MyBB 1.8.16 has been published and is now available for download. It is a release to improve the quality of maintainance and security.
Currently we advise against downloading MyBB Version 1.8.16 , because some severe problems had been discovered. Developers intend to release MyBB 1.8.17 soon in order to put these mistakes right. Although we recommend to install security based Updates as soon as possible, we cannot recommend this Version with good conscience, at least in its current state.
According to this reasons, we keep offering version 1.8.15 on our download-site. Downloads for 1.8.16 are to be found on MyBB.com.
What has changed?
6 security breaches and 66 Errors had been fixed.
Fixed security breaches:
- High risk: Image & URL MyCode Persistent XSS
- Medium risk: Multipage Reflected XSS
- Low risk: ACP logs XSS
- Low risk: Arbitrary file deletion via ACP’s Settings
- Low risk: Login CSRF
- Low risk: Non-video content embedding via Video MyCode
Check Release Notes for a list of changes to language files, templates and unresolved issues.
MyBB 1.8.15 has been released and it does contain a huge number of security fixes. 10 low and medium security vulnerabilities have been addressed with the .15 release.
24 other issues have been resolved, including important permission issues with the delayed moderation feature.
You should update your forum to 1.8.15 as soon as possible. If you can not update soon, check your moderators permissions and remove the delayed moderation permission to be safe.
Note that the update script is required for the 1.8.15 update.
MyBB 1.8.14 has been released and it does fix two security risks.
While the XSS vulnerability inside the language packs is a low security risk, a high security risk has been fixed – the language pack RCE headers.
You should update immediately if possible.
The new MyBB 1.8.13 includes a lot of improvements.
It fixes seven security risks and 62 issues.
Four of the seven security risks are with high and medium risk potential, so it’s important to download and install the new version as soon as possible.
You have to go through the following steps:
- Go into the ACP of your forum
- Click on configuration
- Click on the left side on MyCode
- Click on Add a new MyCode
- For example you can use “SoundCloud” for the title and “Integrate SoundCloud in postings” for the description
Continue reading MyBB tutorial to create a MyCode for SoundCloud links
The new version of MyBB fixes three security risks and 14 other issues.
Two of the security risks are with a medium risk potential.
But don’t forget to create you backup before updating your MyBB.
The new MyBB 1.8.11 is available and ready to download. It fixes three security risks, for example a gap in the email-MyCode.
Also there have been fixed 32 other issues, so you should download the new version really quick.
Because of changes in the structure of the database, the execution of the upgrade scripts is required.
MyBB 1.8.10 has been released. It’s a pure maintenance update which does fix 22 reported issues with MyBB 1.8 series.
You can (and should) download it from Mybb.com and update your forum to 1.8.10. Please note, that the upgrade script is required and don’t forget to backup your forum before updating!
MyBB 1.8.9 is out and it does fix one low security risk.
It is possible to start a CSRF attack on MyBB 1.8.8 when removing subscriptions. 1.8.9 does fix that issue.
There have been 52 other reported issues fixed so updating your MyBB is highly recommended although it’s not that urgent.
The fixed issues include:
Continue reading MyBB 1.8.9 fixes one low security risk
MyBB 1.8.8 has been released. The new version does fix 7 security vulnerabilities, four of them with a medium risk potential. There have been 58 issues fixed.
You should update your MyBB as soon as possible. Don’t forget to create a backup before updating your installation. The update script is required.
The Merge System has also been updated to version 1.8.8.