Guest StefanT Posted January 17, 2016 Posted January 17, 2016 MyBB 1.8.6 – Security & Maintenance Release MyBB 1.8.6 is now available from the MyBB website, and is a security and maintenance release. What’s added/changed in this version? This release fixes 5 security vulnerabilities and 51 reported issues causing incorrect functionality of MyBB. Please be aware that not all issues have been fixed in this version in order to provide easy to manage updates. Vulnerabilities: Medium Risk: Forum password bypass in xmlhttp.php – reported by Devilshakerz Low Risk: SQL Injection in Grouppromotions module (ACP) – reported by Devilshakerz Low Risk: Possible XSS Injection in the error handler – reported by FooBar123 Low Risk: Possible XSS issues in old upgrade files – reported by FooBar123 Low Risk: Possible Full Path Disclosure in publicly accessible error log files – reported by Devilshakerz Bugs fixed: Fixed issues in 1.8.6 Unfixed issues Please view the 1.8.6 changes on the Docs site for more information about the changes in this version. Please note, that you do need to run the upgrade script for this version. Upgrading from 1.8.5 and Other Versions Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete. To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 7 language files and 19 templates were changed or added. If you’re using MyBB 1.8.5: Download and use the Changed Files Package (MD5: 1fa6a941ba49c6e5308bc74a16f6c09f) Follow the Docs Upgrading Instructions If you’re using MyBB 1.8.4 or lower: Download and use the full 1.8.6 Release Package (MD5: 31e91be52df744ccc4ba3c1c12208ec3) Follow the Docs Upgrading Instructions Reporting MyBB security vulnerabilities If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch. As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see. MyBB 1.6.18 – Security Release MyBB 1.6.18 is now available from the MyBB website. It fixes 1 medium risk and 3 low risk vulnerabilities. Please note that we’ve extended support period for MyBB 1.6 to give you additional time for upgrading your forum until 1st of October 2015. After that time no support will be provided for MyBB 1.6. What’s added/changed in this version? The vulnerabilities are: Medium Risk: Forum password bypass in xmlhttp.php – reported by Devilshakerz Low Risk: SQL Injection in Grouppromotions module (ACP) – reported by Devilshakerz Low Risk: Possible XSS Injection in the error handler – reported by FooBar123 Low Risk: Possible XSS issues in old upgrade files – reported by FooBar123 Please view the 1.6.18 changes on the Docs site for more information about the changes in this version. Please note, that you do not need to run the upgrade script for this version. There are no database schema changes in this version. Upgrading from 1.6.17 and Other Versions Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete. To upgrade, follow the Upgrading process. The upgrade script is not required. There are no changes to language files. No templates have been changed or added. If you’re using MyBB 1.6.17: Download and use the Changed Files Package (MD5: 542f2ecfdc29f326607a2f82616cc95c) Follow the Docs Upgrading Instructions If you’re using MyBB 1.6.16 or lower Download and use the full 1.6.18 Release Package (MD5: ad17b498116831a1d1d75bf07351ea0c) Follow the Docs Upgrading Instructions MyBB Merge System 1.8.6 MyBB Merge System 1.8.6 is now available on the MyBB website and is a maintenance update to the MyBB Merge 1.8 series. This release is to ensure that all users of MyBB Merge 1.8 have the latest fixes. This release fixes several reported issues since the release of 1.8.5, which caused some incorrect functionality of the Merge System. These bugs have been fixed to provide a more stable version of the Merge System for public use. What’s new in this version? 11 bug fixes (View all) New module: Avatars are now finally merged! Counters are finally updated automatically – no need to run them manually after the merge Multiple changes to make the merge system more intuitive Thanks, MyBB Team http://www.forum-forum.com/data/MetaMirrorCache/b46a39503f433c158a95d8ae74b5a67f._.png http://www.forum-forum.com/data/MetaMirrorCache/5d853eefc9084683d6da515a645855e6.gif Continue reading... Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.