MyBB 1.6.3 and 1.4.16 Security Update

Discussion in 'MyBB Discussions' started by Tom Moore, Apr 17, 2011.

  1. Tom Moore

    Tom Moore Guest

    MyBB 1.6.3 and 1.4.16 are now available to download. They fix 1 high risk vulnerability and 1 low risk vulnerability. We recommend everyone upgrades to this release immediately or patch their boards with the manual patching instructions below.
    Thanks to Charlie Somerville and thebod for discovering them. These vulnerabilities are:
    In addition to the vulnerabilities, the updates also fix the following issues:
    All other outstanding issues will be resolved in the next maintainence release.
    For MyBB 1.6

    The update to MyBB 1.6.3 also upgrades the Prototype and Scriptaculous javascript libraries to their latest versions. This is to help your MyBB forum work properly with Internet Explorer 9.
    MyBB 1.6.2 to 1.6.3 Patch
    This patch is only for those users running MyBB 1.6.2. If you’re running an older version of MyBB then please download the full version and update to it.
    For help upgrading, see the MyBB Wiki: Upgrading.
    Please download the attached ZIP archive below and replace the files in your forum directory with those from the ZIP archive.
    1.6.3 changed files
    You are required to run the upgrader for 1.6.3. After replacing the files above, remove the ‘lock’ file located in forum_root/install/, then visit forum_root/install/upgrade.php and follow the instructions (where forum_root is the web address for your forum). Remember to backup your forum’s files and database before performing this upgrade.
    Once the upgrade has completed, visit the Templates & Style area of your ACP – click on Templates on the left and go to the “Find Updated Templates”. Revise and amend all affected templates here, paying attention to headerinclude, index_boardstats and forumdisplay_threadlist.
    If you wish to manually patch your board please download “mybb_1602_patches.txt” and follow the instructions in that file. You are also required to amend templates to ensure functionality for your board. For this, please download “mybb_1602_template_changes.txt” and follow the instructions – you must do these for all custom themes you have installed.
    1.6.3 patches
    1.6.3 template patches
    Please remember that applying patches should only be a temporary measure until you can fully upgrade your board. The upgrader is required to run to allow the default templates to be updated with the new security fixes.
    Changed Files since 1.6.2
    • inc
      • class_core.php
      • functions_search.php
    • install
      • Resources
        • mysql_db_tables.php
        • mybb_theme.xml
        • upgrade12.php
        • upgrade17.php
        • upgrade3.php
        • upgrade5.php
      • upgrade.php
    • jscripts
      • controls.js
      • dragdrop.js
      • effects.js
      • general.js
      • prototype.js
      • scriptaculous.js
      • slider.js
      • thread.js
    • forumdisplay.php
    • index.php
    • misc.php
    • showthread.php
    * Red represents files that contain security updates
    * Green represents new files added in this release
    For MyBB 1.4

    For MySQL 5.5 compatibility and IE9 javascript fixes, please upgrade to MyBB 1.6.3. Support for MyBB 1.4 will be ending on 1st July 2011, after which there will be no more security updates for the 1.4 series.
    1.4.15 to 1.4.16 Patches
    This patch is only for those users running MyBB 1.4.15. If you’re running an older version of MyBB 1.4, and don’t want to upgrade to 1.6 just yet, then please the latest version of MyBB 1.4 from the MyBB Wiki: Versions.
    For help upgrading, see the MyBB Wiki: Upgrading.
    Please download the attached ZIP archive below and replace the files in your forum directory with those from the ZIP archive.
    1.4.15 changed files
    You are required to run the upgrader for 1.4.16. After replacing the files above, remove the ‘lock’ file located in forum_root/install/, then visit forum_root/install/upgrade.php and follow the instructions (where forum_root is the web address for your forum). Remember to backup your forum’s files and database before performing this upgrade.
    Once the upgrade has completed, visit the Templates & Style area of your ACP – click on Templates on the left and go to the “Find Updated Templates”. Revise and amend all affected templates here, paying attention to headerinclude, index_boardstats and forumdisplay_threadlist.
    If you wish to manually patch your board please download “mybb_1415_patches.txt” and follow the instructions in that file. You are also required to amend templates to ensure functionality for your board. For this, please download “mybb_1415_template_changes.txt” and follow the instructions – you must do these for all custom themes you have installed.
    1.4.15 patches
    1.4.15 template patches
    Please remember that applying patches should only be a temporary measure until you can fully upgrade your board. The upgrader is required to run to allow the default templates to be updated with the new security fixes.
    Changed Files since 1.4.15
    • inc
      • class_core.php
      • functions_search.php
    • install
      • Resources
        • mybb_theme.xml
      • upgrade.php
    • jscripts
      • general.js
    • forumdisplay.php
    • index.php
    • misc.php
    • showthread.php
    * Red represents files that contain security updates
    * Green represents new files added in this release
    Reporting MyBB security vulnerabilities

    If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.
    As always, you can send through security related messages on the MyBB website from the Contact Us page.
    Thank you,
    MyBB Team


    Continue reading...
     
    Last edited by a moderator: Jan 5, 2014
  2. Kaiser

    Kaiser Regular Member

    Joined:
    Nov 15, 2010
    Messages:
    6,744
    Likes Received:
    1,132
    Nice, hope they continue to release updates.
     
  3. SpacewardAsh

    SpacewardAsh Lurking From Space

    Joined:
    Jan 2, 2011
    Messages:
    211
    Likes Received:
    683
    Location:
    Falmouth, Cornwall, UK
    First Name:
    Ashley
    Good to know they are releasing security patches, although a quick glance shows that they've had a few in the past few months, so are they starting to rush and miss things?
     
  4. el canadiano

    el canadiano Regular Member

    Joined:
    Jan 13, 2010
    Messages:
    212
    Likes Received:
    79
    Location:
    Waterloo, Ontario
    Not really. They've got a lot of people looking at their code recently, so this is always good (it's always good to look at someone else's code, regardless of application). It's also good they're releasing updates ASAP rather than doing nothing.

    They just gotta get those bugs fixed and their performance better.
     
    Kaiser likes this.
  5. Kaiser

    Kaiser Regular Member

    Joined:
    Nov 15, 2010
    Messages:
    6,744
    Likes Received:
    1,132
    MyBB has a lot of potential and they are putting it to good use.. its great to see updates. Im just real eager for 2.0 which is probably long time away, but Chris Boulton knows what hes doing.
     
  6. el canadiano

    el canadiano Regular Member

    Joined:
    Jan 13, 2010
    Messages:
    212
    Likes Received:
    79
    Location:
    Waterloo, Ontario
    He's been pretty quiet, but Tomm Moore has been doing really well replacing Ryan. He's making a lot of optimizations and he's going to continue improving MyBB when 2.0 comes for performance.
     
    Kaiser likes this.

Share This Page