MyBB 1.8.20
4 March 2019
MyBB version 1.8.20 is now available (security release).
Upgrading to MyBB 1.8.20
MyBB 1.8.20 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply MyBB updates as new versions are released, or use Installatron's Clone feature to duplicate an existing MyBB install to test the 1.8.20 upgrade prior to applying it live. Get started managing your MyBB installations with Installatron
What's New in MyBB 1.8.20
This is a security and maintenance release for MyBB.
Security
- Medium risk: Reset Password reflected XSS
- Medium risk: ModCP Profile Editor username reflected XSS — reported by Jovan Zivanovic of MaTRIS Research Group, SBA Research
- Low risk: Predictable CSRF token for guest users — reported by Devilshakerz of MyBB Team
- Low risk: ACP Stylesheet Properties XSS — reported by Cillian Collins
- Low risk: Reset Password username enumeration via email — reported by Abdullah Md. Shaleh
Bug Fixes
- #3583 MyBB 1.8.20 Editor Is Too Small
- #3580 Oversensitive Word Filter
- #3578 Threads Awaiting Moderation text overflow and no BBCode parsing
- #3556 AJAX removal of attachment is not working
- #3554 Smilie select is not working
- #3553 Typo when a thread is waiting for approval
- #3549 Incorrect "continue" usage in WarningsHandler
- #3547 Remove attachments via AJAX
- #3546 Consistent JS dialogs and popups
- #3545 Upgrade jQuery to jQuery 3.0.0
- #3543 UCP - Edit options - lang typo - missing dot
- #3538 Member Profiles have Send Email link
- #3533 UCP - Forum subscription - change align
- #3514 Show only unread private messages
- #3512 Forum Team Link should be available globally
- #3506 "showthread_printthread" template not cached
- #3504 ModCP warninglogs pagination issue
- #3501 Lang typos in user_users and moderation lang files
- #3486 Missing Moderation Notices
- #3483 Add 'exact' option to memberlist username search
- #3477 Improve error log details
- #3476 Version check does not work
- #3473 "index_showteamlink" template not preloaded
- #3471 `check_thumbnail_memory` assumes `memory_limit` INI setting always has suffix
- #3468 Page Change in Managegroup causes "Division by zero" Error
- #3467 css.php - multiple queries
- #3461 Bad word filters with 'escaped' parenthesis cause errors as of 1.8.18
- #3459 Search feature improvements
- #3457 User CP - "lock" folder & folder icon needs to be corrected to "close" icon
- #3453 language editor count() warnings on php 7.2
- #3449 Add The Ability To View User Referrals To Member Profile
- #3443 MyBB ACP - Latest announcements scraping wrong and repeated content
- #3441 ACP: Add Hooks To The User Edit Page To Allow Customization
- #3436 Resend email verification missing captcha
- #3430 ACP settings search option - hardcoded only for english language.
- #3419 Thread and posts should not be hidden from the OP when approval is required!
- #3417 Last Active shown for hidden users
- #3403 New plugin hook in User CP
- #3291 Issue with Thread Prefix
- #3241 .prop('checked') doesn't trigger change events
- #2020 Referrals Are Lost on Account Merge
- #1201 Problem clicking links within AdminCP Template-Sets