Forum² Admin AWS Posted November 25, 2011 Forum² Admin Posted November 25, 2011 MyBB 1.6.5 is now available from the MyBB website and is a feature update, security and maintenance release for the 1.6 series. What’s added/changed in this version? In 1.6.5, there are 3 vulnerabilities and over 70 reported issues fixed. Please be aware that not all of the existing problems have been fixed in this version. Vulnerabilities: Non Critical: Unparsed user avatar in the buddy list – reported by labrocca Non Critical: Potential XSS vulnerability validating usernames via AJAX – reported by Will G Low Risk: CSRF vulerability in ?language – reported by Nathan Malcolm (http://dev.mybb.com/projects/mybb/issues/1729" target="_blank]Issue #1729) Thanks to everyone who helped find and resolve the issues! http://dev.mybb.com/projects/mybb/versions/39" target="_blank]Fixed issues in 1.6.5 http://dev.mybb.com/projects/mybb/issues" target="_blank]Unfixed issues There are also over 10 new feature updates in 1.6.5. These range from the ability to locate spam users from the ACP to reCAPTCHA support. To get a summary of these new updates and for a list of changed files and language pack changes, please see the Wiki on 1.6.5. http://wiki.mybb.com/index.php/1.6.5" target="_blank]View 1.6.5 Changes in the Wiki Upgrading from 1.6.4 and Other Versions Before performing any upgrade, please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again once the upgrade is complete. If you have any plugins installed that limit signatures or provide reCAPTCHA, or might not be needed because of the new default settings available, it’s suggested to uninstall these before the upgrade. If you’re unsure, create a thread in the General Support section of the Community Forum with your plugin list and a useful member will be able to tell you the plugins that need to be disabled. To upgrade, follow the Upgrading process. The upgrade script is required. There are also language and theme changes. If you’re using MyBB 1.6.4 Download and use the https://github.com/downloads/mybb/mybb16/1605_changedfiles.zip]Changed Files Package http://mybb.com] http://wiki.mybb.com/index.php/Upgrading#Beginning_the_Upgrade]Follow the Wiki Upgrading instructions If you’re not using MyBB 1.6.4 Download and use the full http://www.mybb.com/download/latest]1.6.5 release package http://mybb.com/downloads/latest/] http://mybb.com/downloads/latest/]Follow the http://wiki.mybb.com/index.php/Upgrading#Beginning_the_Upgrade" target="_blank]Wiki Upgrading instructions Plugin System Changes In 1.6.5, there are some fundamental changes to the Plugin System. These changes were made to provide greater support for PHP 5.3 and above. These changes mean that you may need to upgrade some of the plugins you are running on your forum before upgrading to 1.6.5. If you are a Plugin Developer, you need to check your plugins to see if you are required to change them so they work with the new version. Please see the http://wiki.mybb.com/index.php/1.6.5#Plugin_System_Changes" target="_blank]1.6.5 Plugin System Changes Wiki for an explanation of the changes. There is also the http://community.mybb.com/thread-106729.html" target="_blank]Plugin Changes coming in 1.6.5 thread on the Community Forums. MyBB Merge System 1.6.2 Update For those users who have been using Merge System 1.6.1 and earlier, there is a new update ready for you. You can read more about it in the http://blog.mybb.com/2011/09/26/mybb-merge-system-1-6-2/" target="_blank]1.6.2 Update Blog Post. In the near future, the Merge System will be following the main branch of MyBB – for example, if you’re using MyBB 1.6.8 you’ll need Merge System 1.6.8. This will mean that the Merge System will jump several minor points. These changes have yet to come into effect, so please continue to use Merge System 1.6.2. We’ll announce further details nearer the time of the changes. MyBB 1.6.4 Vulnerability In October, we found that http://blog.mybb.com/2011/10/25/some-closure-on-the-1-6-4-security-vulnerability/" target="_blank]a 3rd party had compromised the MyBB server and the 1.6.4 release was modified to contain a hidden vulnerability. If you’re current using 1.6.4 and have had no prior knowledge of this, then we urge you to upgrade to 1.6.5 as soon as possible. As a result of the compromise to our systems we will be hosting our download packages on github, we will continue to do this until we are confident our systems here are just as secure as what github can offer. Here are the MD5 checksums for the release packages: mybb_1605.zip: 032403cee9d25110370ace935803ab9d 1605_changedfiles.zip: 91e6055b758c0aa233503a2a7528a7b0 If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch. As always, you can send through security related messages on the MyBB website from the http://mybb.com/contact" target="_blank]Contact Us page. Thank you, MyBB Team http://blog.mybb.com/?ak_action=api_record_view&id=1434&type=feed" alt="" /> View the full article Quote General Forums - Where People Converse
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.