MyBB 1.8.21 has been published and is now available for download. It includes two high risk security fixes.
What has changed?
6 security breaches and 39 issues have been resolved.
Fixed security breaches:
- High risk: Theme import stylesheet name RCE
- High risk: Nested video MyCode persistent XSS
- Medium risk: Find Orphaned Attachments reflected XSS
- Medium risk: Post edit reflected XSS
- Medium risk: Private Messaging folders SQL injection
- Low risk: Potential phar deserialization through Upload Path
Check Release Notes for a list of changes to language files, templates and unresolved issues.