MyBB 1.6.13
28 April 2014
MyBB version 1.6.13 is now available (security release).
Upgrading to MyBB 1.6.13
MyBB 1.6.13 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply MyBB updates as new versions are released, or use Installatron's Clone feature to duplicate an existing MyBB install to test the 1.6.13 upgrade prior to applying it live. Get started managing your MyBB installations with Installatron
What's New in MyBB 1.6.13
This release fixes 4 vulnerabilities and 38 reported issues causing incorrect functionality of MyBB.
Vulnerabilities:
- Medium Risk: Possibility of executing PHP code through stylesheets – reported by TonyS
- Medium Risk: Possibility of executing PHP code through language files – reported by Pirata Nervo
- Low Risk: A XSS vulnerability in search system (CVE-2014-1840)
- Low Risk: Potential weak random string generator reported by – reported by 1llusion
Bugs fixed:
- #1860 Wrong messsage displayed whilst editing user from mod cp
- #2089 Report post/split post glitch
- #2144 Wrong date structure in AdminCP statistics chart
- #2162 Threadlist can contain a thread without name, id etc.
- #2202 Admin Log logging has a few mistakes
- #2207 Wrong Post Dates and guest names in Moderation Queue
- #2212 Drafts update the forum last post
- #2243 Group Bug
- #2252 User Search posts=0 Returns All Users
- #2258 Unused template
- #2261 Showing the results of a poll uses theme from post with pid equal to poll's id
- #2264 delete user - thread uid
- #2272 empty customer specific profile fields after registration
- #2278 "You did not enter a description for this scheduled task"
- #2280 Hitting Post Thread when having disallowed attachment ignores all submitted content
- #2281 Signature nofollow doesn't work in user profile
- #2292 Problem with Find Attachments result in ACP
- #140 modcp_reports_multipage
- #141 modcp_reports_report
- #220 Can't edit group leader
- #229 Missing global $mybb
- #233 Admin Log errors
- #244 No message if all tasks removed
- #245 Missing cache reload functions
- #254 change "$bottom_label" type
- #258 Stick Thread checkbox is not checked by default
- #277 Issues with admin cp Inline User Moderation and super administrators
- #281 [Theme] Creating new theme using admin panel
- #282 [Plugins] Akismet 1.2.1 installation error
- #289 Pop up smiley inserter doesn't use cursor CSS
- #295 Search and replace in admin panel
- #317 User Merge bug/problem
- #350 Reload Cache no language
- #370 Admin Permissions breadcrumb does not display username if user is an admin through an additional group
- #379 User(s) browsing this thread incorrect when linking to post
- #381 dbpdoEngine::num_rows() doesn't work as expected
- #389 Misleading text under 'Bans Ending Soon' in ModCP
- #396 Link detection