(2018-08-25, 05:27 PM)Wires Wrote: [ -> ]The changes made will be merged into 1.8.19 and released as an Upgrade.
I've been away from home for a long time have been just reading but didn't have the computer to do the update, what would you suggest to nooby users like me, wait for 1.8.19 or do the 1.8.18.... And a question i always wanted to ask but always forgot... how bad are these XSS vulnerabilities.? I have just a small board with a few trustworthy users, can someone wreck it from the outside or for those type of attacks they have to post something as a user?
I would suggest keeping up with MyBB's latest version as much as possible. You're also more than likely to have your forum exploited by a plugin more over the core files.
The PR linked is also only needed if your site uses password protected forums, which not many sites tend to use.
I didn't have any errors when I upgraded to 1.8.18...should I still drop the files Devilshakerz provided or just leave well enough alone?
(2018-08-30, 08:09 PM)RocketFoot Wrote: [ -> ]I didn't have any errors when I upgraded to 1.8.18...should I still drop the files Devilshakerz provided or just leave well enough alone?
It doesn't seem necessary in this case - to our understanding the problem only affects boards with password-protected forums.
I have a live board that i have upgraded without replacing these 5 files. On my test board i had a locked forum.