MyBB 1.8.3
21 November 2014
MyBB version 1.8.3 is now available (security release).
Upgrading to MyBB 1.8.3
MyBB 1.8.3 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply MyBB updates as new versions are released, or use Installatron's Clone feature to duplicate an existing MyBB install to test the 1.8.3 upgrade prior to applying it live. Get started managing your MyBB installations with Installatron
What's New in MyBB 1.8.3
This release fixes 1 high risk vulnerability, 2 medium risk vulnerabilities and 3 low risk vulnerabilities. We recommend everyone upgrades to this release immediately.
Security
- High Risk: A SQL injection vulnerability in theme selection (reported by StefanT)
- Medium Risk: A XSS vulnerability in calender.php (reported by -Acid)
- Medium Risk: A XSS vulnerability in MyCode editor (reported by My-BB.Ir)
- Low Risk: A XSS vulnerability related to post icons (reported by Destroy666)
- Low Risk: unserialize may call PHP magic methods (reported by chtg)
- Low Risk: PHP setting request_order can break register globals handling (reported by chtg)