MyBB 1.8.4

FeatureSecurityMaintenance

Important Notes

The upgrade script does not need to be run when upgrading to this release with the Changed Files package.

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

Follow the Upgrade Documentation for more detailed instructions.

Security vulnerabilities addressed (7)

Medium risk

A XSS vulnerability in member.php

Medium risk

A XSS vulnerability in MyCode editor

Low risk

Multiple XSS vulnerability requiring admin permissions

Low risk

A CSRF vulnerability within ACP login

Low risk

Group join request notifications sent to wrong group leaders

Low risk

Cache handler using var_export without encoding checks

No risk

A full path disclosure vulnerability within JSON library

Issues resolved (118)

View issues on GitHub

Changed Files ()

Changed Language Files (18)

There are changes to 18 language file(s). Changed languages files can be cross-referenced from the list above.

Changed Templates (53)

  • announcement
  • codebuttons
  • forumbit_depth2_cat
  • forumbit_depth2_forum
  • forumdisplay
  • forumdisplay_inlinemoderation
  • forumdisplay_threadlist_rating
  • forumjump_advanced
  • forumjump_special
  • global_board_offline_modal
  • header_quicksearch
  • header_welcomeblock_guest
  • header_welcomeblock_member
  • headerinclude
  • managegroup_adduser
  • managegroup_inviteuser
  • member_profile
  • member_profile_contact_details
  • member_profile_contact_fields_aim
  • member_profile_contact_fields_skype
  • member_profile_contact_fields_yahoo
  • member_register
  • member_register_question
  • member_register_referrer
  • member_register_regimage
  • member_register_regimage_nocaptcha
  • memberlist
  • memberlist_search
  • misc_imcenter_nav
  • misc_smilies_smilie
  • modcp_banuser
  • modcp_finduser
  • modcp_ipsearch_results_information
  • modcp_warninglogs
  • moderation_getip_modoptions
  • post_captcha
  • post_captcha_nocaptcha
  • postbit_gotopost
  • private_send
  • private_send_autocomplete
  • reputation
  • search
  • search_results_posts_inlinemoderation
  • search_results_threads_inlinemoderation
  • showthread
  • showthread_inlinemoderation
  • showthread_moderationoptions_restore
  • showthread_moderationoptions_softdelete
  • showthread_ratethread
  • smilieinsert_getmore
  • usercp_attachments
  • usercp_drafts
  • usercp_editlists