2018-03-24, 12:44 AM
On each update if there are security issues MyBB only provides us with a list of the reported exploits that were fixed. It does not provide which files or what code were actually fixed. I think this presents a problem for some of us with very customized forums which are not so easy to upgrade even in minor version. We'd still love to patch security exploits but even on the Github with the issues marked as fixed none of those appear to be the security fixes.
https://github.com/mybb/mybb/issues?q=is...e%3A1.8.15
I'm not sure what the best way to go about this but I'd guess that you label these security but maybe they are private at the Github site. Can you make them public once they are fixed in release? Not only will it assist admins who want to manually patch exploits but it also may allow the community to find similar exploits for patching.
Please seriously consider how you guys approach your security fixes. It is not done openly at this point.
https://github.com/mybb/mybb/issues?q=is...e%3A1.8.15
I'm not sure what the best way to go about this but I'd guess that you label these security but maybe they are private at the Github site. Can you make them public once they are fixed in release? Not only will it assist admins who want to manually patch exploits but it also may allow the community to find similar exploits for patching.
Please seriously consider how you guys approach your security fixes. It is not done openly at this point.