MyBB 1.8.9 is out and it does fix one low security risk.
It is possible to start a CSRF attack on MyBB 1.8.8 when removing subscriptions. 1.8.9 does fix that issue.
There have been 52 other reported issues fixed so updating your MyBB is highly recommended although it’s not that urgent.
The fixed issues include:
- Fix of a fatal error when using PHP 7.1
- The URL BBCode was not sanitizes properly (XSS attack possibility)
- The archived database backup download lead to a corrupt file leading to a non-existent backup
- The setting “Email Verification & Administrator Activation” was useless
See all other issues closed with 1.8.9 here.
Merry christmas everybody!