MyBB 1.8.19 published

MyBB 1.8.19 has been published and is now available for download. It is a release to improve the quality of maintainance and security.

What has changed?
4 security breaches and 8 issues had been resolved.

We recommend to update your Forum as soon as possible!

Fixed security breaches:

  • High risk: Email field SQL Injection
  • Medium risk: Video MyCode Persistent XSS in Visual Editor
  • Low risk: Insufficiant permission check in User CP´s attachment management
  • Low risk: Insufficient email address verfication

Check Release Notes for a list of changes to language files, templates and unresolved issues.

MyBB 1.8.18 published

MyBB 1.8.18 has been published and is now available for download. It is a release to improve the quality of maintainance and security.

Changes include added support for Mixer videos and multi-file attachments, modified Word Filter behavior, fixes to the mailing queue and improved compatibility with SQLite and MySQL 8. Theme CSS changes may be required and administrators may need to review Word Filters.


What has changed?
2 security breaches and 30 issues had been resolved.

Fixed security breaches:

  • High risk: Image MyCode “alt” attribute persistent XSS
  • Medium risk: RSS Atom 1.0 item title persistent XSS

Check Release Notes for a list of changes to language files, templates and unresolved issues.

MyBB 1.8.16 published

MyBB 1.8.16 has been published and is now available for download. It is a release to improve the quality of maintainance and security.

Currently we advise against downloading MyBB Version 1.8.16 , because some severe problems had been discovered. Developers intend to release MyBB 1.8.17 soon in order to put these mistakes right. Although we recommend to install security based Updates as soon as possible, we cannot recommend this Version with good conscience, at least in its current state.
According to this reasons, we keep offering version 1.8.15 on our download-site. Downloads for 1.8.16 are to be found on MyBB.com.


What has changed?
6 security breaches and 66 Errors had been fixed.

Fixed security breaches:

  • High risk: Image & URL MyCode Persistent XSS
  • Medium risk: Multipage Reflected XSS
  • Low risk: ACP logs XSS
  • Low risk: Arbitrary file deletion via ACP’s Settings
  • Low risk: Login CSRF
  • Low risk: Non-video content embedding via Video MyCode

Check Release Notes for a list of changes to language files, templates and unresolved issues.