MyBB Community Forums

You're expressing a lot of anger and I do agree with the sentiment. I firmly do believe MyBB should prioritize this being corrected. It was very early in the 1.4x release that this became an evident problem and it's been allowed to linger. As time goes on it becomes even more of a problem as hosts adopt mod_security. It became worse with mod_security2 which can't be disabled via htaccess. That's when imho MyBB should have stepped up and realized this needed to be corrected immediately. A solution beyond disabling the best security feature to hit Apache in years is in order.

On day one of 1.4x release I was puzzled by the / inclusion for the admincp. It was not neccessary and it's abnormal. And before mybb dev team defends that decision please consider then why the #1 security module for apache has it listed to block?

Of course I love MyBB so I ain't going to leave because of this issue but certainly I will advocate for a speedy change to correct this problem. I have to believe that at some level MyBB does understand the need to fix this but also know it's a painful change. However the longer you wait the more painful it will be. We have not even gotten any type of official response about this being fixed in 1.6x or heck even 2.0. It's not fair to the community in my view to keep us in the dark about a very needed fix.

http://dev.mybboard.net/projects/mybb/re...sions/4491

Enjoy.

Love is in the air. -Lou Rawls

Let's hope now that we have this officially addressed we can move past this onto other issues. I do look forward to having MyBB mod_security compatible.

Thank you Ryan.