MyBB 1.8.8

17 October 2016

code 1808

SecurityMaintenance

Full Package

Install a new MyBB forum or upgrade from older versions.

.zip – 2.1 MB

Download from MyBB.com

sha512:

8dec5923737b11deae578ed02f259acda01ca5bcc9032bc01df1e2d77ce36c54f87e66e42850460c8ea07515d99d4b5da4a73f915ee3f4e6bd2f654334ca0f75

sha256:

e63bd3ce5b8a7c4166102baa75f0aab1d12fc64379658a027d8bf49a437a469a

sha1:

2b8469cb42c3a66ec7e3253aa0cced464585d3dd

md5:

2e09c9fd3b2416ac3fea9bada18d61e5

Changed Files

Upgrade from the previous version.

.zip – 1.2 MB

Download from MyBB.com

sha512:

47ddbd601d008e9cb7309b328d36df95f901d1935593ded61e70cef22dc1312257266e056e5ea9d214babfd47a0aeb9560e9d11a5abb8d68a244f442467c41854a73f915ee3f4e6bd2f654334ca0f75

sha256:

bb479145b44f169c301c21425f78742d8cacd9fd9ef4543c2a5e39ab540f769e

sha1:

2c9985353e87c8710bdcdcf1856b0a6c63961317

md5:

43028accb46eecf8016ef5fdc4fe522a

How to verify packages

Important Notes

The upgrade script does not need to be run when upgrading to this release with the Changed Files package.

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

Follow the Upgrade Documentation for more detailed instructions.

Security Vulnerabilities Addressed (7)

CWE-22 CVSS:3.1/PR:H Medium risk

Style import CSS overwrite on Windows servers

Reported by patryk

CWE-89 CVSS:3.1/PR:L Medium risk

SQL Injection in the users data handler

Reported by afinepl

Medium risk

SSRF attack in fetch_remote_file()

Reported by dawid_golunski

CWE-22 CVSS:3.1/PR:N Medium risk

Possible short name access to ACP backups on Windows servers

Reported by kevinoclam

CWE-79 CVSS:3.1/PR:H Low risk

Stored XSS in the ACP

Reported by patryk

CWE-697 CVSS:3.1/PR:N Low risk

Loose comparison false positives

Reported by Devilshakerz MyBB Team

CWE-79 CVSS:3.1/PR:H Low risk

Possible XSS injection in ACP users module

Reported by afinepl

Issues Resolved (58)

View issues on GitHub

Changed Files ()

Changed Language Files (23)

There are changes to 23 language file(s). Changed languages files can be cross-referenced from the list above.

Changed Templates (66)

calendar_mini_weekrow_day_link
calendar_weekrow_day_events
editpost
footer
forumbit_subforums
forumdisplay
forumdisplay_threadlist_rating
global_boardclosed_reason
global_dst_detection
global_no_permission_modal
member_profile_banned_remaining
member_register_question
member_register_regimage
memberlist
misc_smilies_no_smilies
misc_smilies_popup_empty
misc_smilies_popup_no_smilies
misc_smilies_popup_row
misc_syndication_forumlist_forum
modcp_banning_remaining
modcp_reports
modcp_reports_report
modcp_reports_report_comment
modcp_reports_report_comment_extra
moderation_delayedmodaction_notes_forum
moderation_delayedmodaction_notes_merge
moderation_delayedmodaction_notes_new_forum
moderation_delayedmodaction_notes_redirect
moderation_delayedmodaction_notes_thread_multiple
moderation_delayedmodaction_notes_thread_single
moderation_delayedmoderation_thread
moderation_threadnotes_modaction_forum
moderation_threadnotes_modaction_post
moderation_threadnotes_modaction_thread
mycode_code
mycode_email
mycode_img
mycode_php
mycode_quote_post
mycode_size_int
mycode_url
newreply
newreply_draftinput
newthread
newthread_draftinput
online_refresh
portal_stats_nobody
post_captcha
printthread_nav
private_messagebit
private_search_messagebit
private_send
report
report_reason
report_reasons
search_results_posts_forumlink
search_results_threads_forumlink
showthread
showthread_moderationoptions_approve
showthread_moderationoptions_unapprove
showthread_ratethread
smilieinsert_row
smilieinsert_row_empty
stats_topforum
usercp_editlists
warnings_postlink