Jump to content
Forum²

Recommended Posts

  • Forum² Admin
Posted

MyBB 1.6.5 is now available from the MyBB website and is a feature update, security and maintenance release for the 1.6 series.

What’s added/changed in this version?

In 1.6.5, there are 3 vulnerabilities and over 70 reported issues fixed. Please be aware that not all of the existing problems have been fixed in this version.

 

Vulnerabilities:

 

Non Critical: Unparsed user avatar in the buddy list – reported by labrocca

Non Critical: Potential XSS vulnerability validating usernames via AJAX – reported by Will G

Low Risk: CSRF vulerability in ?language – reported by Nathan Malcolm (http://dev.mybb.com/projects/mybb/issues/1729" target="_blank]Issue #1729)

 

Thanks to everyone who helped find and resolve the issues!

http://dev.mybb.com/projects/mybb/versions/39" target="_blank]Fixed issues in 1.6.5

http://dev.mybb.com/projects/mybb/issues" target="_blank]Unfixed issues

 

There are also over 10 new feature updates in 1.6.5. These range from the ability to locate spam users from the ACP to reCAPTCHA support. To get a summary of these new updates and for a list of changed files and language pack changes, please see the Wiki on 1.6.5.

" target="_blank]View 1.6.5 Changes in the Wiki

Upgrading from 1.6.4 and Other Versions

Before performing any upgrade, please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again once the upgrade is complete.

If you have any plugins installed that limit signatures or provide reCAPTCHA, or might not be needed because of the new default settings available, it’s suggested to uninstall these before the upgrade. If you’re unsure, create a thread in the General Support section of the Community Forum with your plugin list and a useful member will be able to tell you the plugins that need to be disabled.

To upgrade, follow the Upgrading process. The upgrade script is required. There are also language and theme changes.

If you’re using MyBB 1.6.4

 

Download and use the
https://github.com/downloads/mybb/mybb16/1605_changedfiles.zip]Changed
Files Package

http://mybb.com]

http://wiki.mybb.com/index.php/Upgrading#Beginning_the_Upgrade]Follow
the Wiki Upgrading instructions

 

If you’re not using MyBB 1.6.4

 

Download and use the full
http://www.mybb.com/download/latest]1.6.5
release package

http://mybb.com/downloads/latest/]

http://mybb.com/downloads/latest/]
Follow the
http://wiki.mybb.com/index.php/Upgrading#Beginning_the_Upgrade
" target="_blank]Wiki Upgrading instructions

 

Plugin System Changes

In 1.6.5, there are some fundamental changes to the Plugin System. These changes were made to provide greater support for PHP 5.3 and above.

These changes mean that you may need to upgrade some of the plugins you are running on your forum before upgrading to 1.6.5. If you are a Plugin Developer, you need to check your plugins to see if you are required to change them so they work with the new version.

Please see the http://wiki.mybb.com/index.php/1.6.5#Plugin_System_Changes" target="_blank]1.6.5 Plugin System Changes Wiki for an explanation of the changes. There is also the http://community.mybb.com/thread-106729.html" target="_blank]Plugin Changes coming in 1.6.5 thread on the Community Forums.

MyBB Merge System 1.6.2 Update

For those users who have been using Merge System 1.6.1 and earlier, there is a new update ready for you.

You can read more about it in the http://blog.mybb.com/2011/09/26/mybb-merge-system-1-6-2/" target="_blank]1.6.2 Update Blog Post.

In the near future, the Merge System will be following the main branch of MyBB – for example, if you’re using MyBB 1.6.8 you’ll need Merge System 1.6.8. This will mean that the Merge System will jump several minor points. These changes have yet to come into effect, so please continue to use Merge System 1.6.2. We’ll announce further details nearer the time of the changes.

MyBB 1.6.4 Vulnerability

In October, we found that http://blog.mybb.com/2011/10/25/some-closure-on-the-1-6-4-security-vulnerability/" target="_blank]a 3rd party had compromised the MyBB server and the 1.6.4 release was modified to contain a hidden vulnerability. If you’re current using 1.6.4 and have had no prior knowledge of this, then we urge you to upgrade to 1.6.5 as soon as possible.

As a result of the compromise to our systems we will be hosting our download packages on github, we will continue to do this until we are confident our systems here are just as secure as what github can offer.

Here are the MD5 checksums for the release packages:

mybb_1605.zip: 032403cee9d25110370ace935803ab9d

1605_changedfiles.zip: 91e6055b758c0aa233503a2a7528a7b0

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the http://mybb.com/contact" target="_blank]Contact Us page.

Thank you,

MyBB Team

http://blog.mybb.com/?ak_action=api_record_view&id=1434&type=feed" alt="" />

 

View the full article

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...