MyBB 1.8.21 published

MyBB 1.8.21 has been published and is now available for download. It includes two high risk security fixes.

What has changed?
6 security breaches and 39 issues have been resolved.

Fixed security breaches:

  • High risk: Theme import stylesheet name RCE
  • High risk: Nested video MyCode persistent XSS
  • Medium risk: Find Orphaned Attachments reflected XSS
  • Medium risk: Post edit reflected XSS
  • Medium risk: Private Messaging folders SQL injection
  • Low risk: Potential phar deserialization through Upload Path

Check Release Notes for a list of changes to language files, templates and unresolved issues.

Leave a Reply

Your email address will not be published. Required fields are marked *