mybb MyBB 1.6.14 Released – Security & Maintenance Release

[AWS]

MyBB 1.6.14 is now available from the MyBB website and is a security and maintenance release.

[HEADING=3]What’s added/changed in this version?[/HEADING]

 

This release fixes 5 vulnerabilities and 50 reported issues causing incorrect functionality of MyBB. Please be aware that to be able to provide easy to manage updates not all issues have been fixed in this version.

 

• Vulnerabilities:
  
  
   
  
  • Medium Risk: Possibility of executing PHP code through settings – reported by http://community.mybb.com/user-84068.html" target="_blank">GiantCrocodile
     
    
  • Low Risk: A XSS vulnerability in polls.php – reported by http://community.mybb.com/user-84510.html" target="_blank">AntiPaste
     
    
  • Low Risk: A XSS vulnerability in portal.php – reported by http://community.mybb.com/user-84510.html" target="_blank">AntiPaste
     
    
  • Low Risk: Password protected forums can be viewed from the portal – reported by http://community.mybb.com/user-27579.html" target="_blank">Nathan Malcolm
     
    
  • Low Risk: Super moderators have more permissions than expected – reported by http://community.mybb.com/user-51459.html" target="_blank">JordanMussi
     
    

   

   

   

  [*]Bugs fixed:

  
   
  
  • https://github.com/mybb/mybb/issues?milestone=1&state=closed">Fixed issues in 1.6.14
     
    
  • https://github.com/mybb/mybb/issues?labels=1.6&state=open">Unfixed issues
     
    

   

   

   

 

Please view the http://docs.mybb.com/1614.html" target="_blank">1.6.14 changes on the Docs site for more information about the changes in this version.

Please note, that you do need to run the upgrade script for this version.

[HEADING=3]Upgrading from 1.6.13 and Other Versions[/HEADING]

 

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 10 language files. 9 templates have been changed or added.

 

• Download and use the http://resources.mybb.com/downloads/changed_files_1614.zip">Changed Files Package (MD5: ec4f93a8def77f05d9b641aa08b40593)
   
  
• http://docs.mybb.com/Upgrading.html#Beginning_the_Upgrade">Follow the Docs Upgrading Instructions
   
  

 

If you’re using MyBB 1.6.12 or lower

 

• Download and use the http://resources.mybb.com/downloads/mybb_1614.zip">full 1.6.14 Release Package (MD5: 0f396838eb8c1e66f5abc344147e7ff5)
   
  
• http://docs.mybb.com/Upgrading.html#Beginning_the_Upgrade">Follow the Docs Upgrading Instructions
   
  

 

[HEADING=3]Reporting MyBB security vulnerabilities[/HEADING]

 

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the http://www.mybb.com/contact">Contact Us page or in our http://community.mybb.com/forum-135.html" target="_blank">Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

Thanks,

MyBB Team

http://feeds.wordpress.com/1.0/comments/blogdotmybbdotcom.wordpress.com/2267/ http://pixel.wp.com/b.gif?host=blog.mybb.com&blog=36724248&post=2267&subd=blogdotmybbdotcom&ref=&feed=1

 

View the full article