Each package is published with information that help confirm it was downloaded correctly and was published by the MyBB Team. Learn how to verify the integrity and authenticity of MyBB packages.
Latest Version Information
Guarantee of latest updates
Make sure to obtain the software packages from official sources. The Download page always shows the most recent available version, and the MyBB Blog contains official announcements related to the Project.
You can get notified of updates by:
- subscribing to the MyBB Blog (Releases RSS feed, Security RSS feed),
- following @[email protected] on Mastodon (all releases),
- following @mybbsecurity on Twitter (security-related releases),
- following @mybb on Twitter (all releases),
- checking for updates in your Admin Control Panel’s Home.
Links to latest Release Blog Posts are also pinned in the
#18-support channel on our Discord server.
Additionally, we recommend subscribing to used plugins and themes on the Extend section to get notified of extension updates.
Integrity of downloaded packages
Checksums are short chunks of text which can verify that files were downloaded correctly. MyBB publishes checksums generated by
MD5 hash algorithms (strongest to weakest — checking
SHA-512 is recommended).
After downloading the package, its checksum should be compared to the one that was published.
Linux — Terminal
Mac OS X — Terminal
shasum --algorithm 512 filename.zip
Windows — Command Prompt
CertUtil -hashfile filename.zip SHA512
Windows — PowerShell
Get-FileHash filename.zip -Algorithm SHA512 | Format-List
Tracing the packaging process
Distributed packages (
changed_files_*.zip) can be reproduced using:
- the build script, and
build_*.ziparchives on the Releases page on GitHub, which include input for the script (
- references to the MyBB source code repository at a specific state to pull the code from,
- security patches (
The generated packages (
output/) should be binary-identical to published packages.