilities, please view the 1.6.6 Changes in the Wiki.

Upgrading from 1.6.5 and Other Versions

Before performing any upgrade, please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 1 language file. There is 1 change to themes. Please view the 1.6.6 Changes in the Wiki for more information about these changes.

If you’re using MyBB 1.6.5

If you’re not using MyBB 1.6.5

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

Thank you,
MyBB Team

MyBB 1.6.5 Released – Feature Update, Security & Maintenance Release

Posted on by

MyBB 1.6.5 is now available from the MyBB website and is a feature update, security and maintenance release for the 1.6 series.

What’s added/changed in this version?

In 1.6.5, there are 3 vulnerabilities and over 70 reported issues fixed. Please be aware that not all of the existing problems have been fixed in this version.

  • Vulnerabilities:
    • Non Critical: Unparsed user avatar in the buddy list – reported by labrocca
    • Non Critical: Potential XSS vulnerability validating usernames via AJAX – reported by Will G
    • Low Risk: CSRF vulnerability in ?language – reported by Nathan Malcolm (Issue #1729)

    Thanks to everyone who helped find and resolve the issues!

  • Fixed issues in 1.6.5
  • Unfixed issues

There are also over 10 new feature updates in 1.6.5. These range from the ability to locate spam users from the ACP to reCAPTCHA support. To get a summary of these new updates and for a list of changed files and language pack changes, please see the Wiki on 1.6.5.

View 1.6.5 Changes in the Wiki

Upgrading from 1.6.4 and Other Versions

Before performing any upgrade, please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again once the upgrade is complete.

If you have any plugins installed that limit signatures or provide reCAPTCHA, or might not be needed because of the new default settings available, it’s suggested to uninstall these before the upgrade. If you’re unsure, create a thread in the General Support section of the Community Forum with your plugin list and a useful member will be able to tell you the plugins that need to be disabled.

To upgrade, follow the Upgrading process. The upgrade script is required. There are also language and theme changes.

If you’re using MyBB 1.6.4

If you’re not using MyBB 1.6.4

Plugin System Changes

In 1.6.5, there are some fundamental changes to the Plugin System. These changes were made to provide greater support for PHP 5.3 and above.

These changes mean that you may need to upgrade some of the plugins you are running on your forum before upgrading to 1.6.5. If you are a Plugin Developer, you need to check your plugins to see if you are required to change them so they work with the new version.

Please see the 1.6.5 Plugin System Changes Wiki for an explanation of the changes. There is also the Plugin Changes coming in 1.6.5 thread on the Community Forums.

MyBB Merge System 1.6.2 Update

For those users who have been using Merge System 1.6.1 and earlier, there is a new update ready for you.

You can read more about it in the 1.6.2 Update Blog Post.

In the near future, the Merge System will be following the main branch of MyBB – for example, if you’re using MyBB 1.6.8 you’ll need Merge System 1.6.8. This will mean that the Merge System will jump several minor points. These changes have yet to come into effect, so please continue to use Merge System 1.6.2. We’ll announce further details nearer the time of the changes.

MyBB 1.6.4 Vulnerability

In October, we found that a 3rd party had compromised the MyBB server and the 1.6.4 release was modified to contain a hidden vulnerability. If you’re current using 1.6.4 and have had no prior knowledge of this, then we urge you to upgrade to 1.6.5 as soon as possible.

As a result of the compromise to our systems we will be hosting our download packages on github, we will continue to do this until we are confident our systems here are just as secure as what github can offer.

Here are the MD5 checksums for the release packages:

mybb_1605.zip: 032403cee9d25110370ace935803ab9d

1605_changedfiles.zip: 91e6055b758c0aa233503a2a7528a7b0

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page.

Thank you,
MyBB Team

MyBB 1.6.4 Released – Feature Update, Security & Maintenance Release

Posted on by

MyBB 1.6.4 is now available from the MyBB website and is a feature update, security and maintenance release for the 1.6 series.

What’s added/changed in this version?

In 1.6.4, there are 2 new updates and over 100 reported issues fixed.

Please be aware that not all of the existing problems have been fixed in this version. Because of the size of the updates, these will be fixed in a later release.

The 2 new updates included in 1.6.4 are only small – one globally switches on/off plugins and the other detects whether an Administrator has renamed the Portal to check for file verifications.

