Today, the MyBB team announced the release of MyBB 1.8.31. This is a security and maintenance release which fixes a number of bugs and issues reported with MyBB 1.8.30, released in march. If you are currently running a version of MyBB older than 1.8.30, we strongly encourage you to upgrade to the latest version as soon as possible. Upgrading is quick, easy, and free – simply download the updated files and upload them to your server to replace your existing installation. For more detailed instructions, please see the upgrade guide at mybb.com.
MyBB 1.8.30 published
Today we are announcing the release of MyBB 1.8.30, this is a security release for the 1.8 series of MyBB.
This release fixes a number of bugs that have been reported since the last release.
MyBB 1.8.29 published
We are pleased to announce that MyBB 1.8.29 is now available. This is a security release for the 1.8 series of MyBB.
All users are strongly encouraged to update to this new version as soon as possible. Please remember to take a backup before upgrading!
For more information, please see the MyBB 1.8.29 announcement thread and the changelog for MyBB 1.8.29 at mybb.com.
MyBB 1.8.28 published
The MyBB team is excited to announce the release of MyBB 1.8.28! This security and maintenance release fixes a number of bugs and issues that were reported with MyBB 1.8.27.
The release does fix a medium risk – a xss in the ACP Template Name. A quick update is recommended.
MyBB 1.8.22 published
MyBB 1.8.22 has been released. It’s a maintenance and security update.
What has changed?
5 security issues and 36 other issues have been resolved.
Fixed security issues:
- High risk: Installer RCE on settings file write
- Medium risk: Arbitrary upload paths & Local File Inclusion RCE
- Medium risk: XSS via insufficient HTML sanitization of Blog feed & Extend data
- Low risk: Open redirect on login
- Low risk: SCEditor reflected XSS
Check Release Notes for a list of changes to language files, templates and unresolved issues.
MyBB 1.8.21 published
MyBB 1.8.21 has been published and is now available for download. It includes two high risk security fixes.
What has changed?
6 security breaches and 39 issues have been resolved.
Fixed security breaches:
- High risk: Theme import stylesheet name RCE
- High risk: Nested video MyCode persistent XSS
- Medium risk: Find Orphaned Attachments reflected XSS
- Medium risk: Post edit reflected XSS
- Medium risk: Private Messaging folders SQL injection
- Low risk: Potential phar deserialization through Upload Path
Check Release Notes for a list of changes to language files, templates and unresolved issues.
MyBB 1.8.20 published
MyBB 1.8.20 has been published and is now available for download. It is a release to improve the quality of maintainance and security.
What has changed?
5 security breaches and 42 issues had been resolved.
Fixed security breaches:
- Medium risk: Reset password reflected XSS
- Medium risk: ModCP Profile Editor username reflected XSS
- Low risk: Predictable CSRF token for guest users
- Low risk: ACP Stylesheet Properties XSS
- Low risk:Reset password username enumeration via email
Check Release Notes for a list of changes to language files, templates and unresolved issues.
MyBB 1.8.19 published
MyBB 1.8.19 has been published and is now available for download. It is a release to improve the quality of maintainance and security.
What has changed?
4 security breaches and 8 issues had been resolved.
We recommend to update your Forum as soon as possible!
Fixed security breaches:
- High risk: Email field SQL Injection
- Medium risk: Video MyCode Persistent XSS in Visual Editor
- Low risk: Insufficiant permission check in User CP´s attachment management
- Low risk: Insufficient email address verfication
Check Release Notes for a list of changes to language files, templates and unresolved issues.
MyBB 1.8.18 published
MyBB 1.8.18 has been published and is now available for download. It is a release to improve the quality of maintainance and security.
Changes include added support for Mixer videos and multi-file attachments, modified Word Filter behavior, fixes to the mailing queue and improved compatibility with SQLite and MySQL 8. Theme CSS changes may be required and administrators may need to review Word Filters.
What has changed?
2 security breaches and 30 issues had been resolved.
Fixed security breaches:
- High risk: Image MyCode “alt” attribute persistent XSS
- Medium risk: RSS Atom 1.0 item title persistent XSS
Check Release Notes for a list of changes to language files, templates and unresolved issues.
MyBB 1.8.17 published
MyBB 1.8.17 has been published and is now available for download. It is a release to improve the quality of maintainance.
This update fixes several issues introduced by MyBB 1.8.16 such as not being able to log into forums.
What has changed?
11 issues, which have occured with MyBB 1.8.16, had been resolved
Check Release Notes for a list of changes to language files, templates and unresolved issues.