MyBB 1.8.22 has been released. It’s a maintenance and security update.
What has changed?
5 security issues and 36 other issues have been resolved.
Fixed security issues:
- High risk: Installer RCE on settings file write
- Medium risk: Arbitrary upload paths & Local File Inclusion RCE
- Medium risk: XSS via insufficient HTML sanitization of Blog feed & Extend data
- Low risk: Open redirect on login
- Low risk: SCEditor reflected XSS
Check Release Notes for a list of changes to language files, templates and unresolved issues.