MyBB 1.8.13

07 November 2017

SecurityMaintenance

code 1813

Full Package

Install a new MyBB forum or upgrade from older versions.

.zip – 2.14 MB

Download from MyBB.com Download from GitHub.com (mirror)

sha512:

35a7c9d2f98566c6f4e7a2f123b67a3da4163cb449ff400b56fe978d9b0a8df958cd8707f20341dd61e995a1a46372fc053a06a1ca305b5951df698f85f8af5f

More checksums…

sha256:

1fe127bf840585f1738774b297e847ace4bccbc8a128b3e06ac48b097a1548c5

sha1:

61993c4a6991e1cdcb6de9c77e3760f89189a116

md5:

30f78d40160011f37bb071767bfea6a5

Changed Files

Upgrade from the previous version.

.zip – 1.2 MB

Download from MyBB.com Download from GitHub.com (mirror)

sha512:

1a638b4039bbe4e874e7b57716258ffad367b3e6856c6eed0d972e6d763359c26612902f4a9fc2f24d030963100c0b9b7e793443d51e0e07f29fbf15975de10d

More checksums…

sha256:

f17f6e1820a023427bd543e989dde2b885a865c0de5e1e734beba0385296cecc

sha1:

831f8c6bee0bedac185d240a7a680212863a998d

md5:

8a53d3c67a2a0f515eb9b6c9a090e83b

How to verify packages

This update includes fixes related to compatibility with PostgreSQL, SQLite and PHP 7.2 and resolves attachment HTML output problems. Note that the theme’s CSS files may need to be updated.

Upgrading to this Version

To upgrade: copy and overwrite the files, and run the install/ upgrade script.

Before performing any upgrade, remember to backup your forum’s files and database and store them safely.

If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

Follow the Upgrade Documentation for more detailed instructions.

Security Vulnerabilities Addressed (7)

High risk

Installer RCE on configuration file write

CWE-94 CVSS:3.1/PR:N Reported by pabstersac

High risk

Language file headers RCE

CWE-94 CVSS:3.1/PR:H Reported by Julian Rittweger

Medium risk

Installer XSS

CWE-79 CVSS:3.1/PR:N Reported by pabstersac

Medium risk

Mod CP Edit Profile XSS

CWE-79 CVSS:3.1/PR:L Reported by Julian Rittweger

Low risk

Insufficient moderator permission check in delayed moderation tools

CWE-284 CVSS:3.1/PR:L Reported by Starpaul20 MyBB Team

Low risk

Announcements HTML filter bypass

CWE-79 CVSS:3.1/PR:L

Low risk

Language Pack Properties XSS

CWE-79 CVSS:3.1/PR:H Reported by Julian Rittweger

Issues Resolved (62)

