MyBB 1.8.20

27 February 2019

code 1820

SecurityMaintenance

Full Package

Install a new MyBB forum or upgrade from older versions.

.zip – 2.15 MB

Download from MyBB.com Download from GitHub

sha512:

68d5bcd26cf808bf90414e569cfee91e6ad158ee73cdb8ce7dc3a87a0b883b946674831b4fbbd9c6c81b25c20f802e8f6e303f128aeb5607f40c39b294a8d5e2

sha256:

ee96b3eac55ebbbdf86c2057d513c7b015a6d558c7fdf4f297084c3e2f73b212

sha1:

e3c73a4cf99dbb237c9aa8bce458fe2296acbdee

md5:

3d1a8c22874af72a1025709f5447f783

Changed Files

Upgrade from the previous version.

.zip – 0.85 MB

Download from MyBB.com Download from GitHub

sha512:

b2446331cc8b62fea579acb7e225344d23347d0e5fa9f3a49df8715aa31a14a29b38b1757f5f11d42983bd07fb59be4ac9b7ae09e6151b9a8f0a445bbb4566ec

sha256:

31b21c008d63f655f80572fffd8d7c1c465c346580cf920a1535443893766cb7

sha1:

80c0af41e9148bc84ef7558d6f20d9c859279c9a

md5:

d9377988fdef5e19d105afe7db141543

How to verify packages

Important Notes

Running the upgrade script is required.

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

Follow the Upgrade Documentation for more detailed instructions.

This release includes allowing users to see their unapproved content and view user referrals; compatibility with PHP >= 7.2 has been improved and jQuery has been upgraded to 3.0.0, which might affect custom JavaScript code in plugins and themes.

Security Vulnerabilities Addressed (5)

CWE-79 CVSS:3.1/PR:N Medium risk

Reset Password reflected XSS

CWE-79 CVSS:3.1/PR:L Medium risk

ModCP Profile Editor username reflected XSS

Reported by Jovan Zivanovic MaTRIS Research Group, SBA Research

CWE-352 CVSS:3.1/PR:N Low risk

Predictable CSRF token for guest users

Reported by Devilshakerz MyBB Team

CWE-79 CVSS:3.1/PR:H Low risk

ACP Stylesheet Properties XSS

Reported by Cillian Collins

CWE-200 CVSS:3.1/PR:N Low risk

Reset Password username enumeration via email

Reported by Abdullah Md. Shaleh

Issues Resolved (42)

View issues on GitHub

Changed Files ()

Changed Language Files (9)

There are changes to 9 language file(s). Changed languages files can be cross-referenced from the list above.

Changed Templates (47)

announcement
codebuttons
editpost
footer
footer_showteamlink
forumdisplay
forumdisplay_threadlist
forumdisplay_threadlist_subscription
global_modqueue
global_modqueue_notice
global_unreadreports
header
headerinclude
index_boardstats
member_no_referrals
member_profile
member_profile_modoptions_manageban
member_profile_modoptions_manageuser
member_profile_referrals
member_referral_row
member_referrals
member_referrals_link
member_referrals_popup
member_resendactivation
member_resetpassword
memberlist
memberlist_search
modal
modal_button
modcp_announcements_edit
modcp_announcements_new
modcp_modqueue_posts
modcp_modqueue_threads
newreply
newthread
post_attachments_attachment
post_javascript
private
private_orderarrow
private_read
private_send
reputation
search
showthread
usercp_editlists
usercp_forumsubscriptions_forum
warnings_warn_pm