MyBB 1.6.10 Released – Security & Maintenance Release

Discussion in 'MyBB Discussions' started by News Bot, Apr 22, 2013.

  1. News Bot

    News Bot Regular Member

    Apr 28, 2011
    Likes Received:
    Cyber Space
    MyBB 1.6.10 is now available from the MyBB website and is a security and maintenance release.

    What’s added/changed in this version?

    This release fixes 7 vulnerabilities and over 95 reported issues causing incorrect functionality of MyBB. Please be aware that to be able to provide easy to manage updates not all issues have been fixed in this version.

    A considerable amount of effort has been put in to MyBB 1.6.10 to fix a myraid of issues with PHP 5.4. This is the main reason why the release has been delayed until now. MyBB 1.6.10 should now be compatible with PHP 5.4 hosts.

    • Vulnerabilities:
      • Low Risk: Potential SQL Injection when optimizing the database – reported by Jakub Galczyk
      • Low Risk: Potential SQL Injection when creating the database backups – reported by StefanT
      • Low Risk: Potential XSS vulnerability in theme name – reported by pandaa
      • Low Risk: Improper permission checks for forums where you can only see your own threads – reported by Jordan Mussi and StefanT
      • Non Critical: XSS vulnerability on debug page – reported by 1llusion
      • Non Critical: Improper input validation in modcp.php – reported by 1llusion
      • Non Critical: Improper input validation in calendar.php – reported by Jakub Galczyk
    • Fixed issues in 1.6.10
    • Unfixed issues

    Please view the 1.6.10 changes on the Docs site for more information about the changes in this version.

    Upgrading from 1.6.9 and Other Versions

    Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

    To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 12 language files. 25 templates have been changed or added.

    If you’re using MyBB 1.6.9

    If you’re using MyBB 1.6.8 or lower

    Reporting MyBB security vulnerabilities

    If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

    As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.


    MyBB Team

    afeeds_wordpress_com_1_0_comments_blogdotmybbdotcom_wordpress_com_1993__.png astats.wordpress.com_b.gif_40dd889578a1f0a633879b528143c142.gif

    Continue reading...

Share This Page