MyBB 1.8.6, 1.6.18 & Merge System 1.8.6 Release

MyBB 1.8.6 – Security & Maintenance Release

MyBB 1.8.6 is now available from the MyBB website, and is a security and maintenance release.

What’s added/changed in this version?

This release fixes 5 security vulnerabilities and 51 reported issues causing incorrect functionality of MyBB. Please be aware that not all issues have been fixed in this version in order to provide easy to manage updates.

 

 

  • Vulnerabilities:

 

 

 

  • Medium Risk: Forum password bypass in xmlhttp.php – reported by Devilshakerz

 

 

  • Low Risk: SQL Injection in Grouppromotions module (ACP) – reported by Devilshakerz

 

 

  • Low Risk: Possible XSS Injection in the error handler – reported by FooBar123

 

 

  • Low Risk: Possible XSS issues in old upgrade files – reported by FooBar123

 

 

  • Low Risk: Possible Full Path Disclosure in publicly accessible error log files – reported by Devilshakerz

 

 

 

 

 

 

  • Bugs fixed:

 

 

 

  • Fixed issues in 1.8.6

 

 

  • Unfixed issues

 

 

 

 

Please view the 1.8.6 changes on the Docs site for more information about the changes in this version.

Please note, that you do need to run the upgrade script for this version.

Upgrading from 1.8.5 and Other Versions

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 7 language files and 19 templates were changed or added.

If you’re using MyBB 1.8.5:

 

 

 

 

  • Follow the Docs Upgrading Instructions

 

 

If you’re using MyBB 1.8.4 or lower:

 

 

 

 

  • Follow the Docs Upgrading Instructions

 

 

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

MyBB 1.6.18 – Security Release

MyBB 1.6.18 is now available from the MyBB website. It fixes 1 medium risk and 3 low risk vulnerabilities.

Please note that we’ve extended support period for MyBB 1.6 to give you additional time for upgrading your forum until 1st of October 2015. After that time no support will be provided for MyBB 1.6.

What’s added/changed in this version?

The vulnerabilities are:

 

 

  • Medium Risk: Forum password bypass in xmlhttp.php – reported by Devilshakerz

 

 

  • Low Risk: SQL Injection in Grouppromotions module (ACP) – reported by Devilshakerz

 

 

  • Low Risk: Possible XSS Injection in the error handler – reported by FooBar123

 

 

  • Low Risk: Possible XSS issues in old upgrade files – reported by FooBar123

 

 

Please view the 1.6.18 changes on the Docs site for more information about the changes in this version.

Please note, that you do not need to run the upgrade script for this version.

There are no database schema changes in this version.

Upgrading from 1.6.17 and Other Versions

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is not required. There are no changes to language files. No templates have been changed or added.

If you’re using MyBB 1.6.17:

 

 

 

 

  • Follow the Docs Upgrading Instructions

 

 

If you’re using MyBB 1.6.16 or lower

 

 

 

 

  • Follow the Docs Upgrading Instructions

 

 

MyBB Merge System 1.8.6

MyBB Merge System 1.8.6 is now available on the MyBB website and is a maintenance update to the MyBB Merge 1.8 series.

This release is to ensure that all users of MyBB Merge 1.8 have the latest fixes.

This release fixes several reported issues since the release of 1.8.5, which caused some incorrect functionality of the Merge System. These bugs have been fixed to provide a more stable version of the Merge System for public use.

What’s new in this version?

 

 

  • 11 bug fixes (View all)

 

 

 

  • New module: Avatars are now finally merged!

 

 

  • Counters are finally updated automatically – no need to run them manually after the merge

 

 

  • Multiple changes to make the merge system more intuitive

 

 

 

 

Thanks,

MyBB Team

Source: http://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/

1 thought on “MyBB 1.8.6, 1.6.18 & Merge System 1.8.6 Release”

Leave a Reply

Your email address will not be published. Required fields are marked *