MyBB 1.8.21

10 June 2019

SecurityMaintenance

code 1821

Full Package

Install a new MyBB forum or upgrade from older versions.

.zip – 2.12 MB

Download from MyBB.com Download from GitHub.com (mirror)

sha512:

344ff6d47b91e01db33e5e320dd621441b482c3299e0ed69017be161819a0edd7ec4e0b66a234795c4d29b9ac43c7fb24a50402b1e80e918f4726c39359eca15

More checksums…

sha256:

e5e79c51dde3b1db28812b86f4a149d67d43966b182398bae3ba0b4891e82a04

sha1:

3fd250b4dbd8019e17a5636094d30f44aba380e9

md5:

b627adfc48c3415490e8ef2824c7aa23

Changed Files

Upgrade from the previous version.

.zip – 0.94 MB

Download from MyBB.com Download from GitHub.com (mirror)

sha512:

63205ecfff980de45423926084b8138d74b20352077bfe89bdec34763b5af74abc8f37a386c4c88b9b97cf245ac2b1a6dbd85aa3b3f6b0493f59fb6361df1e52

More checksums…

sha256:

d190c197e181983f8eccef77a547616f515d4500d7f92b8cc590ffa916f2e9bb

sha1:

80ec305eb1a137f3e881d23df7f0d83e4b511a65

md5:

8583a293d5bdeb66efd13b23b488bd61

How to verify packages

This version includes updated jQuery and SCeditor, JSON Syndication format, improved PostgreSQL support, improved PHP >= 7.1 compatibility, improved search function reliability. See information on SCEditor-related theme updates. Note: The Full Package was modified post-release to restore 2 incorrectly deleted empty files.

Upgrading to this Version

To upgrade: copy and overwrite the files, and run the install/ upgrade script.

Before performing any upgrade, remember to backup your forum’s files and database and store them safely.

If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

Follow the Upgrade Documentation for more detailed instructions.

Security Vulnerabilities Addressed (6)

High risk

Theme import stylesheet name RCE [1]

CWE-94 CVSS:3.1/PR:H Reported by Simon Scannell and Robin Peraglie RIPS Technologies

High risk

Nested video MyCode persistent XSS [1]

CWE-79 CVSS:3.1/PR:N Reported by Simon Scannell and Robin Peraglie RIPS Technologies

Medium risk

Find Orphaned Attachments reflected XSS

CWE-79 CVSS:3.1/PR:H Reported by Simon Scannell RIPS Technologies

Medium risk

Post edit reflected XSS

CWE-79 CVSS:3.1/PR:L Reported by adm1nkyj ENKI

Medium risk

Private Messaging folders SQL injection

CWE-89 CVSS:3.1/PR:L Reported by Alex DiscoveryGC

Low risk

Potential phar deserialization through Upload Path

CWE-502 CVSS:3.1/PR:H Reported by Simon Scannell RIPS Technologies

Issues Resolved (39)

View issues on GitHub

[{"admin":[{"inc":["class_page.php","functions_themes.php"]},{"jscripts":["admincp.js","peeker.js","search.js","theme_properties.js"]},{"modules":[{"config":["plugins.php","profile_fields.php","questions.php","report_reasons.php","settings.php"]},{"forum":["attachments.php","management.php"]},{"style":["templates.php","themes.php"]},{"tools":["recount_rebuild.php"]},{"user":["awaiting_activation.php","banning.php","mass_mail.php","users.php"]}]}]},{"inc":[{"datahandlers":["post.php"]},"functions_calendar.php",{"languages":[{"english":[{"admin":["config_attachment_types.lang.php","config_mod_tools.lang.php","config_questions.lang.php","forum_attachments.lang.php","forum_management.lang.php","global.lang.php","config_settings.lang.php","style_themes.lang.php","tools_file_verification.lang.php","tools_recount_rebuild.lang.php","tools_system_health.lang.php","user_groups.lang.php","user_mass_mail.lang.php","user_users.lang.php"]},"messages.lang.php","showthread.lang.php","global.lang.php","misc.lang.php","stats.lang.php","usercp.lang.php","warnings.lang.php"]},"english.php"]},"functions_upload.php","class_core.php","class_stopforumspamchecker.php","db_base.php","db_mysql.php","functions_search.php","class_datacache.php","db_mysqli.php","class_feedgeneration.php","class_parser.php","db_pgsql.php","db_sqlite.php","functions_post.php"]},{"install":[{"resources":["mybb_theme.xml","output.php","upgrade12.php","upgrade13.php","upgrade17.php","upgrade30.php","upgrade35.php","upgrade48.php"]}]},{"jscripts":["question.js",{"sceditor":[{"formats":["bbcode.js","index.html","xhtml.js"]},{"icons":["index.html","material.js","monocons.js"]},{"plugins":["format.js","undo.js","index.html"]},{"styles":["index.html","jquery.sceditor.default.css","jquery.sceditor.modern.css","jquery.sceditor.office-toolbar.css","jquery.sceditor.office.css","jquery.sceditor.square.css","jquery.sceditor.mybb.css"]},"jquery.sceditor.bbcode.min.js","jquery.sceditor.min.js","jquery.sceditor.xhtml.min.js",{"themes":[{"content":["default.min.css"]},"default.css","defaultdark.css","famfamfam.png","index.html","modern.css","mybb.css","office-toolbar.css","office.css","php.png","square.css","video.png"]},"sceditor.min.js"]},"rating.js","bbcodes_sceditor.js","post.js","captcha.js","inline_edit.js","inline_moderation.js","inline_reports.js","jquery.js","jquery.plugins.js","jquery.plugins.min.js","general.js","thread.js","usercp.js",{"validate":["additional-methods.min.js","jquery.validate.min.js"]}]},"editpost.php","global.php","index.php","member.php","misc.php","modcp.php","newreply.php","newthread.php","private.php","syndication.php","usercp.php","xmlhttp.php"]

Changed Files ()

Removed Files ()

Changed Language Files (21)

There are changes to 21 language file(s). Changed languages files can be cross-referenced from the list above.

Changed Templates (30)

codebuttons
forumdisplay
forumdisplay_inlinemoderation
forumdisplay_threadlist_rating
forumjump_advanced
global_dst_detection
header_welcomeblock_member
header_welcomeblock_member_buddy
member_lostpw
member_register
member_register_question
member_register_regimage
memberlist
memberlist_search
misc_syndication
modcp_reports
multipage_jump_page
polls_editpoll
polls_newpoll
post_captcha
post_captcha_recaptcha_invisible
post_javascript
private_send
report
search_results_posts_inlinemoderation
search_results_threads_inlinemoderation
showthread
showthread_inlinemoderation
showthread_ratethread
usercp_editlists