MyBB 1.8.20 has been published and is now available for download. It is a release to improve the quality of maintainance and security.
What has changed?
5 security breaches and 42 issues had been resolved.
Fixed security breaches:
- Medium risk: Reset password reflected XSS
- Medium risk: ModCP Profile Editor username reflected XSS
- Low risk: Predictable CSRF token for guest users
- Low risk: ACP Stylesheet Properties XSS
- Low risk:Reset password username enumeration via email
Check Release Notes for a list of changes to language files, templates and unresolved issues.