MyBB 1.6.17
27 May 2015
MyBB version 1.6.17 is now available (security release).
Upgrading to MyBB 1.6.17
MyBB 1.6.17 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply MyBB updates as new versions are released, or use Installatron's Clone feature to duplicate an existing MyBB install to test the 1.6.17 upgrade prior to applying it live. Get started managing your MyBB installations with Installatron
What's New in MyBB 1.6.17
This release fixes 2 medium and 5 low risk vulnerabilities. We recommend everyone upgrades to this release immediately.
Security
- Medium Risk: Reset password code check could be circumvented in member.php
- Medium Risk: Permissions not checked for post search with old sid in search.php
- Low Risk: CSRF in ACP mass mail cancellation
- Low Risk: Use of the U+200E Unicode character to create "duplicate" username
- Low Risk: Multiple XSS vulnerability requiring admin permissions
- Low Risk: A CSRF vulnerability within ACP login
- Low Risk: Cache handler using var_export without encoding checks