MyBB 1.6.11
8 October 2013
MyBB version 1.6.11 is now available (security release).
Upgrading to MyBB 1.6.11
MyBB 1.6.11 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply MyBB updates as new versions are released, or use Installatron's Clone feature to duplicate an existing MyBB install to test the 1.6.11 upgrade prior to applying it live. Get started managing your MyBB installations with Installatron
What's New in MyBB 1.6.11
This release fixes 5 vulnerabilities and over 65 reported issues causing incorrect functionality of MyBB.
Vulnerabilities:
- High Risk: Authorization bypass vulnerability within the PM system – reported by Philly
- Medium Risk: Accounts without login keys could be hijacked – reported by StefanT
- Low Risk: Weakness within the generate_post_check() function – reported by Nathan Malcolm
- Low Risk: Anonymous statistics may not always be anonymous – reported by Nathan Malcolm
- Low Risk: Database backups are exposed in logs – reported by Nathan Malcolm
Fixed issues:
- Bug #956: Quote tags don't work if username contains a ]
- Bug #1443: View thread notes - PgSQL
- Bug #1483: Large attachments, greater than PHP memory limit, fail
- Bug #1515: Attachement in first post lost after merging posts below
- Bug #1611: '&' in RSS feed titles
- Bug #1702: canonlyviewownthreads Permission Bug
- Bug #1733: GeoIP encoding problem
- Bug #1846: SMTP TLS
- Bug #1847: memcache sockets
- Bug #1871: Mod CP user search Post Count column alignment
- Bug #1877: Forum Jump doesn't obey SEF urls setting
- Bug #1879: Thread drafts don't remember prefixes
- Bug #1927: User merge - Source account avatar left on server
- Bug #2002: User merge warning logs error
- Bug #2003: When replying to a subject that is at max character limit, you will get an error.
- Bug #2008: Google-Mobile useragent not detected
- Bug #2019: function affected_rows in db_pgsql.php calls pg_affected_rows with the wrong parameter
- Bug #2023: Maximum Videos per Post setting not working
- Bug #2059: Post Tools won't show up until a Thread Tool exists
- Bug #2070: Pending group join requests are effectively numUsersInGroup * JoinRequests
- Bug #2095: User(s) browsing this thread not appearing on quote link
- Bug #2103: Mark forum read doesn't work with PostgreSQL
- Bug #2110: Writing limit in a post triggers PostgreSQL replacement
- Bug #2122: COPPA invalid date of birth
- Bug #2124: Tracking Logic Wrong
- Bug #2125: Admin CP Viewing Warning wrong link
- Bug #2134: AdmincP Bug
- Bug #2142: PM Advanced Search Sort Order
- Bug #2151: Saving CSS changes in Simple Editor breaks @media queries
- Bug #2156: Attachment count wrong when unapproving attachments
- Bug #2157: Last user user-name for threads and forums is not updated upon modifying user-names or merging users.
- Bug #2158: Users can give reputation for any post.
- Bug #2162: Threadlist can contain a thread without name, id etc.
- Bug #2163: Linking to non existent post does not show typical error page
- Bug #2165: sendthread.php throws sql error with postgres
- Bug #2166: calling newreply with no tid does not show the correct error page
- Bug #2167: Calling polls.php with invalid pid shows sql error instead of correct error page
- Bug #2168: Postgres errors in search.php and useless order by clause
- Bug #2175: Displaying the latest new user does not always work
- Bug #2177: update_pm_count() can throw sql error in Postgres
- Bug #2179: Set value for MYBB_ROOT
- Bug #2182: Apostrophe in DB password causes PHP error
- Bug #2184: SID not checked in admin/modules/templates.php
- Bug #2188: Reputation Sync Not Accounting For NULL Values
- Bug #2192: Attachments still downloadable if thread unapproved
- Bug #2193: Thread Subsciptions "not subscribed to any threads" with &page=
- Bug #2204: Login Page - maxlength for username/email field too short
- Bug #2205: enablereputation setting problem
- Bug #2211: Splitting a thread at the same time can create threads without posts
- Bug #2213: forumbit_depth1_forum doesn't exist
- Bug #2215: Double defined $cache on upgrade
- Bug #2216: "Templates Requiring Additional Calls" will always show
- Bug #2227: editor.js error causing misalignment in Office 2007 editor theme.
- Bug #2229: member.php Away Date Bug
- Bug #2234: 'Language fallback to english' option fails when language 'area' is 'admin'
- Bug #2235: PostgreSQL error on quick reply
- Bug #2241: Replacing preg_replace e modifier PHP 5.5
- Bug #2245: Language tweak in installer
- Bug #2246: Logout link broken on "Access Denied" pages
- Bug #2248: Installer: Update "Subscribe to Mailing List" link
- Bug #2249: sessions unnecessarily being deleted and created on every request
- Bug #2250: Admin Log errors
- Bug #2254: Adding attachment to an existing draft creates a new draft
- Bug #2270: Minor Typo / Consistency Issue in showthread.php
- Feature #1853: Allow login via email and/or username with settings in the ACP