MyBB 1.8.21

code 1821

SecurityMaintenance

Full Package

Install a new MyBB forum or upgrade from older versions.

.zip – 2.12 MB

Download from MyBB.com Download from GitHub

sha512:

344ff6d47b91e01db33e5e320dd621441b482c3299e0ed69017be161819a0edd7ec4e0b66a234795c4d29b9ac43c7fb24a50402b1e80e918f4726c39359eca15

sha256:

e5e79c51dde3b1db28812b86f4a149d67d43966b182398bae3ba0b4891e82a04

sha1:

3fd250b4dbd8019e17a5636094d30f44aba380e9

md5:

b627adfc48c3415490e8ef2824c7aa23

Changed Files

Upgrade from the previous version.

.zip – 0.94 MB

Download from MyBB.com Download from GitHub

sha512:

63205ecfff980de45423926084b8138d74b20352077bfe89bdec34763b5af74abc8f37a386c4c88b9b97cf245ac2b1a6dbd85aa3b3f6b0493f59fb6361df1e52

sha256:

d190c197e181983f8eccef77a547616f515d4500d7f92b8cc590ffa916f2e9bb

sha1:

80ec305eb1a137f3e881d23df7f0d83e4b511a65

md5:

8583a293d5bdeb66efd13b23b488bd61

How to verify packages

Important Notes

Running the upgrade script is required.

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

Follow the Upgrade Documentation for more detailed instructions.

This version includes updated jQuery and SCeditor, JSON Syndication format, improved PostgreSQL support, improved PHP >= 7.1 compatibility, improved search function reliability. See information on SCEditor-related theme updates. Note: The Full Package was modified post-release to restore 2 incorrectly deleted empty files.

Security vulnerabilities addressed (6)

High risk

Theme import stylesheet name RCE

Reported by Simon Scannell and Robin Peraglie RIPS Technologies

High risk

Nested video MyCode persistent XSS

Reported by Simon Scannell and Robin Peraglie RIPS Technologies

Medium risk

Find Orphaned Attachments reflected XSS

Reported by Simon Scannell RIPS Technologies

Medium risk

Post edit reflected XSS

Reported by adm1nkyj ENKI

Medium risk

Private Messaging folders SQL injection

Reported by Alex DiscoveryGC

Low risk

Potential phar deserialization through Upload Path

Reported by Simon Scannell RIPS Technologies

Issues resolved (39)

View issues on GitHub

Changed Files ()

Removed Files ()

Changed Language Files (21)

There are changes to 21 language file(s). Changed languages files can be cross-referenced from the list above.

Changed Templates (30)

  • codebuttons
  • forumdisplay
  • forumdisplay_inlinemoderation
  • forumdisplay_threadlist_rating
  • forumjump_advanced
  • global_dst_detection
  • header_welcomeblock_member
  • header_welcomeblock_member_buddy
  • member_lostpw
  • member_register
  • member_register_question
  • member_register_regimage
  • memberlist
  • memberlist_search
  • misc_syndication
  • modcp_reports
  • multipage_jump_page
  • polls_editpoll
  • polls_newpoll
  • post_captcha
  • post_captcha_recaptcha_invisible
  • post_javascript
  • private_send
  • report
  • search_results_posts_inlinemoderation
  • search_results_threads_inlinemoderation
  • showthread
  • showthread_inlinemoderation
  • showthread_ratethread
  • usercp_editlists