Jump to content
Forum²
Invision Community Beta Site

MyBB 1.8.22 Released — Security & Maintenance Release

Guest MyBB Team

By Guest MyBB Team
in Forum Software Discussions

 Share

Recommended Posts

Guest MyBB Team

Guest MyBB Team

Posted
Posted

MyBB 1.8.22 is now available, and is a security & maintenance release.

 

Note: this version removes the discontinued Yahoo profile field, which may have been customized for other purposes.

 

  • 5 security vulnerabilities addressed:
     
    • High risk: Installer RCE on settings file write — reported by yelang123 of Stealien
    • Medium risk: Arbitrary upload paths & Local File Inclusion RCE — reported by CNCERT
    • Medium risk: XSS via insufficient HTML sanitization of Blog feed & Extend data — reported by Devilshakerz of MyBB Team
    • Low risk: Open redirect on login — reported by Jyoti Raval of Qualys
    • Low risk: SCEditor reflected XSS — reported by Cillian Collins, bl4ckh4ck5

 

Check Release Notes for a list of changes to language files, templates and unresolved issues.

 

Get latest MyBB Full & Upgrade Packages →

 

The MyBB Project extends thanks to reporters and researchers following responsible disclosure.

Go to mybb.com/security to report possible security concerns or to learn more about security research at MyBB.

If you would like to contribute to the Project, Get Involved.

 

Thanks,

MyBB Team

 

Continue reading...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...