MyBB Community Forums

Full Version: 1.8.1 security without upgrade
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
I'm using 1.8.1 version and I need to remove its security  issue, but I really do not like to upgrade to 1.8.3 in reason of whole changes I made in the script. Is there any manual about most important core files or code-lines replacement with no change in the website, to solve the high-risk issue?
First of all, if you read our blog with release news, you'd know there are no changes except security fixes in 1.8.2 and 1.8.3, so your question doesn't make any sense.

Secondly, you shouldn't lose anything after minor version upgrades (so 1.8.x -> 1.8.y) and you gain lots of bugfixes, so there's nothing to worry about.

EDIT: unless I misread and you have lots of core changes that may get overwritten in the modified files, see the post below then.
Have you made changes to core files and you don't want to lose those edits?

Look in the file verification tab in your ACP. It will show the files you have changed. You can make copies of those and then upgrade.

For the future, Ppatches and plugin library DO work with 1.8, so you can install those and make patches to your core files rather than changing them.
Guys my question is really easy: which file (or codes) was exactly hacked on Git-hub? And made the db security issue for 1.8.1 version.

I just wanna change that file or code, and as mentioned words, yep, I have many changes in script and DO NOT want to lose them.

Refer to @Destroy666, I have to say that upgrade is not that much neutral as claimed.

@Leefish thanks, it's fruitful, but time consuming.
(2015-02-05, 07:01 AM)artman Wrote: [ -> ]@Leefish thanks, it's fruitful, but time consuming.

Hmmm... Leefish suggests you to overwrite the files using 1.8.3 package and redo those changes (i believe maybe just a bunch) you made to core files... and you think its time consuming.... you might think again if you check this:
@mmadhankumar... Thanks for help, Leefish approach is the fastest in a glance, but if a changed function exists in upgraded files it'll make the script totally erroneous, in reason of chained functions in files. I had some bad experience with this method.

As a result of this thread I decided not to change script version until I find a debug solution by myself. Up to that moment I'll strengthen my website security by .htaccess tricks.
Both 1.8.2 and 1.8.3 only contain security fixes. Since only a few files are changed applying these changes shouldn't be too difficult.
i hope you keep track of the changes in the future and offer upgrade packages, then we will know which files have changed !!
Here you can see the files where the vulns were reported:

and this is the fixes on github for 1.8.1 :

It lists the files the issues were found in if security patches is your only concern. I do not know if that list is total; I don't make the packages.
(2015-02-06, 04:09 AM)expat Wrote: [ -> ]i hope you keep track of the changes in the future and offer upgrade packages, then we will know which files have changed !!
But we already offer uprade packages?