MyBB 1.8.16

SecurityMaintenance

code 1816

Full Package

Install a new MyBB forum or upgrade from older versions.

.zip – 2.15 MB

Download from MyBB.com Download from GitHub.com (mirror)

sha512:

b135e6c5019718fb7bbcc041e67349126fc9ad14c367e9cd82c4fe68c7a75f358c27845885833614e3e30585bf28d8592c2a20c52b3d79f6bfebec198657782c

More checksums…

sha256:

6caabec3146510fc523e3cc31d60a9fd88354c6374ec91a0abef93f03cb48891

sha1:

015e12e2ee25f01817bc4ee3c291bb63b3aa3423

md5:

37191e6f702c0aa9346c0bf33df029c8

Changed Files

Upgrade from the previous version.

.zip – 0.86 MB

Download from MyBB.com Download from GitHub.com (mirror)

sha512:

f766d984005619eac7da1c77441c1b756f2c1993679709fb7d3e7f9739a729c99e82ab03c4e196f78d209464b482ac5f9219a200403f828880540127bc37525c

More checksums…

sha256:

8b4c9537d47456971af421554056957c38986ab3afa5640c3c08c1bc5ce2b7e4

sha1:

7ffe5c77a4ea47841069910a57f9a756d3ff2ca8

md5:

e61814ba77c9ba79fa8050e53344aea2

How to verify packages

This update includes compatibility fixes for database engines and recent PHP versions as well as performance and global security improvements. Note that the theme’s CSS files may need to be updated. If you use the login_attempt_check() function, note that its signature has changed.

Upgrading to this Version

To upgrade: copy and overwrite the files, and run the install/ upgrade script.

Before performing any upgrade, remember to backup your forum’s files and database and store them safely.

If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

Follow the Upgrade Documentation for more detailed instructions.

Security Vulnerabilities Addressed (6)

High risk

Image & URL MyCode Persistent XSS

CWE-79 CVSS:3.1/PR:N Reported by Punisher_HF

Medium risk

Multipage Reflected XSS

CWE-79 CVSS:3.1/PR:N Reported by Dimaz Arno Ethic Ninja

Low risk

ACP logs XSS

CWE-79 CVSS:3.1/PR:H Reported by Cillian Collins

Low risk

Arbitrary file deletion via ACP's Settings

CWE-22 CVSS:3.1/PR:H Reported by Devilshakerz MyBB Team

Low risk

Login CSRF

CWE-352 CVSS:3.1/PR:N Reported by Cillian Collins

Low risk

Non-video content embedding via Video MyCode

CWE-20 CVSS:3.1/PR:N Reported by Punisher_HF

Issues Resolved (66)

View issues on GitHub

Changed Files ()

Removed Files ()

Changed Language Files (20)

There are changes to 20 language file(s). Changed languages files can be cross-referenced from the list above.

Changed Templates (47)

  • contact
  • forumdisplay_threadlist
  • header_welcomeblock_guest
  • header_welcomeblock_guest_login_modal
  • header_welcomeblock_guest_login_modal_lockout
  • index_boardstats
  • index_logoutlink
  • index_showteamlink
  • member_login
  • member_profile_contact_details
  • member_register_coppa
  • memberlist_referrals_option
  • memberlist_search
  • misc_help_section
  • modcp_editprofile
  • modcp_editprofile_away
  • modcp_editprofile_signature
  • modcp_finduser
  • modcp_nav_forums_posts
  • modcp_nav_users
  • modcp_warninglogs
  • moderation_confirmation
  • moderation_delayedmoderation_merge
  • moderation_delayedmoderation_move
  • moderation_purgespammer
  • multipage
  • post_attachments_viewlink
  • private_move
  • private_quickreply
  • reputation
  • reputation_add
  • reputation_add_delete
  • showteam_moderators
  • showteam_moderators_mod
  • showthread_quickreply
  • showthread_subscription
  • showthread_threadnotes
  • usercp_addsubscription_thread
  • usercp_attachments
  • usercp_forumsubscriptions_forum
  • usercp_nav_messenger
  • usercp_nav_misc
  • usercp_nav_profile
  • usercp_profile_away
  • usercp_profile_contact_fields
  • usercp_subscriptions_remove
  • usercp_usergroups_joingroup