MyBB 1.8.15

code 1815

SecurityMaintenance

Full Package

Install a new MyBB forum or upgrade from older versions.

.zip – 2.14 MB

Download from MyBB.com Download from GitHub

md5:

eaba7fdb316f1c6e9c8d4f9fb6559a17

sha1:

a8b209e0400adfc6d51a46dbec625adb101795f5

sha256:

147db40faa53734628e2603568fa0e5d442ed428c60f539ba18c18c8abdd880e

sha512:

a23340357df22175b5068c3eabcac0771f30b1eb4e693fd8be556cf27b60932119786f7a313d6fbc8062b8a7c7390b293ef312117cd41609a7ff8938bbaafa18

Changed Files

Upgrade from the previous version.

.zip – 0.61 MB

Download from MyBB.com Download from GitHub

md5:

4de8954a9456217b30da5e8ed27284af

sha1:

3ee3e853811db05efece5bc8f3fda5b4c194473c

sha256:

e7ff1b9cc568ad1523527ca363102152543b575d5da198151b4159935505f37d

sha512:

3b233c4f5384a3e355cf6046e58dcbf23adc76792c0a6dc0bbb73774feaa9424a770312621e4af6cd60a0b78f614c62c92f0fbb1a1d0a830d53305894f467607

How to verify packages

Important Notes

Running the upgrade script is required.

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

Follow the Upgrade Documentation for more detailed instructions.

This update includes compatibility improvements for PostgreSQL and recent PHP versions as well as minor optimizations.

Security vulnerabilities addressed (10)

Medium risk

Tasks Local File Inclusion

Reported by Riley Baird

Medium risk

Forum Password Check Bypass

Reported by Riley Baird

Low risk

Admin Permissions Group Title XSS

Reported by Nathaniel Suchy

Low risk

Attachment types file extension XSS

Reported by Nathaniel Suchy

Low risk

Moderator Tools XSS

Reported by Nathaniel Suchy

Low risk

Security Questions XSS

Reported by doylecc

Low risk

Settings Management XSS

Reported by Nathaniel Suchy

Low risk

Templates Set Name XSS

Reported by Nathaniel Suchy

Low risk

Usergroup Promotions XSS

Reported by Nathaniel Suchy

Low risk

Warning Types XSS

Reported by Nathaniel Suchy

Issues resolved (24)

View issues on GitHub

Changed Files (46)

  • admin/
    • inc/
      • functions.php
      • functions_themes.php
    • modules/
      • config/
        • settings.php
        • warning.php
        • languages.php
        • attachment_types.php
      • style/
        • templates.php
      • tools/
        • tasks.php
        • modlog.php
      • user/
        • users.php
        • group_promotions.php
        • admin_permissions.php
  • inc/
    • functions_task.php
    • languages/
      • english.php
      • english/
        • reputation.lang.php
        • showthread.lang.php
        • moderation.lang.php
    • class_mailhandler.php
    • class_core.php
    • functions.php
    • class_datacache.php
    • class_custommoderation.php
    • functions_post.php
    • class_parser.php
  • install/
    • resources/
      • mysql_db_tables.php
      • mybb_theme.xml
      • pgsql_db_tables.php
      • upgrade42.php
      • sqlite_db_tables.php
    • index.php
    • upgrade.php
  • jscripts/
    • general.js
  • calendar.php
  • forumdisplay.php
  • member.php
  • memberlist.php
  • modcp.php
  • moderation.php
  • online.php
  • polls.php
  • ratethread.php
  • search.php
  • showthread.php
  • usercp.php
  • usercp2.php
  • warnings.php

Changed Language Files (3)

There are changes to 3 language file(s). Changed languages files can be cross-referenced from the list above.

Changed Templates (5)

  • headerinclude
  • moderation_getip_modal
  • moderation_getpmip_modal
  • postbit_iplogged_hiden
  • showthread_poll_results