Jump to content
Forum²
Invision Community Beta Site

MyBB 1.8.20 Released — Security & Maintenance Release

Guest Devilshakerz

By Guest Devilshakerz
in Forum Software Discussions

 Share

Recommended Posts

Guest Devilshakerz

Guest Devilshakerz

Posted
Posted

MyBB 1.8.20 is now available, and is a security & maintenance release.

 

This release includes allowing users to see their unapproved content and view user referrals; compatibility with PHP >= 7.2 has been improved and jQuery has been upgraded to 3.0.0, which might affect custom JavaScript code in plugins and themes.

 

  • 5 security vulnerabilities addressed:
     
    • Medium risk: Reset Password reflected XSS
    • Medium risk: ModCP Profile Editor username reflected XSS — reported by Jovan Zivanovic of MaTRIS Research Group, SBA Research
    • Low risk: Predictable CSRF token for guest users — reported by Devilshakerz of MyBB Team
    • Low risk: ACP Stylesheet Properties XSS — reported by Cillian Collins
    • Low risk: Reset Password username enumeration via email — reported by Abdullah Md. Shaleh

 

Check Release Notes for a list of changes to language files, templates and unresolved issues.

 

Get latest MyBB Full & Upgrade Packages →

 

The MyBB Project extends thanks to reporters and researchers following responsible disclosure.

Go to mybb.com/security to report possible security concerns or to learn more about security research at MyBB.

If you would like to contribute to the Project, Get Involved.

 

Thanks,

MyBB Team

 

Continue reading...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...