MyBB 1.8.7

SecurityMaintenance

Important Notes

The upgrade script does not need to be run when upgrading to this release with the Changed Files package.

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

Follow the Upgrade Documentation for more detailed instructions.

Security vulnerabilities addressed (13)

Medium risk

Possible SQL Injection in moderation tool

Low risk

Missing permission check in newreply.php

Low risk

Possible XSS Injection on login

Low risk

Possible XSS Injection in member validation

Low risk

Possible XSS Injection in User CP

Low risk

Possible XSS Injection in Mod CP logs

Low risk

Possible XSS Injection when editing users in Mod CP

Low risk

Possible XSS Injection when pruning logs in ACP

Low risk

Possibility of retrieving database details through templates

Low risk

Disclosure of ACP path when sending mails from ACP

Low risk

Low adminsid & sid entropy

Low risk

Clickjacking in ACP

Low risk

Missing directory listing protection in upload directories

Issues resolved (83)

View issues on GitHub

Changed Files ()

Changed Language Files (15)

There are changes to 15 language file(s). Changed languages files can be cross-referenced from the list above.

Changed Templates (40)

  • forumdisplay
  • forumdisplay_inlinemoderation
  • forumdisplay_nopermission
  • headerinclude
  • managegroup
  • managegroup_adduser
  • managegroup_inviteuser
  • member_profile
  • member_profile_findposts
  • member_profile_findthreads
  • member_register
  • member_register_referrer
  • memberlist
  • memberlist_search
  • misc_imcenter_skype
  • misc_whoposted_poster
  • modcp_banuser
  • modcp_finduser
  • modcp_warninglogs
  • polls_editpoll
  • post_attachments_attachment
  • post_attachments_new
  • private_advanced_search
  • private_send_autocomplete
  • report
  • report_error_nomodal
  • search
  • search_results_posts_inlinemoderation
  • search_results_posts_post
  • search_results_threads_inlinemoderation
  • showthread_inlinemoderation
  • usercp_currentavatar
  • usercp_editlists
  • usercp_editlists_user
  • usercp_subscriptions
  • video_dailymotion_embed
  • video_metacafe_embed
  • video_myspacetv_embed
  • video_vimeo_embed
  • video_yahoo_embed