View issues on GitHub

["moderation.php","member.php","newthread.php","contact.php","showthread.php","usercp.php","modcp.php",{"install":["index.php",{"resources":["language.lang.php","settings.xml","mysql_db_inserts.php","upgrade37.php","upgrade41.php","mybb_theme.xml","output.php"]}]},"search.php","forumdisplay.php","portal.php","misc.php",{"archive":["index.php","screen.css","print.css"]},{"admin":["index.php",{"jscripts":[{"codemirror":[{"lib":["codemirror.css","codemirror.js"]},{"addon":[{"fold":["foldgutter.js","foldcode.js","indent-fold.js","comment-fold.js","brace-fold.js","xml-fold.js"]},{"search":["match-highlighter.js","jump-to-line.js","search.js","matchesonscrollbar.js","searchcursor.js"]},{"dialog":["dialog.js","dialog-mybb.css","dialog.css"]}]},{"mode":[{"javascript":["javascript.js","test.js","typescript.html"]},{"css":["gss_test.js","scss.html","gss.html","less.html","scss_test.js","less_test.js","test.js","css.js"]},{"htmlmixed":["htmlmixed.js"]},{"xml":["xml.js"]}]},"LICENSE"]},{"jqueryui":[{"js":["jquery-ui.min.js"]},{"css":[{"redmond":["jquery-ui.min.css",{"images":["ui-bg_glass_95_fef1ec_1x400.png","ui-bg_inset-hard_100_fcfdfd_1x100.png","ui-icons_6da8d5_256x240.png","ui-bg_gloss-wave_55_5c9ccc_500x100.png","ui-icons_f9bd01_256x240.png","ui-bg_inset-hard_100_f5f8f9_1x100.png","ui-bg_glass_85_dfeffc_1x400.png","ui-icons_cd0a0a_256x240.png","ui-bg_glass_75_d0e5f5_1x400.png","ui-icons_d8e7f3_256x240.png","ui-icons_469bdd_256x240.png","ui-icons_2e83ff_256x240.png","ui-icons_217bc0_256x240.png"]},"jquery-ui.theme.min.css","jquery-ui.structure.min.css"]}]}]}]},{"modules":[{"style":["templates.php","themes.php"]},{"user":["groups.php","group_promotions.php","banning.php","users.php"]},{"tools":["maillogs.php","recount_rebuild.php","mailerrors.php","statistics.php","modlog.php","system_health.php","tasks.php","spamlog.php"]},{"forum":["moderation_queue.php","attachments.php","announcements.php"]},{"home":["index.php","credits.php"]},{"config":["banning.php","settings.php","plugins.php","languages.php"]}]},{"styles":[{"default":["modal.css","main.css"]}]},{"inc":["class_page.php","functions_themes.php"]}]},{"jscripts":["thread.js","jquery.js","inline_reports.js","jquery.plugins.min.js","jquery.plugins.js","general.js",{"validate":["jquery.validate.min.js","additional-methods.min.js"]},"bbcodes_sceditor.js"]},"private.php","warnings.php","announcements.php","xmlhttp.php","editpost.php","global.php","calendar.php","newreply.php",{"inc":["class_parser.php",{"mailhandlers":["smtp.php"]},"functions_search.php","db_mysqli.php",{"languages":["english.php",{"english":["datahandler_user.lang.php","usercp.lang.php","helpdocs.lang.php","online.lang.php",{"admin":["config_settings.lang.php","tools_modlog.lang.php","user_groups.lang.php","home_preferences.lang.php","forum_attachments.lang.php","global.lang.php","home_dashboard.lang.php","tools_tasks.lang.php"]},"moderation.lang.php","portal.lang.php","misc.lang.php","modcp.lang.php","global.lang.php","member.lang.php"]}]},"functions_post.php","class_session.php","db_sqlite.php","class_captcha.php","functions_forumlist.php","functions.php",{"3rdparty":[{"diff":[{"Diff":[{"Engine":["Native.php","String.php","Shell.php","Xdiff.php"]},"Exception.php",{"ThreeWay":[{"Op":["Base.php","Copy.php"]},"BlockBuilder.php"]},{"Renderer":[{"Unified":["Colored.php"]},"Unified.php","Context.php","Inline.php"]},"Mapped.php",{"Op":["Delete.php","Base.php","Change.php","Copy.php","Add.php"]},"ThreeWay.php","Renderer.php"]},"Diff.php"]}]},"db_mysql.php","class_core.php","functions_indicators.php","db_base.php","class_stopforumspamchecker.php","class_plugins.php","functions_online.php",{"datahandlers":["user.php","pm.php","post.php"]},"class_datacache.php"]}]

Changed Files ()

Removed Files ()

Changed Language Files (18)

There are changes to 18 language file(s). Changed languages files can be cross-referenced from the list above.

Changed Templates (63)

calendar
calendar_nextlink
calendar_prevlink
calendar_weekview
calendar_weekview_nextlink
calendar_weekview_prevlink
editpost
footer
forumdisplay_inlinemoderation
forumdisplay_thread
headerinclude
managegroup
member_profile_website
member_register
member_register_regimage_recaptcha_invisible
member_resetpassword
misc_whoposted_page
modcp_announcements_allowhtml
modcp_announcements_edit
modcp_announcements_new
modcp_finduser
modcp_ipsearch
modcp_ipsearch_results_information
modcp_modlogs
modcp_reports
modcp_reports_report
modcp_reports_selectall
moderation_delayedmoderation_approve
moderation_delayedmoderation_delete
moderation_delayedmoderation_openclose
moderation_delayedmoderation_softdeleterestore
moderation_delayedmoderation_stick
mycode_url
newreply
newthread
post_captcha
post_captcha_recaptcha_invisible
postbit
postbit_classic
postbit_deleted_member
postbit_editreason
postbit_status
postbit_www
printthread
private
private_advanced_search
private_search_results
search_results_inlinemodcol_empty
search_results_posts_inlinemoderation
search_results_posts_post
search_results_threads_inlinemoderation
search_results_threads_thread
showteam_moderators
showteam_moderators_forum
showthread
showthread_inlinemoderation
showthread_similarthreads_bit
usercp_attachments
usercp_latest_subscribed_threads
usercp_latest_threads_threads
usercp_subscriptions
usercp_subscriptions_thread
video_twitch_embed