MyBB 1.8.16

code 1816

SecurityMaintenance

Full Package

Install a new MyBB forum or upgrade from older versions.

.zip – 2.15 MB

Download from MyBB.com Download from GitHub

md5:

37191e6f702c0aa9346c0bf33df029c8

sha1:

015e12e2ee25f01817bc4ee3c291bb63b3aa3423

sha256:

6caabec3146510fc523e3cc31d60a9fd88354c6374ec91a0abef93f03cb48891

sha512:

b135e6c5019718fb7bbcc041e67349126fc9ad14c367e9cd82c4fe68c7a75f358c27845885833614e3e30585bf28d8592c2a20c52b3d79f6bfebec198657782c

Changed Files

Upgrade from the previous version.

.zip – 0.86 MB

Download from MyBB.com Download from GitHub

md5:

e61814ba77c9ba79fa8050e53344aea2

sha1:

7ffe5c77a4ea47841069910a57f9a756d3ff2ca8

sha256:

8b4c9537d47456971af421554056957c38986ab3afa5640c3c08c1bc5ce2b7e4

sha512:

f766d984005619eac7da1c77441c1b756f2c1993679709fb7d3e7f9739a729c99e82ab03c4e196f78d209464b482ac5f9219a200403f828880540127bc37525c

How to verify packages

Important Notes

Running the upgrade script is required.

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

Follow the Upgrade Documentation for more detailed instructions.

This update includes compatibility fixes for database engines and recent PHP versions as well as performance and global security improvements. Note that the theme’s CSS files may need to be updated. If you use the login_attempt_check() function, note that its signature has changed.

Security vulnerabilities addressed (6)

High risk

Image & URL MyCode Persistent XSS

Reported by Punisher_HF

Medium risk

Multipage Reflected XSS

Reported by Dimaz Arno Ethic Ninja

Low risk

ACP logs XSS

Reported by Cillian Collins

Low risk

Arbitrary file deletion via ACP's Settings

Reported by Devilshakerz MyBB Team

Low risk

Login CSRF

Reported by Cillian Collins

Low risk

Non-video content embedding via Video MyCode

Reported by Punisher_HF

Issues resolved (66)

View issues on GitHub

Changed Files (97)

  • admin/
    • inc/
      • functions_themes.php
    • modules/
      • config/
        • badwords.php
        • smilies.php
        • banning.php
        • profile_fields.php
        • post_icons.php
        • settings.php
        • mycode.php
        • attachment_types.php
        • thread_prefixes.php
      • forum/
        • attachments.php
      • home/
        • module_meta.php
      • style/
        • themes.php
        • templates.php
      • tools/
        • adminlog.php
        • modlog.php
        • tasks.php
      • user/
        • banning.php
        • titles.php
        • users.php
        • groups.php
        • admin_permissions.php
    • index.php
  • inc/
    • datahandlers/
      • user.php
      • login.php
      • post.php
      • pm.php
    • class_datacache.php
    • languages/
      • english/
        • admin/
          • user_users.lang.php
          • global.lang.php
          • config_badwords.lang.php
          • style_themes.lang.php
          • user_groups.lang.php
        • memberlist.lang.php
        • usercp.lang.php
        • forumdisplay.lang.php
        • showteam.lang.php
        • datahandler_pm.lang.php
        • search.lang.php
        • messages.lang.php
        • datahandler_user.lang.php
        • index.lang.php
        • member.lang.php
        • global.lang.php
        • reputation.lang.php
        • report.lang.php
        • modcp.lang.php
        • misc.lang.php
      • english.php
    • init.php
    • functions_user.php
    • functions_online.php
    • class_stopforumspamchecker.php
    • functions_serverstats.php
    • class_core.php
    • functions_upload.php
    • functions.php
    • class_language.php
    • functions_forumlist.php
    • functions_post.php
    • class_captcha.php
    • functions_search.php
    • class_parser.php
    • class_session.php
  • install/
    • resources/
      • mybb_theme.xml
      • pgsql_db_tables.php
      • upgrade43.php
      • mysql_db_tables.php
      • settings.xml
      • sqlite_db_tables.php
    • upgrade.php
    • index.php
  • jscripts/
    • thread.js
    • bbcodes_sceditor.js
  • calendar.php
  • contact.php
  • editpost.php
  • forumdisplay.php
  • global.php
  • index.php
  • member.php
  • memberlist.php
  • misc.php
  • modcp.php
  • moderation.php
  • newreply.php
  • newthread.php
  • polls.php
  • portal.php
  • private.php
  • report.php
  • reputation.php
  • search.php
  • sendthread.php
  • showteam.php
  • showthread.php
  • usercp.php

Removed Files (3)

  • admin/
    • modules/
      • home/
        • credits.php
  • inc/
    • languages/
      • english/
        • admin/
          • home_credits.lang.php
  • usercp2.php

Changed Language Files (20)

There are changes to 20 language file(s). Changed languages files can be cross-referenced from the list above.

Changed Templates (47)

  • contact
  • forumdisplay_threadlist
  • header_welcomeblock_guest
  • header_welcomeblock_guest_login_modal
  • header_welcomeblock_guest_login_modal_lockout
  • index_boardstats
  • index_logoutlink
  • index_showteamlink
  • member_login
  • member_profile_contact_details
  • member_register_coppa
  • memberlist_referrals_option
  • memberlist_search
  • misc_help_section
  • modcp_editprofile
  • modcp_editprofile_away
  • modcp_editprofile_signature
  • modcp_finduser
  • modcp_nav_forums_posts
  • modcp_nav_users
  • modcp_warninglogs
  • moderation_confirmation
  • moderation_delayedmoderation_merge
  • moderation_delayedmoderation_move
  • moderation_purgespammer
  • multipage
  • post_attachments_viewlink
  • private_move
  • private_quickreply
  • reputation
  • reputation_add
  • reputation_add_delete
  • showteam_moderators
  • showteam_moderators_mod
  • showthread_quickreply
  • showthread_subscription
  • showthread_threadnotes
  • usercp_addsubscription_thread
  • usercp_attachments
  • usercp_forumsubscriptions_forum
  • usercp_nav_messenger
  • usercp_nav_misc
  • usercp_nav_profile
  • usercp_profile_away
  • usercp_profile_contact_fields
  • usercp_subscriptions_remove
  • usercp_usergroups_joingroup