MyBB 1.8.31 published

Today, the MyBB team announced the release of MyBB 1.8.31. This is a security and maintenance release which fixes a number of bugs and issues reported with MyBB 1.8.30, released in march. If you are currently running a version of MyBB older than 1.8.30, we strongly encourage you to upgrade to the latest version as soon as possible. Upgrading is quick, easy, and free – simply download the updated files and upload them to your server to replace your existing installation. For more detailed instructions, please see the upgrade guide at mybb.com.

MyBB 1.8.29 published

We are pleased to announce that MyBB 1.8.29 is now available. This is a security release for the 1.8 series of MyBB.

All users are strongly encouraged to update to this new version as soon as possible. Please remember to take a backup before upgrading!

For more information, please see the MyBB 1.8.29 announcement thread and the changelog for MyBB 1.8.29 at mybb.com.

MyBB 1.8.22 published

MyBB 1.8.22 has been released. It’s a maintenance and security update.

What has changed?
5 security issues and 36 other issues have been resolved.

Fixed security issues:

  • High risk: Installer RCE on settings file write
  • Medium risk: Arbitrary upload paths & Local File Inclusion RCE
  • Medium risk: XSS via insufficient HTML sanitization of Blog feed & Extend data
  • Low risk: Open redirect on login
  • Low risk: SCEditor reflected XSS

Check Release Notes for a list of changes to language files, templates and unresolved issues.


MyBB 1.8.21 published

MyBB 1.8.21 has been published and is now available for download. It includes two high risk security fixes.

What has changed?
6 security breaches and 39 issues have been resolved.

Fixed security breaches:

  • High risk: Theme import stylesheet name RCE
  • High risk: Nested video MyCode persistent XSS
  • Medium risk: Find Orphaned Attachments reflected XSS
  • Medium risk: Post edit reflected XSS
  • Medium risk: Private Messaging folders SQL injection
  • Low risk: Potential phar deserialization through Upload Path

Check Release Notes for a list of changes to language files, templates and unresolved issues.

Huge MyBB security update

MyBB 1.8.15 has been released and it does contain a huge number of security fixes. 10 low and medium security vulnerabilities have been addressed with the .15 release.

24 other issues have been resolved, including important permission issues with the delayed moderation feature.

You should update your forum to 1.8.15 as soon as possible. If you can not update soon, check your moderators permissions and remove the delayed moderation permission to be safe.

Note that the update script is required for the 1.8.15 update.