Security Updates

There are also 3 security updates for 1.6.4. Overall, they are low risk vulnerabilities as they all require administrator permissions – however, one of these is classed as high risk if a user manages to get into the Admin Control Panel (ACP).

As a result of this, it is recommended that only certain types of variables are used in templates that follow the MyBB Development Standards – although other types may be used it the templates are installed to the database through your plugin, Administrators will not be able to save templates with these variables in.

Theme Artists and Plugin Developers should take a close look at the new changes to see if their work will be affected by the new changes and update them accordingly.

Performance

In 1.6.4, there are a number of performance-related updates. These range from small code changes to caching thread prefixes. More information about these are available on 1.6.4’s page in the Wiki.

Almost everyone should be able to see at least some benefits from these changes.

Upgrading from 1.6.3 and Other Versions

Due to the size of this release and due to release errors earlier in the 1.6 series, all files need to be changed. This is to ensure that you have the latest versions of the software’s files which can be hard to trace from earlier releases.

This upgrade process is the same for any version of MyBB. Before performing any upgrade, please remember to backup your forum’s files and database and store them safely. If you have edited core files, please make sure you make a changelog for these changes so you can make them again once the upgrade is complete.

If you have installed plugins that require changes to core files, you will need to make those changes again.

To upgrade, follow the Upgrading process. The upgrade script is required. There are also language and theme changes.

If you require support for upgrading to 1.6.4, please see the 1.6 General Support Forum.

Changes in 1.6.4

We’ve made a handy reference guide to what’s changed in 1.6.4 in the Wiki. We’ll be doing this for each version in the future too so you can see what we’re working on.

View 1.6.4 Changes in the Wiki.

MyBB Merge System 1.6.1 Update

For those users who have been using Merge System 1.6.1 and earlier, there is an important security update ready for you.

You can read more about it in the 1.6.1 Update Blog Post.

Thank you,
MyBB Team

MyBB 1.6.3 and 1.4.16 Security Update

Posted on by

MyBB 1.6.3 and 1.4.16 are now available to download. They fix 1 high risk vulnerability and 1 low risk vulnerability. We recommend everyone upgrades to this release immediately or patch their boards with the manual patching instructions below.

Thanks to Charlie Somerville and thebod for discovering them. These vulnerabilities are:

In addition to the vulnerabilities, the updates also fix the following issues:

All other outstanding issues will be resolved in the next maintainence release.

For MyBB 1.6

The update to MyBB 1.6.3 also upgrades the Prototype and Scriptaculous javascript libraries to their latest versions. This is to help your MyBB forum work properly with Internet Explorer 9.

MyBB 1.6.2 to 1.6.3 Patch
This patch is only for those users running MyBB 1.6.2. If you’re running an older version of MyBB then please download the full version and update to it.

For help upgrading, see the MyBB Wiki: Upgrading.

Please download the attached ZIP archive below and replace the files in your forum directory with those from the ZIP archive.

1.6.3 changed files

You are required to run the upgrader for 1.6.3. After replacing the files above, remove the ‘lock’ file located in forum_root/install/, then visit forum_root/install/upgrade.php and follow the instructions (where forum_root is the web address for your forum). Remember to backup your forum’s files and database before performing this upgrade.

Once the upgrade has completed, visit the Templates & Style area of your ACP – click on Templates on the left and go to the “Find Updated Templates”. Revise and amend all affected templates here, paying attention to headerinclude, index_boardstats and forumdisplay_threadlist.

If you wish to manually patch your board please download “1.6.3 patches” and follow the instructions in that file. You are also required to amend templates to ensure functionality for your board. For this, please download “1.6.3 template patches” and follow the instructions – you must do these for all custom themes you have installed.

1.6.3 patches
1.6.3 template patches

Please remember that applying patches should only be a temporary measure until you can fully upgrade your board. The upgrader is required to run to allow the default templates to be updated with the new security fixes.

Changed Files since 1.6.2

  • inc
    • class_core.php
    • functions_search.php
  • install
    • resources
      • mysql_db_tables.php
      • mybb_theme.xml
      • upgrade12.php
      • upgrade17.php
      • upgrade19.php
      • upgrade3.php
      • upgrade5.php
    • upgrade.php
  • jscripts
    • controls.js
    • dragdrop.js
    • effects.js
    • general.js
    • prototype.js
    • scriptaculous.js
    • slider.js
    • thread.js
  • forumdisplay.php
  • index.php
  • misc.php
  • showthread.php

* Red represents files that contain security updates
* Green represents new files added in this release

For MyBB 1.4

For MySQL 5.5 compatibility and IE9 javascript fixes, please upgrade to MyBB 1.6.3. Support for MyBB 1.4 will be ending on 1st July 2011, after which there will be no more security updates for the 1.4 series.

