MyBB 1.8.8

SecurityMaintenance

Important Notes

The upgrade script does not need to be run when upgrading to this release with the Changed Files package.

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

Follow the Upgrade Documentation for more detailed instructions.

Security vulnerabilities addressed (7)

Medium risk

Style import CSS overwrite on Windows servers

Medium risk

SQL Injection in the users data handler

Medium risk

SSRF attack in fetch_remote_file()

Medium risk

Possible short name access to ACP backups on Windows servers

Low risk

Stored XSS in the ACP

Low risk

Loose comparison false positives

Low risk

Possible XSS injection in ACP users module

Issues resolved (58)

View issues on GitHub

Changed Files ()

Changed Language Files (23)

There are changes to 23 language file(s). Changed languages files can be cross-referenced from the list above.

Changed Templates (66)

  • calendar_mini_weekrow_day_link
  • calendar_weekrow_day_events
  • editpost
  • footer
  • forumbit_subforums
  • forumdisplay
  • forumdisplay_threadlist_rating
  • global_boardclosed_reason
  • global_dst_detection
  • global_no_permission_modal
  • member_profile_banned_remaining
  • member_register_question
  • member_register_regimage
  • memberlist
  • misc_smilies_no_smilies
  • misc_smilies_popup_empty
  • misc_smilies_popup_no_smilies
  • misc_smilies_popup_row
  • misc_syndication_forumlist_forum
  • modcp_banning_remaining
  • modcp_reports
  • modcp_reports_report
  • modcp_reports_report_comment
  • modcp_reports_report_comment_extra
  • moderation_delayedmodaction_notes_forum
  • moderation_delayedmodaction_notes_merge
  • moderation_delayedmodaction_notes_new_forum
  • moderation_delayedmodaction_notes_redirect
  • moderation_delayedmodaction_notes_thread_multiple
  • moderation_delayedmodaction_notes_thread_single
  • moderation_delayedmoderation_thread
  • moderation_threadnotes_modaction_forum
  • moderation_threadnotes_modaction_post
  • moderation_threadnotes_modaction_thread
  • mycode_code
  • mycode_email
  • mycode_img
  • mycode_php
  • mycode_quote_post
  • mycode_size_int
  • mycode_url
  • newreply
  • newreply_draftinput
  • newthread
  • newthread_draftinput
  • online_refresh
  • portal_stats_nobody
  • post_captcha
  • printthread_nav
  • private_messagebit
  • private_search_messagebit
  • private_send
  • report
  • report_reason
  • report_reasons
  • search_results_posts_forumlink
  • search_results_threads_forumlink
  • showthread
  • showthread_moderationoptions_approve
  • showthread_moderationoptions_unapprove
  • showthread_ratethread
  • smilieinsert_row
  • smilieinsert_row_empty
  • stats_topforum
  • usercp_editlists
  • warnings_postlink