Jump to content
Forum²

Recommended Posts

  • Forum² Admin
Posted

MyBB 1.6.6 is now available from the MyBB website and is a security release for the 1.6 series.

What’s added/changed in this version?

In 1.6.6, 1 major issue and 14 low risk vulnerabilities have been fixed. Only the issues listed below are fixed; a further maintenance release will be available with general fixes to functionality in the near future.

 

Vulnerabilities:

 

Non Critical: Import a non-CSS stylesheet (Theme)

Low Risk: CSRF vulnerability on Admin CP logout (http://dev.mybb.com/issues/1769" target="_blank]Issue #1769)

Low Risk: CSRF vulnerability when clearing a stored password (http://dev.mybb.com/issues/1824" target="_blank]Issue #1824)

Low Risk: CSRF vulnerability when removing a buddy (http://dev.mybb.com/issues/1825" target="_blank]Issue #1825)

Low Risk: CSRF vulnerability with Admin CP join requests (http://dev.mybb.com/issues/1834" target="_blank]Issue #1834)

Low Risk: CSRF vulnerability in Group Promotions Enable/Disable

Low Risk: CSRF vulnerability in ACP Edit User (Avatar)

Low Risk: CSRF vulnerability with activating a user

Low Risk: XSS vulnerability when moving an event (Calendar)

Low Risk: XSS vulnerabilities in Akismet plugin

Low Risk: XSS vulnerabilities in Forum Subscriptions (User CP)

Low Risk: XSS vulnerability in Moderator Logs

Low Risk: XSS vulnerability in Edit Post

Low Risk: XSS vulnerability when editing Announcements

 

Thanks to SQA Team Member Nathan Malcolm for finding all of these!

Vanishing Announcements in 1.6.5 (http://dev.mybb.com/issues/1781" target="_blank]Issue #1781, http://dev.mybb.com/issues/1785" target="_blank]#1785) – with thanks to Paul H and Vini Holden.

 

For more information on these vulnerabilities, please http://wiki.mybb.com/index.php/1.6.6" target="_blank]view the 1.6.6 Changes in the Wiki.

Upgrading from 1.6.5 and Other Versions

Before performing any upgrade, please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 1 language file. There is 1 change to themes. Please http://wiki.mybb.com/index.php/1.6.6" target="_blank]view the 1.6.6 Changes in the Wiki for more information about these changes.

If you’re using MyBB 1.6.5

 

Download and use the
https://github.com/downloads/mybb/mybb16/changed_files_1606.zip]Changed
Files Package (MD5 checksum: 4bc870306925bf40643ad7550479c741)

http://wiki.mybb.com/index.php/Upgrading#Beginning_the_Upgrade]Follow
the Wiki Upgrading instructions

 

If you’re not using MyBB 1.6.5

 

Download and use the full
https://github.com/downloads/mybb/mybb16/mybb_1606.zip]1.6.6
release package (MD5 checksum: 79823144eb149fc4f89a1bcf7443a6c3)

http://mybb.com/downloads/latest/]Follow
the
http://wiki.mybb.com/index.php/Upgrading#Beginning_the_Upgrade
" target="_blank]Wiki Upgrading instructions

 

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the

 

View the full article

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...