MyBB 1.8.20 Released — Security & Maintenance Release

vbgamer45 · Feb 27, 2019

MyBB 1.8.20 is now available, and is a security & maintenance release.

This release includes allowing users to see their unapproved content and view user referrals; compatibility with PHP >= 7.2 has been improved and jQuery has been upgraded to 3.0.0, which might affect custom JavaScript code in plugins and themes.

5 security vulnerabilities addressed:
- Medium risk: Reset Password reflected XSS
- Medium risk: ModCP Profile Editor username reflected XSS — reported by Jovan Zivanovic of MaTRIS Research Group, SBA Research
- Low risk: Predictable CSRF token for guest users — reported by Devilshakerz of MyBB Team
- Low risk: ACP Stylesheet Properties XSS — reported by Cillian Collins
- Low risk: Reset Password username enumeration via email — reported by Abdullah Md. Shaleh
42 issues resolved

Check Release Notes for a list of changes to language files, templates and unresolved issues.

Details:https://blog.mybb.com/

deslocotoco · Mar 19, 2019

I'm happy to see that MyBB is still going on after so long time.

My first Forum was built on that platform, but changed to XF after. Was the best thing that i did.

They need a bigger team to follow up the technology. I don't think they can handle the needs of the market today with this small team of developers.

vbgamer45 · Mar 19, 2019

It's hard a team volunteers unpaid versus a paid development team who can spend time and get paid for it. Generally the open source forum projects recruit people in college/school to work on the software.

MyBB 1.8.20 Released — Security & Maintenance Release

vbgamer45

Adherent

deslocotoco

Enthusiast

vbgamer45

Adherent