Forum² Admin AWS Posted April 25, 2014 Forum² Admin Posted April 25, 2014 MyBB 1.6.13 is now available from the MyBB website and is a security and maintenance release. [HEADING=3]What’s added/changed in this version?[/HEADING] This release fixes 4 vulnerabilities and 38 reported issues causing incorrect functionality of MyBB. Please be aware that to be able to provide easy to manage updates not all issues have been fixed in this version. Vulnerabilities: Medium Risk: Possibility of executing PHP code through stylesheets – reported by http://community.mybb.com/user-83062.html" target="_blank">TonyS Medium Risk: Possibility of executing PHP code through language files – reported by http://community.mybb.com/user-8582.html" target="_blank">Pirata Nervo Low Risk: A XSS vulnerability in search system (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1840" target="_blank">CVE-2014-1840) Low Risk: Potential weak random string generator reported by – reported by http://community.mybb.com/user-61715.html" target="_blank">1llusion [*]Bugs fixed: http://docs.mybb.com/1613.html#Fixed_Issues">Fixed issues in 1.6.13 https://github.com/mybb/mybb/issues?labels=1.6&state=open">Unfixed issues Please view the http://docs.mybb.com/1613.html" target="_blank">1.6.13 changes on the Docs site for more information about the changes in this version. Please note, that you do need to run the upgrade script for this version. [HEADING=3]Upgrading from 1.6.12 and Other Versions[/HEADING] Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete. To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 5 language files. 4 templates have been changed or added. Download and use the http://resources.mybb.com/downloads/changed_files_1613.zip">Changed Files Package (MD5: 5bc0f118fb6da1284b83f51d836796c2) http://docs.mybb.com/Upgrading.html#Beginning_the_Upgrade">Follow the Docs Upgrading Instructions If you’re using MyBB 1.6.11 or lower Download and use the http://resources.mybb.com/downloads/mybb_1613.zip">full 1.6.13 Release Package (MD5: 2fd6083b430d56ca503c7b3baed1286f) http://docs.mybb.com/Upgrading.html#Beginning_the_Upgrade">Follow the Docs Upgrading Instructions [HEADING=3]Reporting MyBB security vulnerabilities[/HEADING] If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch. As always, you can send through security related messages on the MyBB website from the http://www.mybb.com/contact">Contact Us page or in our http://community.mybb.com/forum-135.html" target="_blank">Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see. Thanks, MyBB Team [HEADING=1]Note about updated package[/HEADING] Due to a minor issue with the original packages an updated package set has been released. If you installed or updated your forums using either the full or changed files packages prior to 9:30 a.m. on April 27, 2014 GMT please download a fresh package from the links above and replace the following file: admin/modules/style/themes.php You do not need to run the installer or make any further changes. You can use the file verification tool to determine whether you have the latest package, the file above will appear to be modified if you need to download an updated copy. We apologise of any inconvenience. http://feeds.wordpress.com/1.0/comments/blogdotmybbdotcom.wordpress.com/2118/ http://pixel.wp.com/b.gif?host=blog.mybb.com&blog=36724248&post=2118&subd=blogdotmybbdotcom&ref=&feed=1 View the full article Quote IPB Webmaster - For Invision Community Enthusiasts - SEO Help Forum
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.