Before anybody asks, the next minor release will be 1.2.10 (not 1.3.0, or 1.4.0). Don't worry, the world won't come to an end, we're not doomed.
And done. Good work Chris.
Chris Boulton Wrote:From:
http://community.mybboard.net/showthread.php?tid=20910
Log file analysis was performed and advanced methods for logging MyBB requests were put in place to determine where the vulnerability was in MyBB. These vulnerabilities were discovered as a result of this logging.
What if some other mybb users have been affected already? Is there a way for the rest of the community to know? If we are affected already, will the security patch still work? If we are already affected, what should we do?
with warm regards
Ronald Cross
Quote:What if some other mybb users have been affected already? Is there a way for the rest of the community to know? If we are affected already, will the security patch still work? If we are already affected, what should we do?
The best thing for you to do is to change your Administrator password, and if you for some reason used the same database password/ftp password etc then change those too.
Also - if you'd like you can run the MyBB 1.2.3 vulnerability scanner to see if for some reason a file was uploaded to a place it shouldn't be:
http://community.mybboard.net/showthread...#pid120546
thanks, I will take care of it.
with warm regards
Ronald Cross