MyBB 1.8.16 published

MyBB 1.8.16 has been published and is now available for download. It is a release to improve the quality of maintainance and security.

Currently we advise against downloading MyBB Version 1.8.16 , because some severe problems had been discovered. Developers intend to release MyBB 1.8.17 soon in order to put these mistakes right. Although we recommend to install security based Updates as soon as possible, we cannot recommend this Version with good conscience, at least in its current state.
According to this reasons, we keep offering version 1.8.15 on our download-site. Downloads for 1.8.16 are to be found on MyBB.com.


What has changed?
6 security breaches and 66 Errors had been fixed.

Fixed security breaches:

  • High risk: Image & URL MyCode Persistent XSS
  • Medium risk: Multipage Reflected XSS
  • Low risk: ACP logs XSS
  • Low risk: Arbitrary file deletion via ACP’s Settings
  • Low risk: Login CSRF
  • Low risk: Non-video content embedding via Video MyCode

Check Release Notes for a list of changes to language files, templates and unresolved issues.

Huge MyBB security update

MyBB 1.8.15 has been released and it does contain a huge number of security fixes. 10 low and medium security vulnerabilities have been addressed with the .15 release.

24 other issues have been resolved, including important permission issues with the delayed moderation feature.

You should update your forum to 1.8.15 as soon as possible. If you can not update soon, check your moderators permissions and remove the delayed moderation permission to be safe.

Note that the update script is required for the 1.8.15 update.

MyBB 1.8.9 fixes one low security risk

MyBB 1.8.9 is out and it does fix one low security risk.

It is possible to start a CSRF attack on MyBB 1.8.8 when removing subscriptions. 1.8.9 does fix that issue.

There have been 52 other reported issues fixed so updating your MyBB is highly recommended although it’s not that urgent.

The fixed issues include:

Continue reading MyBB 1.8.9 fixes one low security risk

MyBB 1.8.8 fixes 7 security vulnerabilities

MyBB 1.8.8 has been released. The new version does fix 7 security vulnerabilities, four of them with a medium risk potential. There have been 58 issues fixed.

You should update your MyBB as soon as possible. Don’t forget to create a backup before updating your installation. The update script is required.

The Merge System has also been updated to version 1.8.8.