MyBB 1.8.34
5 June 2023
MyBB version 1.8.34 is now available (security release).
Upgrading to MyBB 1.8.34
MyBB 1.8.34 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply MyBB updates as new versions are released, or use Installatron's Clone feature to duplicate an existing MyBB install to test the 1.8.34 upgrade prior to applying it live. Get started managing your MyBB installations with Installatron
What's New in MyBB 1.8.34
Security
- CVE-2023-28467 - User CP email persistent XSS - Cross-site scripting (XSS) vulnerability in the User CP module allows remote authenticated users to inject HTML via the user email field, triggered on the User CP Home page. Modification of user's own email address requires providing the account password.
Bug Fixes & Changes
- Remove plain MD5 password update code #4692
- Getting exception when sending SMTP email (via SMTP raw not PHP ) and connection fails to be established #4680
- Allow shutdown functions to run after non-critical errors #4678
- Missing lang var "older_than" in tools_spamlog.lang.php #4646
- Change stopforumspam.com url from http:// to https:// #4643
- Fix PHP 8 compatibility issues since version 1.8.33 #4639
- After upgrade to PHP 8.0: Boardstats counter of posts and threads does not increase anymore #4637
- Change 'require_once' to 'require' in 'MyLanguage::load()' #4634
- 'forum_permissions()' may return an incomplete set of forum permissions #4632
- Email error reporting relies on potentially unitialized plugin system #4631
- Custom Load Limiting check in Archive mode may cause Fatal error #4629
- undefined variable $usersbrowsing in eval()'d code (92) in ./showthread.php(1617). #4602
- Bug with Updating username Style #4590
- Mark forum read doesn't work with php 8.0 #4530