MyBB 1.8.15

SecurityMaintenance

code 1815

Full Package

Install a new MyBB forum or upgrade from older versions.

.zip – 2.14 MB

Download from MyBB.com Download from GitHub.com (mirror)

sha512:

a23340357df22175b5068c3eabcac0771f30b1eb4e693fd8be556cf27b60932119786f7a313d6fbc8062b8a7c7390b293ef312117cd41609a7ff8938bbaafa18

More checksums…

sha256:

147db40faa53734628e2603568fa0e5d442ed428c60f539ba18c18c8abdd880e

sha1:

a8b209e0400adfc6d51a46dbec625adb101795f5

md5:

eaba7fdb316f1c6e9c8d4f9fb6559a17

Changed Files

Upgrade from the previous version.

.zip – 0.61 MB

Download from MyBB.com Download from GitHub.com (mirror)

sha512:

3b233c4f5384a3e355cf6046e58dcbf23adc76792c0a6dc0bbb73774feaa9424a770312621e4af6cd60a0b78f614c62c92f0fbb1a1d0a830d53305894f467607

More checksums…

sha256:

e7ff1b9cc568ad1523527ca363102152543b575d5da198151b4159935505f37d

sha1:

3ee3e853811db05efece5bc8f3fda5b4c194473c

md5:

4de8954a9456217b30da5e8ed27284af

How to verify packages

This update includes compatibility improvements for PostgreSQL and recent PHP versions as well as minor optimizations.

Upgrading to this Version

To upgrade: copy and overwrite the files, and run the install/ upgrade script.

Before performing any upgrade, remember to backup your forum’s files and database and store them safely.

If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

Follow the Upgrade Documentation for more detailed instructions.

Security Vulnerabilities Addressed (10)

Medium risk

Tasks Local File Inclusion

CWE-98 CVSS:3.1/PR:H Reported by Riley Baird

Medium risk

Forum Password Check Bypass

CWE-284 CVSS:3.1/PR:N Reported by Riley Baird

Low risk

Admin Permissions Group Title XSS

CWE-79 CVSS:3.1/PR:H Reported by Nathaniel Suchy

Low risk

Attachment types file extension XSS

CWE-79 CVSS:3.1/PR:H Reported by Nathaniel Suchy

Low risk

Moderator Tools XSS

CWE-79 CVSS:3.1/PR:L Reported by Nathaniel Suchy

Low risk

Security Questions XSS

CWE-79 CVSS:3.1/PR:H Reported by doylecc

Low risk

Settings Management XSS

CWE-79 CVSS:3.1/PR:H Reported by Nathaniel Suchy

Low risk

Templates Set Name XSS

CWE-79 CVSS:3.1/PR:H Reported by Nathaniel Suchy

Low risk

Usergroup Promotions XSS

CWE-79 CVSS:3.1/PR:H Reported by Nathaniel Suchy

Low risk

Warning Types XSS

CWE-79 CVSS:3.1/PR:H Reported by Nathaniel Suchy

Issues Resolved (24)

View issues on GitHub

Changed Files ()

Changed Language Files (3)

There are changes to 3 language file(s). Changed languages files can be cross-referenced from the list above.

Changed Templates (5)

  • headerinclude
  • moderation_getip_modal
  • moderation_getpmip_modal
  • postbit_iplogged_hiden
  • showthread_poll_results