1.4.15 to 1.4.16 Patches
This patch is only for those users running MyBB 1.4.15. If you’re running an older version of MyBB 1.4, and don’t want to upgrade to 1.6 just yet, then please the latest version of MyBB 1.4 from the MyBB Wiki: Versions.

For help upgrading, see the MyBB Wiki: Upgrading.

Please download the attached ZIP archive below and replace the files in your forum directory with those from the ZIP archive.

1.4.15 changed files

You are required to run the upgrader for 1.4.16. After replacing the files above, remove the ‘lock’ file located in forum_root/install/, then visit forum_root/install/upgrade.php and follow the instructions (where forum_root is the web address for your forum). Remember to backup your forum’s files and database before performing this upgrade.

Once the upgrade has completed, visit the Templates & Style area of your ACP – click on Templates on the left and go to the “Find Updated Templates”. Revise and amend all affected templates here, paying attention to headerinclude, index_boardstats and forumdisplay_threadlist.

If you wish to manually patch your board please download “1.4.16 patches” and follow the instructions in that file. You are also required to amend templates to ensure functionality for your board. For this, please download “1.4.16 template patches” and follow the instructions – you must do these for all custom themes you have installed.

1.4.15 patches
1.4.15 template patches

Please remember that applying patches should only be a temporary measure until you can fully upgrade your board. The upgrader is required to run to allow the default templates to be updated with the new security fixes.

Changed Files since 1.4.15

  • inc
    • class_core.php
    • functions_search.php
  • install
    • resources
      • mybb_theme.xml
    • upgrade.php
  • jscripts
    • general.js
  • forumdisplay.php
  • index.php
  • misc.php
  • showthread.php

* Red represents files that contain security updates
* Green represents new files added in this release

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page.

Thank you,
MyBB Team

MyBB 1.6.2 and 1.4.15 – Security Update

Posted on by

MyBB 1.6.2 is a security update to the 1.6 series. It fixes 2 medium risk security vulnerabilities and one low risk issue. We recommend everybody upgrades to this release as soon as possible – or patch their boards with the manual instructions below.

MyBB 1.4.15 is also a security update to the 1.4 series which is affected by the same vulnerabilities.

Thank you to MustLive (Websecurity), MattRogowski and Max Roth for alerting us of these issues.

What’s fixed in this version?

The medium-risk issue reported by Max Roth requires HTML in posts to be enabled in a forum. This issue was fixed as part of Issue #1422. Even if you don’t have HTML enabled in posts, it is still recommended to update to resolve this issue.

MyBB 1.6.1 to MyBB 1.6.2 Patch

This patch is only for users running MyBB 1.6.1. If you are running an older version of MyBB then please download MyBB 1.6.2 from the MyBB site and update to it.

Please download the attached ZIP archive and replace the files in your forum directory with those from the ZIP archive.
This update does not require running the upgrader.

The following files have changed since the initial 1.6.1 release:

  • admin
    • modules
      • tools
        • modlog.php
  • inc
    • class_core.php
    • class_parser.php
  • jscripts
    • validator.js
  • member.php
  • modcp.php
  • xmlhttp.php

* Red represents files that contain security updates
* Green represents new files added in this release

changed_files_1602.zip

If you wish to manually patch your board please download “mybb_1601_patches.txt” and follow the instructions in that file.

mybb_1601_patches.txt

MyBB 1.4.14 to MyBB 1.4.15 Patch

This patch is only for users running MyBB 1.4.14 who have updated their forum when 1.6.1 and 1.4.14 Update was released. If you have not made these updates or are unsure whether you have – and you don’t want to upgrade to 1.6 – then please download 1.4.15 from the MyBB site and update to it.

mybb_1414_patches.txt

To ensure users of the 1.4 series have all the recent security updates the following changed files package contains updates since 1.4.13. The changes to files are mentioned below. If you are still using the 1.4 series, then please make sure that all these files have been updated to keep your forum secure (either by updating to 1.4.15, uploading the changed files package, finding differences using a file difference tool or patches from blog posts).

It is heavily recommended that you upgrade to 1.6.

