MyBB 1.8.9 fixes one low security risk

MyBB 1.8.9 is out and it does fix one low security risk.

It is possible to start a CSRF attack on MyBB 1.8.8 when removing subscriptions. 1.8.9 does fix that issue.

There have been 52 other reported issues fixed so updating your MyBB is highly recommended although it’s not that urgent.

The fixed issues include:

Continue reading MyBB 1.8.9 fixes one low security risk

MyBB 1.8.8 fixes 7 security vulnerabilities

MyBB 1.8.8 has been released. The new version does fix 7 security vulnerabilities, four of them with a medium risk potential. There have been 58 issues fixed.

You should update your MyBB as soon as possible. Don’t forget to create a backup before updating your installation. The update script is required.

The Merge System has also been updated to version 1.8.8.

MyBB 2.0 requires PHP 7 as minimum version

A lot of shared webhosts are currently migrating from PHP 5.3 and PHP 5.4 to PHP 5.5 or PHP 5.6. PHP 7 is fairly new, web software is slowly adapted to support the new standard – mostly beside supporting old standards like PHP 5.6.

The MyBB team announced that MyBB 2.0 will no longer support the PHP 5.X series. The minimum PHP version required to run MyBB 2.0 will be PHP 7.

PHP 7 is faster and more secure and brings up some nice new features, the MyBB devs want to use. But PHP 7 is not that widespread at the moment. A lot of PHP extensions like Imagick or Ioncube have not yet been stable updated to PHP 7 and a lot of webhosters have only installed the core PHP 7 version for advertisement reasons.

It’ll take some time until MyBB 2.0 will be released – we still expect some alpha, beta and rc versions before. But if MyBB 2.0 will be ready, you should have a webhost supporting PHP 7. If you are using other web software with MyBB, make sure it’ll be updated for PHP 7 too.

Official MyBB Blog expired and is not accessible at the moment

The official MyBB blog at blog.mybb.com is expired. It looks like the wordpress hosting has not been paid and therefor the blog is now offline. If you are trying to visit the official MyBB blog, you’ll get the following message:

MyBB Blog Expired

We informed the MyBB staff about this issue. Hopefully they’ll restore the blog soon. Let’s hope that this was just an accident and does not reveal difficulties in the MyBB staff or project. The official community forums and the website itself is still online.

Update: The blog is back online!

Scam warning for MyBB plugin developers

There is a new scam method being used since January 2016. New users with fresh accounts and very little posts are showing up in the official MyBB community forums or contacting MyBB plugin authors directly.

They are looking for custom plugins and promise to pay money above average prices for the plugins. They do accept the usual process in this case: The plugin is developed and the plugin author does provide a testforum based on MyBB to test the plugins abilities by the customer. After that, the coder is being paid and the plugin is delivered.

The new scam method has been reported by two plugin authors already and looks like this:

Continue reading Scam warning for MyBB plugin developers