Jump to content
Forum²

Recommended Posts

  • Forum² Admin
Posted

MyBB 1.6.7 – Security, Maintenance and Feature Update

MyBB 1.6.7 is now available from the MyBB website and is a security, maintenance and feature update.

In 1.6.7 there are 5 new feature updates and over 70 reported issues fixed. Please be aware that to be able to provide easy to manage updates not all issues have been fixed in this version.

 

http://dev.mybb.com/projects/mybb/versions/42]Fixed issues in 1.6.7

http://dev.mybb.com/projects/mybb/issues]Unfixed issues

 

1.6.7 fixes 5 low-risk security vulnerabilities.

 

SQL injection vulnerability within the Admin Control Panel (ACP) in user search (reported by Nathan Malcolm, MyBB SQA Team)

SQL injection vulnerability within the ACP in Mail Log (reported by Nathan Malcolm, MyBB SQA Team)

SQL injection vulnerability within the ACP in User Inline Moderation (reported by Jammerx2, MyBB Developer)

XSS within the ACP where an orphaned attachment has a malformed filename (reported by Nathan Malcolm, MyBB SQA Team)

Full Path Disclosure if malformed forumread cookie is used

 

ACP vulnerabilities require Administrator permissions and so considered low-risk. We recommend planning your upgrade as quickly as possible to ensure your forum is as secure as it can be.

New features included in 1.6.7 update include the ability to login with a username, an email or both. For more information about new features, please see the Wiki on 1.6.7.

" target="_blank]View 1.6.7 Changes in the Wiki

Upgrading from 1.6.6 and Other Versions

Before performing any upgrade, please remember to backup your forum’s files and database and store them safely. If you have edited core files, including languages files, please make sure you make a change log for these changes so you can make them again once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is required. There are also language and theme changes.

If you’re using MyBB 1.6.6

 

Download and use the
https://github.com/downloads/mybb/mybb16/1607_changed_files.zip]Changed
Files Package

http://mybb.com]

http://wiki.mybb.com/index.php/Upgrading#Beginning_the_Upgrade]Follow
the Wiki Upgrading instructions

 

If you’re not using MyBB 1.6.6

 

Download and use the full
https://github.com/downloads/mybb/mybb16/mybb_1607.zip]1.6.7
release package

http://mybb.com/downloads/latest/]

http://mybb.com/downloads/latest/]
Follow the
http://wiki.mybb.com/index.php/Upgrading#Beginning_the_Upgrade
" target="_blank]Wiki Upgrading instructions

 

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the

We recently held our MyBB Mascot Naming Contest.   Many community members http://community.mybb.com/thread-114748.html" target="_blank]proposed names and after a week a http://community.mybb.com/thread-115639.html" target="_blank]poll with the top names was put up.  After another week of voting, the name “Bolt”, after MyBB founder Chris Boulton, was chosen.  http://community.mybb.com/thread-114748-post-832444.html#pid832444" target="_blank]Proposed by Mebes Net, we of the MyBB Team feels this name conveys the strength and speed of MyBB very effectively.

We are proud to present to you the MyBB Mascot, Bolt!

MyBB 1.8 – The Bridge to 2.0

Everyone here at MyBB are proud to announce the impending arrival of our next major feature release – MyBB 1.8.

Over the last 2 months we’ve been developing in secret at our Github lair, plotting to once again attempt to take over the forum world with our evil plans and awesome free software and to celebrate the 10th anniversary of DevBB – our supreme overlord predecessor.

1.8 isn’t as big of an overhaul as 1.2, 1.4 or 1.6 upgrades which introduced more than 100 features; this is more of a facelift. We took Justin, our lead designer, and locked him in a room with nothing but bacon and water until he came up with a new default theme which is taken from one of (if not the) most popular theme collections used by MyBB communities across the world; his Apart series. That’s not all – we developed attachable base colours to themes so that creating (and using) multi-coloured themes no longer involve adding 14 separate styles. You add just one. A new default theme for your Admin Control Panel (ACP) is available too.

For more than half of MyBB’s rule of the forum world, our JavaScript has been powered by Prototype. It was a popular library when we started using it but it has fallen behind a more powerful (and popular) rival and so we’ve consigned it to MyBB history; MyBB 1.8 is powered by jQuery.

Two of the most requested features for MyBB will also be heading to 1.8. With our switch to jQuery, along comes a new post editor (yet to be decided) and a Trash Can – or more the ability to recover deleted posts via the Mod CP.

Along with the regular bug fixes and a host of other planned improvements, such as an APC cache handler, being able to make a cup of hot cocoa, separating the plugin list to active/inactive, making some functions a bit easier to use and projecting your forum’s logo onto the face of the Moon, we’ll be working with MyBB gurus to improve performance, plugin integrations and we’re looking into making the authentication to 3rd party software much easier too with a dedicated login datahandler. It doesn’t have to be just gurus though; we’ll be opening up 1.8 to everyone on Github so that they too can fork, improve, update and become one with the MyBB Team.

We’re all very excited about this release and hope you are too! More information will be coming soon but in the mean time please feel free to suggest more improvements in our http://community.mybb.com/forum-7.html" target="_blank]Suggestions and Feedback Forum!

Thanks,

MyBB Team

http://blog.mybb.com/?ak_action=api_record_view&id=1611&type=feed" alt="" />

 

View the full article

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...