Verifying Releases

Each package is published with information that help confirm it was downloaded correctly and was published by the MyBB Team. Learn how to verify the integrity and authenticity of MyBB packages.

Latest Version Information

Guarantee of latest updates

Make sure to obtain the software packages from official sources. The Download page always shows the most recent available version, and the MyBB Blog contains official announcements related to the Project.

You can get notified of updates by:

Links to latest Release Blog Posts are also pinned in the #18-support channel on our Discord server.

Additionally, we recommend subscribing to used plugins and themes on the Extend section to get notified of extension updates.


Integrity of downloaded packages

Checksums are short chunks of text which can verify that files were downloaded correctly. MyBB publishes checksums generated by SHA-512, SHA-256, SHA-1 and MD5 hash algorithms (strongest to weakest — checking SHA-512 is recommended).

After downloading the package, its checksum should be compared to the one that was published.

  • Linux — Terminal

  • Mac OS X — Terminal

    shasum --algorithm 512
  • Windows — Command Prompt

    CertUtil -hashfile SHA512
  • Windows — PowerShell

    Get-FileHash -Algorithm SHA512 | Format-List


Tracing the packaging process

Distributed packages (mybb_*.zip, changed_files_*.zip) can be reproduced using:

The generated packages (output/) should be binary-identical to published packages.

If you encounter discrepancies or notice suspicious content in any of the packages, contact the MyBB Security Team.