MyBB 1.8.6
9 September 2015
MyBB version 1.8.6 is now available (security release).
Upgrading to MyBB 1.8.6
MyBB 1.8.6 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply MyBB updates as new versions are released, or use Installatron's Clone feature to duplicate an existing MyBB install to test the 1.8.6 upgrade prior to applying it live. Get started managing your MyBB installations with Installatron
What's New in MyBB 1.8.6
This release fixes 5 security vulnerabilities and 51 reported issues causing incorrect functionality of MyBB.
Security
- Medium Risk: Forum password bypass in xmlhttp.php
- Low Risk: SQL Injection in Grouppromotions module (ACP)
- Low Risk: Possible XSS Injection in the error handler
- Low Risk: Possible XSS issues in old upgrade files
- Low Risk: Possible Full Path Disclosure in publicly accessible error log files
Bugs fixed
- #2184 Quick edit not working when thread prefix is required
- #2178 Question: What are "contants"?
- #2171 Find Users should use `escape_string_like()`
- #2168 Invalid RE: regex
- #2164 output_row() $options['id']
- #2163 Post subjects don't work correctly
- #2149 Show latin1 as latin 1 and not as cp1252
- #2145 Add A Group Leader Doesn't Put Leader In Usergroup
- #2143 Parser removes spacing between list elements
- #2141 ban_date2timestamp uses supports using timestamp but doesn't use it in date calls
- #2129 Editing announcement is broken when global variable "$announcement"
- #2126 reCaptcha not work if use SSL (HTTPS)
- #2122 Quick reply wrong $postcounter
- #2116 mysql
- #2115 Inconsistent checks in db classes
- #2106 Report Center Bug
- #2105 System Email Log Filters
- #2093 Sending message to myself with BCC will cause an error
- #2091 Custom Profile Field descriptions should be properly escaped
- #2084 UserDataHandler::delete_posts report content deletion is redundant.
- #2077 Mssing using_remote_avatar language string.
- #2076 usercp_avatar HTML syntax error.
- #2054 Confusing admin and return mail
- #2048 $settings undefined
- #2037 Fetching MyBB credits fails -> endless redirection
- #2026 Wrong Doc Blocks
- #2018 Use queried id instead of input
- #2016 Strange behaviour of "find_replace_templatesets"
- #2009 Poll options values not saved in editpost.php
- #2007 Preview table showing upon error
- #2003 Deleting an event in 'editevent' without checking checkbox throws errors
- #2001 Calendar does not show errors when adding events
- #1999 Adding user in Admin-CP results in wrong timezone
- #1978 Send PM: Duplicate check not working for multiple recipients
- #1965 Calendar - problem with mini calendar
- #1964 Using ||~|~|| in polls breaks poll
- #1963 Editing problem in IE11
- #1961 require a thread prefix for all threads doesnt work in edit post
- #1955 Wrong SCEditor smilie check
- #1913 Database export should ignore views
- #1912 PM download umlaut problems
- #1911 Unnecessary code in functions_post.php
- #1906 Wrong information in profile/reputation report PMs
- #1838 Birthday bug
- #1820 Userhandler still doesn't delete some stuff
- #1816 Very inefficient managegroups.php code...
- #1793 Random generated password can throw error
- #1752 Bypassing Theme Permissions
- #1440 Soft delete doesn't show up in mod tools when searching threads
- #907 Subject Max. Char. error on preview
- #303 Function insert_id() not working in db_pgsql.php