mybb MyBB 1.8.12 Released – Security & Maintenance Release

[Guest Euan T]

MyBB 1.8.12 is now available from the MyBB website, and is a security and maintenance release.

 

What’s added/changed in this version?

 

 

This release fixes 3 security vulnerabilities and 14 reported issues causing incorrect functionality of MyBB. Please be aware that not all issues have been fixed in this version in order to provide easy to manage updates.

 

• Vulnerabilities:
  
  • Medium risk: Insufficient permission check in multiquote feature – reported by frostschutz
    
  • Medium risk: CSV macro injection on PM export – reported by Rico A. Silvallana
    
  • Low risk: Weak password reset codes & false positives – reported by Devilshakerz
    

• Bugs fixed:
  
  • Fixed issues in 1.8.12
    
  • Unfixed issues
    

 

Please view the 1.8.12 changes on the Docs site for more information about the changes in this version.

 

Please note, that you do need to run the upgrade script for this version.

 

Upgrading from 1.8.11 and Other Versions

 

 

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

 

To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 9 language files and 9 templates were changed or added.

 

If you’re using MyBB 1.8.11:

 

• Download and use the Changed Files Package
  
  • MD5: 9ebfae510ec51bc27f7b0062f4f99394
    
  • SHA1: d97f0e13799661b5811245030ef9e56c597086ff
    
  • SHA256: 17eab833ae6f1a7653d324da3866573437a566f0c2e4f7b4ceddb23795a933f0
    
  • SHA512: 1b10d9d85dca44a854783f1e37afbec2aac9d657689d09147d414ae41835386f4d97ea0c686edb06fd5de13d2a929bccf7af67fd8af7d95cddc009c6f81812d8
    

  [*]Follow the Docs Upgrading Instructions

 

If you’re using MyBB 1.8.10 or lower:

 

• Download and use the full 1.8.12 Release Package
  
  • MD5: aa0e92e5e55b69f33cab3401994f767a
    
  • SHA1: 1a406afbb9343145877b0382ab479dc5d17d7813
    
  • SHA256: a6decde96ae84a2f34a40c2f175172be163ca1fb294c5e4cef5a6396c3eb9f42
    
  • SHA512: c5292eab2b9a6dbefe1a696aecdb3202a7d4c9f27de3983ba975c3381aaadd775537f4bd5e389eee18ee2237506a2c8e8bb60e2ec7f0f48483335c8e3a6a5ce4
    

  [*]Follow the Docs Upgrading Instructions

Reporting MyBB security vulnerabilities

 

 

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

 

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

 

Thanks,

 

MyBB Team

 

 

Continue reading...