2008-01-21, 01:18 AM
MyBB 1.2.12 is a security update to MyBB 1.2 fixing a HIGH SQL Injection and MEDIUM XSRF vulnerabilities. Because of the amount of changes in this release we've decided to go ahead and include fixes for some outstanding bugs. We recommend everybody upgrades to this release immediately.
This security update fixes:
These vulnerabilities affect MyBB 1.2.11 and previous releases of MyBB 1.2. Older versions of MyBB may also be affected.
MyBB 1.2.11 to MyBB 1.2.12 Patch
This patch is only for users running MyBB 1.2.11. If you are running any other version of the MyBB 1.2 series then please download MyBB 1.2.12 from the MyBB site and update to it.
Please download the attached ZIP archive and replace the files in your forum directory with those from the ZIP archive.
[attachment=8467]
Information on upgrading, template changes and language changes can be found in the posts below.
Please note, that you need to run the upgrade script for this version. This is so the templates may be updated.
There are no database schema changes in this version.
Reporting MyBB security vulnerabilities
If you think you've found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we've had time to prepare and release a patch.
As always, you can send through security related messages on the MyBB website from the Contact Us page.
This security update fixes:
- [HIGH RISK] SQL Injection vulnerability in inc/datahandlers/pm.php
- [MEDIUM RISK] XSRF vulnerabilities in various files (Note: Most require the user to have a moderator account)
These vulnerabilities affect MyBB 1.2.11 and previous releases of MyBB 1.2. Older versions of MyBB may also be affected.
MyBB 1.2.11 to MyBB 1.2.12 Patch
This patch is only for users running MyBB 1.2.11. If you are running any other version of the MyBB 1.2 series then please download MyBB 1.2.12 from the MyBB site and update to it.
Please download the attached ZIP archive and replace the files in your forum directory with those from the ZIP archive.
[attachment=8467]
Information on upgrading, template changes and language changes can be found in the posts below.
Please note, that you need to run the upgrade script for this version. This is so the templates may be updated.
There are no database schema changes in this version.
Reporting MyBB security vulnerabilities
If you think you've found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we've had time to prepare and release a patch.
As always, you can send through security related messages on the MyBB website from the Contact Us page.