  • admin
    • modules
      • tools
        • modlog.php
  • inc
    • datahandlers
      • post.php
    • class_core.php
    • class_parser.php
    • functions.php
    • functions_search.php
  • jscripts
    • validator.js
  • attachment.php
  • editpost.php
  • forumdisplay.php
  • member.php
  • modcp.php
  • newreply.php
  • syndication.php
  • xmlhttp.php

* Red represents files that contain security updates
* Green represents new files added in this release

changed_files_1415.zip

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page.

Thank you,
MyBB Team

MyBB 1.6 Released

Posted on by

Today marks the 2 year anniversary since MyBB 1.4 was released. It is an honor to announce that today, we are releasing MyBB 1.6 Gold to the general public and that it is now available directly on the MyBB website.

MyBB 1.6 may be one small step for forum software, but it is one giant leap for MyBB. There are over 40 new features that have been built in to MyBB and countless tweaks, fixes, and performance optimizations since MyBB 1.4.

We’ve also updated the MyBB website to contain a feature tour of what is available in MyBB 1.6: http://www.mybb.com/features.

We recommend that all users upgrade to 1.6 so they can take advantage of the great new features in MyBB 1.6, but we recommend you plan your upgrade first. More information on upgrading and changes to templates, themes, plugins and languages can be found below.

Personally I’d also like to thank this community, for your everlasting support and for all of you who have been with us every step of the way. You’ve made this happen; MyBB is your forum software. Above all, I would like to thank every single team member who has made this journey with us. My debt to you is beyond measure. Thank you so much for the time, sweat, and effort you’ve given to this project and community. We are all grateful to you.

Ryan Gordon
MyBB Lead Developer

Upgrading from previous versions

You can update your copy of MyBB to 1.6 if you’re running MyBB 1.0 RC2 or onwards (which you should already be).

Be warned that with the following release:

  • Custom templates will need to be updated for this release via the “Find Updated Templates” tool in the MyBB 1.6 Administration Control Panel.
  • Most plugins and code modifications will need to be updated to work with MyBB 1.6. Make sure you disable your plugins before upgrading and make sure updated copies compatible with MyBB 1.6 are available.
  • Custom language packs from earlier versions will need to be updated as well.

Before you attempt to upgrade, ensure you have a database backup and a copy of the files currently in use on your board. This is so you can revert back to your earlier version if you need to or something goes horribly wrong with the upgrade process.

This is a moderately long upgrade process. Please make sure you don’t refresh pages whilst they’re loading, and don’t click the “Next” button more than once (if you don’t have JavaScript enabled). You should plan your upgrade before attempting to perform it.

Follow the general [Wiki: Upgrading] guide outlined on the MyBB Wiki to complete the upgrade process.

License

MyBB 1.6 is now distributed under the GNU LGPLv3 license. The only major difference between this license and the GNU GPLv3 license that MyBB has been licensed under since MyBB 1.4.2, is the ability for plugin and theme authors to have more freedom in the license they choose to distribute their work under.

To the average user, this change does not affect the way you use MyBB or run your forums. You do not need to change anything, you just need to make sure you comply with the terms and conditions set out via the GNU LGPL – which if you meet our current license agreement, you already do.

Theme and template changes

Several updates have been added to the theme which give you more control over the stylesheet and appearance of your forum and the new features. For this reason, your theme is updated to work with MyBB 1.6 during the upgrade process.

The same applies with templates; you’ll need to use the “Find Updated Templates” on any custom templates to update them due to the fact that many of them have been updated.

Language packs

Language packs also need to be updated as there are many changes in the language files. This includes addition of language strings and improving or updating of some current language strings.

Before you attempt to use any language pack with MyBB 1.6 you’ll need to ensure it has been updated accordingly to the changes made in the release.

Plugins

Most plugins can be updated with minimal changes. In most cases the version compatibility indicator can be updated safely within the plugin and it will work with MyBB 1.6 without further change. However, some plugins may require more extensive changes.

If you require assistance making your modification or theme compatible with MyBB 1.6 then please post in the appropriate code modifications or Template & Theme forum on http://community.mybb.com/

As of the release of 1.6, there are several plugins and themes immediately available for download from the MyBB Mods site and many more to come soon.

MyBB Merge System

As of this MyBB 1.6 release, a version of the MyBB Merge System compatible with MyBB 1.6 has been released on the MyBB website to the general public.