MyBB 1.8.20

SecurityMaintenance

code 1820

Full Package

Install a new MyBB forum or upgrade from older versions.

.zip – 2.15 MB

Download from MyBB.com Download from GitHub.com (mirror)

sha512:

68d5bcd26cf808bf90414e569cfee91e6ad158ee73cdb8ce7dc3a87a0b883b946674831b4fbbd9c6c81b25c20f802e8f6e303f128aeb5607f40c39b294a8d5e2

More checksums…

sha256:

ee96b3eac55ebbbdf86c2057d513c7b015a6d558c7fdf4f297084c3e2f73b212

sha1:

e3c73a4cf99dbb237c9aa8bce458fe2296acbdee

md5:

3d1a8c22874af72a1025709f5447f783

Changed Files

Upgrade from the previous version.

.zip – 0.85 MB

Download from MyBB.com Download from GitHub.com (mirror)

sha512:

b2446331cc8b62fea579acb7e225344d23347d0e5fa9f3a49df8715aa31a14a29b38b1757f5f11d42983bd07fb59be4ac9b7ae09e6151b9a8f0a445bbb4566ec

More checksums…

sha256:

31b21c008d63f655f80572fffd8d7c1c465c346580cf920a1535443893766cb7

sha1:

80c0af41e9148bc84ef7558d6f20d9c859279c9a

md5:

d9377988fdef5e19d105afe7db141543

How to verify packages

This release includes allowing users to see their unapproved content and view user referrals; compatibility with PHP >= 7.2 has been improved and jQuery has been upgraded to 3.0.0, which might affect custom JavaScript code in plugins and themes.

Upgrading to this Version

To upgrade: copy and overwrite the files, and run the install/ upgrade script.

Before performing any upgrade, remember to backup your forum’s files and database and store them safely.

If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

Follow the Upgrade Documentation for more detailed instructions.

Security Vulnerabilities Addressed (5)

Medium risk

Reset Password reflected XSS

CWE-79 CVSS:3.1/PR:N

Medium risk

ModCP Profile Editor username reflected XSS

CWE-79 CVSS:3.1/PR:L Reported by Jovan Zivanovic MaTRIS Research Group, SBA Research

Low risk

Predictable CSRF token for guest users

CWE-352 CVSS:3.1/PR:N Reported by Devilshakerz MyBB Team

Low risk

ACP Stylesheet Properties XSS

CWE-79 CVSS:3.1/PR:H Reported by Cillian Collins

Low risk

Reset Password username enumeration via email

CWE-200 CVSS:3.1/PR:N Reported by Abdullah Md. Shaleh

Issues Resolved (42)

View issues on GitHub

Changed Files ()

Changed Language Files (9)

There are changes to 9 language file(s). Changed languages files can be cross-referenced from the list above.

Changed Templates (47)

  • announcement
  • codebuttons
  • editpost
  • footer
  • footer_showteamlink
  • forumdisplay
  • forumdisplay_threadlist
  • forumdisplay_threadlist_subscription
  • global_modqueue
  • global_modqueue_notice
  • global_unreadreports
  • header
  • headerinclude
  • index_boardstats
  • member_no_referrals
  • member_profile
  • member_profile_modoptions_manageban
  • member_profile_modoptions_manageuser
  • member_profile_referrals
  • member_referral_row
  • member_referrals
  • member_referrals_link
  • member_referrals_popup
  • member_resendactivation
  • member_resetpassword
  • memberlist
  • memberlist_search
  • modal
  • modal_button
  • modcp_announcements_edit
  • modcp_announcements_new
  • modcp_modqueue_posts
  • modcp_modqueue_threads
  • newreply
  • newthread
  • post_attachments_attachment
  • post_javascript
  • private
  • private_orderarrow
  • private_read
  • private_send
  • reputation
  • search
  • showthread
  • usercp_editlists
  • usercp_forumsubscriptions_forum
  • warnings_warn_pm