MyBB 1.8.4
15 February 2015
MyBB version 1.8.4 is now available.
Upgrading to MyBB 1.8.4
MyBB 1.8.4 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply MyBB updates as new versions are released, or use Installatron's Clone feature to duplicate an existing MyBB install to test the 1.8.4 upgrade prior to applying it live. Get started managing your MyBB installations with Installatron
What's New in MyBB 1.8.4
This release fixes 7 vulnerabilities and 118 reported issues causing incorrect functionality of MyBB.
Security
- Medium Risk: A XSS vulnerability in member.php – reported by ATofighi
- Medium Risk: A XSS vulnerability in MyCode editor – reported by Matthias Ungethüm
- Low Risk: Multiple XSS vulnerability requiring admin permissions – reported by adamziaja, Devilshakerz, DingjieYang and sroesemann
- Low Risk: A CSRF vulnerability within ACP login – reported by Devilshakerz
- Low Risk: Group join request notifications sent to wrong group leaders – reported by Snake_
- Low Risk: Cache handler using var_export without encoding checks – reported by chtg
- No Risk: A full path disclosure vulnerability within JSON library – reported by Nathan Malcolm
New features
- Support for No CAPTCHA reCAPTCHA
- 2 Factor Authentication for ACP login