MyBB 1.8.5
27 May 2015
MyBB version 1.8.5 is now available (security release).
Upgrading to MyBB 1.8.5
MyBB 1.8.5 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply MyBB updates as new versions are released, or use Installatron's Clone feature to duplicate an existing MyBB install to test the 1.8.5 upgrade prior to applying it live. Get started managing your MyBB installations with Installatron
What's New in MyBB 1.8.5
This release fixes 6 security vulnerabilities and 58 reported issues causing incorrect functionality of MyBB.
Security
- Medium Risk: Reset password code check could be circumvented in member.php – reported by solati.sadegh
- Medium Risk: Sender email could be spoofed when sending an email to a user in member.php – reported by onlinedevelopers
- Medium Risk: Permissions not checked for post search with old sid in search.php – reported by pedder55655
- Medium Risk: XSS in quick edit function of xmlhttp.php – reported by TiberiusG
- Low Risk: CSRF in ACP mass mail cancellation – reported by Destroy666
- Low Risk: Use of the U+200E Unicode character to create "duplicate" username – reported by mahdy2021
Bugs fixed
- #1997 Single forum/group select settings
- #1995 URLs never shortened
- #1986 HTML bug in modcp template
- #1979 Send PM: Duplicate check inconsistent
- #1977 password hash checks should use === and !== instead of == and !=
- #1975 JavaScript Error with Multiline Smilies (Disables Editor)
- #1957 Grammatical mistake
- #1956 Division by zero FPD
- #1953 ACP Smilies Mass Editor break all smilies on save.
- #1951 grammatical error in admin cp
- #1946 Template groups are case sensitive
- #1945 Administrator permissions Tools -> Can manage spam logs
- #1941 Duplicating a theme doesn't duplicate the templates
- #1939 format_avatar caching issue
- #1934 Wrong awaitingactivation check
- #1933 is_numeric check in Mysql update_query
- #1931 Reputation page shows incorrect user title
- #1930 Bug in checkbox validation
- #1928 Warnings for multiselect/checkbox profile fields
- #1926 Upgrades from <=1.2.14 fail
- #1916 Forum Permissions/Group Moderators not deleted if group is deleted
- #1908 Add contact email setting
- #1907 Avay icon don't work properly at Forum team list
- #1905 Editing a forum allows to set a child forum as parent forum
- #1903 Incorrect find_replace_templatesets() functionality
- #1901 Captcha in contact.php showing for everyone
- #1899 Extra <br> when all Contact Details set to none
- #1897 Invalid reputation counters
- #1891 Delayed moderation task typos
- #1888 "remaining" is missing from bannedbit in profiles
- #1882 Soft Delete option in custom mod tools doesn't work
- #1877 Add file name and file size to image attachment tooltips
- #1876 Group leader admin logs inconsistencies
- #1875 "Put the editor in source mode by default" ineffective when previewing
- #1874 Nocaptcha missing on newreply.php and newthread.php
- #1871 fetch_array() issues
- #1869 Saving draft changes thread icon to replied in search page
- #1855 Incorrect integer value: '' for column '__' at row 1
- #1845 PM Verification Incorrect (ignore list)
- #1844 Inline edit subject check
- #1841 Label spacing inconsistency in private_send_tracking template
- #1840 Upgrade to 1.8.4 fails with SQLite
- #1837 Setting safe_html to 1 for the parser though it isn't supported
- #1836 split used in class_parser.php
- #1835 Useless variable in class_parser.php
- #1831 Urgent: Warning System Throwing SQL Errors
- #1822 Username autocomplete for Group Leaders
- #1821 Account settings missing in Admin CP
- #1804 Bugged icon positioning in headerlinks_sprite.png
- #1799 Weird IN_PORTAL checks
- #1776 Change some escape_strings to get_input INT
- #1740 Board Online/Offline for xmlhttp.php
- #1676 $fid in toggle_thread_softdelete
- #1463 Custom mod tools and inline moderation
- #1239 UX improvement for showing a user's reputations
- #1210 soft deleted posts with showthread.php?pid=x#pidx
- #307 User Pruning bug
- #297 Problems on changing parent-theme