MyBB 1.8.4

FeatureSecurityMaintenance

code 1804

Full Package

Install a new MyBB forum or upgrade from older versions.

.zip – 2.1 MB

Download from MyBB.com

md5:

b5ea47e85e1506b1a8e5bcc2c3e72e7d

Changed Files

Upgrade from the previous version.

.zip – 1.3 MB

Download from MyBB.com

md5:

e5b21c35998b4e631a73cd182a4dbea8

How to verify packages

Upgrading to this Version

Before performing any upgrade, remember to backup your forum’s files and database and store them safely.

If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

Follow the Upgrade Documentation for more detailed instructions.

Security Vulnerabilities Addressed (7)

Medium risk

A XSS vulnerability in member.php

CWE-79 CVSS:3.1/PR:N Reported by ATofighi MyBB Team

Medium risk

A XSS vulnerability in MyCode editor

CWE-79 CVSS:3.1/PR:N Reported by Matthias Ungethüm

Low risk

Multiple XSS vulnerability requiring admin permissions

CWE-79 CVSS:3.1/PR:H Reported by adamziaja, Devilshakerz, DingjieYang, sroesemann

Low risk

A CSRF vulnerability within ACP login

CWE-352 CVSS:3.1/PR:N Reported by Devilshakerz

Low risk

Group join request notifications sent to wrong group leaders

CWE-200 CVSS:3.1/PR:L Reported by Snake_

Low risk

Cache handler using var_export without encoding checks

CWE-172 CVSS:3.1/PR:N Reported by chtg

No risk

A full path disclosure vulnerability within JSON library

CWE-200 CVSS:3.1/PR:N Reported by Nathan Malcolm

Issues Resolved (118)

View issues on GitHub

Changed Files ()

Changed Language Files (18)

There are changes to 18 language file(s). Changed languages files can be cross-referenced from the list above.

Changed Templates (53)

  • announcement
  • codebuttons
  • forumbit_depth2_cat
  • forumbit_depth2_forum
  • forumdisplay
  • forumdisplay_inlinemoderation
  • forumdisplay_threadlist_rating
  • forumjump_advanced
  • forumjump_special
  • global_board_offline_modal
  • header_quicksearch
  • header_welcomeblock_guest
  • header_welcomeblock_member
  • headerinclude
  • managegroup_adduser
  • managegroup_inviteuser
  • member_profile
  • member_profile_contact_details
  • member_profile_contact_fields_aim
  • member_profile_contact_fields_skype
  • member_profile_contact_fields_yahoo
  • member_register
  • member_register_question
  • member_register_referrer
  • member_register_regimage
  • member_register_regimage_nocaptcha
  • memberlist
  • memberlist_search
  • misc_imcenter_nav
  • misc_smilies_smilie
  • modcp_banuser
  • modcp_finduser
  • modcp_ipsearch_results_information
  • modcp_warninglogs
  • moderation_getip_modoptions
  • post_captcha
  • post_captcha_nocaptcha
  • postbit_gotopost
  • private_send
  • private_send_autocomplete
  • reputation
  • search
  • search_results_posts_inlinemoderation
  • search_results_threads_inlinemoderation
  • showthread
  • showthread_inlinemoderation
  • showthread_moderationoptions_restore
  • showthread_moderationoptions_softdelete
  • showthread_ratethread
  • smilieinsert_getmore
  • usercp_attachments
  • usercp_drafts
  • usercp_editlists