Forum² Admin AWS Posted February 10, 2012 Forum² Admin Posted February 10, 2012 MyBB 1.6.6 is now available from the MyBB website and is a security release for the 1.6 series. What’s added/changed in this version? In 1.6.6, 1 major issue and 14 low risk vulnerabilities have been fixed. Only the issues listed below are fixed; a further maintenance release will be available with general fixes to functionality in the near future. Vulnerabilities: Non Critical: Import a non-CSS stylesheet (Theme) Low Risk: CSRF vulnerability on Admin CP logout (http://dev.mybb.com/issues/1769" target="_blank]Issue #1769) Low Risk: CSRF vulnerability when clearing a stored password (http://dev.mybb.com/issues/1824" target="_blank]Issue #1824) Low Risk: CSRF vulnerability when removing a buddy (http://dev.mybb.com/issues/1825" target="_blank]Issue #1825) Low Risk: CSRF vulnerability with Admin CP join requests (http://dev.mybb.com/issues/1834" target="_blank]Issue #1834) Low Risk: CSRF vulnerability in Group Promotions Enable/Disable Low Risk: CSRF vulnerability in ACP Edit User (Avatar) Low Risk: CSRF vulnerability with activating a user Low Risk: XSS vulnerability when moving an event (Calendar) Low Risk: XSS vulnerabilities in Akismet plugin Low Risk: XSS vulnerabilities in Forum Subscriptions (User CP) Low Risk: XSS vulnerability in Moderator Logs Low Risk: XSS vulnerability in Edit Post Low Risk: XSS vulnerability when editing Announcements Thanks to SQA Team Member Nathan Malcolm for finding all of these! Vanishing Announcements in 1.6.5 (http://dev.mybb.com/issues/1781" target="_blank]Issue #1781, http://dev.mybb.com/issues/1785" target="_blank]#1785) – with thanks to Paul H and Vini Holden. For more information on these vulnerabilities, please http://wiki.mybb.com/index.php/1.6.6" target="_blank]view the 1.6.6 Changes in the Wiki. Upgrading from 1.6.5 and Other Versions Before performing any upgrade, please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again once the upgrade is complete. To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 1 language file. There is 1 change to themes. Please http://wiki.mybb.com/index.php/1.6.6" target="_blank]view the 1.6.6 Changes in the Wiki for more information about these changes. If you’re using MyBB 1.6.5 Download and use the https://github.com/downloads/mybb/mybb16/changed_files_1606.zip]Changed Files Package (MD5 checksum: 4bc870306925bf40643ad7550479c741) http://wiki.mybb.com/index.php/Upgrading#Beginning_the_Upgrade]Follow the Wiki Upgrading instructions If you’re not using MyBB 1.6.5 Download and use the full https://github.com/downloads/mybb/mybb16/mybb_1606.zip]1.6.6 release package (MD5 checksum: 79823144eb149fc4f89a1bcf7443a6c3) http://mybb.com/downloads/latest/]Follow the http://wiki.mybb.com/index.php/Upgrading#Beginning_the_Upgrade" target="_blank]Wiki Upgrading instructions Reporting MyBB security vulnerabilities If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch. As always, you can send through security related messages on the MyBB website from the View the full article Quote IPB Webmaster - For Invision Community Enthusiasts - SEO Help Forum
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.