MyBB 1.2.14 Released - Security & Maintenance Release
#1
MyBB 1.2.14 is a security and maintenance update to MyBB 1.2 fixing a low HTML Injection vulnerability. This release is also intended to fix the rest of MyBB 1.2's outstanding bugs and provide a stable platform for those of you who wish to stay with the the MyBB 1.2 platform for a while after 1.4 is released.

This security update fixes:
  • [Low Risk] HTML Injection vulnerability
These vulnerabilities affect MyBB 1.2.13 and previous releases of MyBB 1.2. Older versions of MyBB may also be affected.

Information on upgrading, template changes and language changes can be found in the posts below.

Please note, that you need to run the upgrade script for this version. This is so the templates may be updated.
There are no database schema changes in this version.


Reporting MyBB security vulnerabilities
If you think you've found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we've had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page.

A final note...
I would like to thank all the staff members, beta testers, translators, mod authors, theme authors, and most of all, you. We appreciate everyone's dedication towards MyBB, as this release marks the end of our journey with the 1.2 series, which started over 2 years ago.
#2
Upgrading from the 1.2 series
When upgrading from 1.2, you will not lose any custom themes, plugins or language packs which you may have installed.

Follow the general [Wiki: Upgrading] (Broken link, head over to docs.mybb.com instead) guide outlined on the MyBB Wiki to complete the upgrade process. You may download a ZIP archive of changed files here:

.zip   mybb_1214_changed_files.zip (Size: 278.2 KB / Downloads: 3,479)

You must then check for modified templates using the instructions in the next post.

Upgrading from other versions
If you are upgrading from a version earlier than 1.2 then you will lose your custom themes, templates and language packs due to the number of changes between your version and the 1.2 series.

Before you attempt to upgrade, ensure you have a database backup and a copy of the files currently in use on your board. This is so you can revert back to your earlier version if you need to or something goes horribly wrong with the upgrade process.

Follow the general [Wiki: Upgrading] (Broken link, head over to docs.mybb.com instead) guide outlined on the MyBB Wiki to complete the upgrade process.

Changed files since MyBB 1.2.12
  • admin/
    • adminoptions.php
    • announcements.php
    • themes.php
    • users.php
  • archive/
    • index.php
  • inc/
    • class_core.php
    • class_moderation.php
    • functions.php
    • functions_archive.php
    • functions_post.php
    • functions_upload.php
    • functions_forumlist.php
    • datahandlers/
      • user.php
      • post.php
    • languages/
      • english.php
      • english/
        • search.lang.php
        • global.lang.php
  • install/
    • resources/
      • mybb_theme.xml
      • upgrade12.php (Added)
  • jscripts/
    • editor.js
    • inline_edit.js
  • editpost.php
  • member.php
  • moderation.php
  • search.php (* vuln fixes)

Red denotes the file has changes for the exploits and must be updated.
Green denotes the file is new

Bugs fixed since MyBB 1.2.12
  • #26673 - #26673 [F] potential error in group permissions setting
  • #26674 - #26674 [F] [split] cannot logout bug with sid
  • #26682 - #26682 [F] small bug in editor.js
  • #26752 - #26752 [F] Typo [ usercp.php ]
  • #26817 - #26817 [F] blank page whene you export your pm's in .txt file
  • #26840 - #26840 [F] Unneeded htmlspecialchars in original post after splitting (class_moderation.php)
  • #26846 - #26846 [F] If no avatars exist in the default directory...
  • #26861 - #26861 [F] add a thread together
  • #26900 - #26900 [F] Thread Last answer bug
  • #27743 - #27743 [F] Wrong Phrase in ICQ Message Center
  • #28008 - #28008 [F] Disappearing Text
  • #28077 - #28077 [F] User get subscirbed thread email when no longer authorized
  • #28091 - #28091 [F] Users can approve their own attachments
  • #28120 - #28120 [F] Merge problem
  • #28330 - #28330 [F] safe mode problem
  • #28631 - #28631 [F] Spelling mistake
  • #29322 - #29322 [F] Password forums not protected in archive
  • #29430 - #29430 [F] Error when changing ACP themes
  • #30454 - #30454 [F] Thread attachment count not decrementing
  • #31439 - #31439 [F] Images
  • #31602 - #31602 [F] Birthday Bug [Again]
  • #31645 - #31645 [F] Preview can't parse properly
  • #32578 - #32578 [F] Bug: Login change does not force logout
  • #32792 - #32792 [F] [Remote Avatar] URL Parameter issue
#3
Theme and template changes
Using the "Find Updated" link under the "Templates" section in the Admin CP you can find a list of the templates that have changed in this release that you've got one or more custom copies of.

After identifying changed templates using the tool you can either revert your custom template to the default (delete it) or use the "diff" tool to perform a difference analysis on your custom template and the default.

Since MyBB 1.2.12 the following templates have been changed.

A revert for this release is not required so your custom version of the template should work perfectly fine.

Template changes
Since MyBB 1.2.12 the following templates have had changes to them:
  • misc_imcenter_icq

Language file changes
Since MyBB 1.2.12 the following language files have had changes to them:
  • search.lang.php
  • global.lang.php
Either update your language packs to include the changes in these files or revert to the standard English language pack.

Plugins
Your MyBB 1.2.x plugins will work correctly with 1.2.14 without any updates.
#4
Discuss this announcement


Forum Jump:


Users browsing this thread: 1 Guest(s)