MyBB 1.8.5

SecurityMaintenance

Important Notes

The upgrade script does not need to be run when upgrading to this release with the Changed Files package.

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

Follow the Upgrade Documentation for more detailed instructions.

Security vulnerabilities addressed (6)

Medium risk

Reset password code check could be circumvented in member.php

Medium risk

Sender email could be spoofed when sending an email to a user in member.php

Medium risk

Permissions not checked for post search with old sid in search.php

Medium risk

XSS in quick edit function of xmlhttp.php

Low risk

CSRF in ACP mass mail cancellation

Low risk

Use of the U+200E Unicode character to create "duplicate" username

Issues resolved (58)

View issues on GitHub

Changed Files ()

Changed Language Files (12)

There are changes to 12 language file(s). Changed languages files can be cross-referenced from the list above.

Changed Templates (8)

  • codebuttons
  • modcp
  • postbit_attachments_images_image
  • postbit_attachments_thumbnails_thumbnail
  • private_advanced_search
  • private_send_tracking
  • reputation
  • usercp_profile_contact_fields