MyBB Community Forums

Full Version: MyBB 1.4.4 Released - Maintenance & Security Release
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
MyBB 1.4.4 is now available on the MyBB website and is a general maintenance and security release.

This release fixes numerous issues with versions released since 1.4.3 and 1.4.2 with some causing incorrect functionality of MyBB. These bugs have been fixed to provide a more stable version of MyBB for public use.

What's added/changed in this version?
  • Low CSRF Weakness fix - This vulnerability was discovered and reported by NBBN.
  • Brute Force protection has been enhanced in MyBB 1.4.4 by adding CAPTCHA protection after 3 attempts at logging in.
    MyBB 1.4.4 does not provide a separate setting for this as it is hard coded to reduce complexities in this maintenance release. MyBB 1.6 will however, feature a separate setting to manage its behavior.
  • Ability to turn off Codepress template editing via ACP Preferences
  • New plugin hook at beginning of editpost.php
  • ... Lots of other bug fixes

MyBB 1.4.3 to MyBB 1.4.4 Patch
This patch is only for users running MyBB 1.4.3. If you are running any other version of the MyBB 1.4 series then please download MyBB 1.4.4 from the MyBB site and update to it.

Please download "mybb_1403_patches.txt" and follow the instructions in that file.

[attachment=11776]



I'd like to thank the community for their amazing contributions to MyBB over the past years:
  • All of the developers we've had work on 1.4 for building a very stable release of MyBB and putting in the grueling hours to make sure the end product works correctly.
  • Our new Software Quality Assurance team, whom have risen to the challenge of extensively testing each and every change put forth into the code that runs your forum. We hope you will see the benefits of this new team grow as we expand and perfect our QA processes.
  • The support team for their extensive knowledge of MyBB and the relentless and excellent support you provide to our users.
  • The translators - you guys have done an amazing job bringing MyBB to your locality. Your work is very appreciated; especially by the communities that you have been able to create because of it!
  • The beta testers who without, your forum would never have been as stable as it is today.
  • The modification and theme community who have pushed the creative and technological boundaries of MyBB to it's limits.
  • And most importantly: You. Without you MyBB would not be what it is today. So I thank you for helping create MyBB and sticking with us, even when things didn't always go perfectly.

Information on upgrading, template changes and language changes can be found in the posts below.

Please note, that you need to run the upgrade script for this version. This is so the templates may be updated.
There are database schema changes in this version.

Reporting MyBB security vulnerabilities
If you think you've found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we've had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page.
MyBB 1.2.14 Patch
Users running MyBB 1.2.14 or any previous release of the MyBB 1.2 series may use the manual instructions provided in this attachment:

[attachment=11798]
Upgrading from the 1.4 series
When upgrading from 1.4.3, you will not lose any custom themes, plugins or language packs which you may have installed.

Follow the general [Wiki: Upgrading] (Broken link, head over to docs.mybb.com instead) guide outlined on the MyBB Wiki to complete the upgrade process. You may download a ZIP archive of changed files here:
[attachment=11800]

You must then check for modified templates using the instructions in the next post.

Upgrading from other versions
If you are upgrading from a version earlier than 1.2 then you will lose your custom themes, templates and language packs due to the number of changes between your version and the 1.2 series.

Before you attempt to upgrade, ensure you have a database backup and a copy of the files currently in use on your board. This is so you can revert back to your earlier version if you need to or something goes horribly wrong with the upgrade process.

Follow the general [Wiki: Upgrading] (Broken link, head over to docs.mybb.com instead) guide outlined on the MyBB Wiki to complete the upgrade process.

Changed files since MyBB 1.4.3 & 1.4.2
  • admin/
    • inc/
      • functions.php
      • functions_themes.php
    • modules/
      • config/
        • settings.php
        • warning.php
      • forum/
        • attachments.php
        • management.php
      • home/
        • index.php
        • preferences.php
      • style/
        • templates.php
        • themes.php
      • tools/
        • backupdb.php
        • optimizedb.php
        • recount_rebuild.php
      • user/
        • groups.php
        • group_promotions.php
        • mass_mail.php
        • users.php
    • styles/
      • default/
        • main.css
      • sharepoint/
        • main.css
  • attachment.php
  • jscripts/
    • editor.js
    • validator.js
  • inc/
    • class_core.php
    • class_custommoderation.php
    • class_datacache.php
    • class_error.php
    • class_mailhandler.php
    • class_parser.php
    • class_session.php
    • datahandlers/
      • pm.php
      • post.php
      • user.php
    • db_mysql.php
    • db_mysqli.php
    • db_pdo.php
    • db_pgsql.php
    • db_sqlite2.php
    • db_sqlite3.php
    • functions.php
    • functions_compat.php
    • functions_forumlist.php
    • functions_image.php
    • functions_online.php
    • functions_massmail.php
    • functions_post.php
    • functions_upload.php
    • languages/
      • english/
        • admin/
          • home_preferences.lang.php
        • akismet.lang.php
        • datahandler_pm.lang.php
        • helpdocs.lang.php
        • member.lang.php
        • misc.lang.php
        • newreply.lang.php
        • online.lang.php
      • english.php
    • plugins/
      • akismet.php
    • tasks/
      • promotions.php
  • install/
    • index.php
    • resources/
      • mybb_theme.xml
      • mysql_db_inserts.php
      • mysql_db_tables.php
      • pgsql_db_tables.php
      • sqlite_db_tables.php
      • upgrade12.php
      • upgrade13.php
      • upgrade14.php
    • stylesheet.css
    • upgrade.php
  • calendar.php
  • captcha.php
  • editpost.php
  • forumdisplay.php
  • htaccess.txt
  • index.php
  • member.php
  • memberlist.php
  • misc.php
  • modcp.php
  • moderation.php
  • newreply.php
  • newthread.php
  • portal.php
  • private.php
  • reputation.php
  • search.php
  • sendthread.php
  • showteam.php
  • showthread.php
  • usercp.php
  • warnings.php
  • xmlhttp.php

* Red represents files that contain security updates
* Green represents new files added in this release

Bugs fixed since MyBB 1.4.3 & 1.4.2
  • #41002 - Forum Management - Setting permisions (when all perms are 0)
  • #40973 - Mass Mail send also to users who disabled to receive mails from Admins
  • #40922 - [PostgreSQL] Usergoup group by
  • #40774 - Reported posts sent as private messages
  • #40700 - Logic flaw in usergroup_permission() function [R]
  • #40629 - [PostgreSQL] Adding a attachment [R]
  • #40627 - [PostgreSQL] Optimize Database [R]
  • #40447 - error in searching item in template admin [C-Michael83]
  • #40412 - 10,000 PMs problem [C-Ryan Gordon]
  • #40396 - Mail Reply Address: Issue Resolved
  • #40387 - [Calender] HTML encoding / stripping problem [C-Chris]
  • #40378 - SQL error when editing thread
  • #40363 - [WOL] Viewing an attachment [R] [C-Michael83]
  • #40272 - Additional Group Deletion [C-Chris]
  • #40260 - Merage Posts Bug [R] [C-Michael83]
  • #40259 - Merged Users [C-Chris]
  • #40229 - Quick Reply Problem With Hanging [R] [C-Michael83]
  • #40223 - Word Wrapping garbles UTF-8 [R] [C-Michael83]
  • #40153 - Promotions
  • #40124 - templates not cached at startup in some pages [C-Michael83]
  • #40102 - Username stuck to other text
  • #40092 - templates not cached at startup in calendar [C-Chris]
  • #40060 - Calendar problem: First days of month missing [R] [C-Chris]
  • #40029 - Disallowed username ajax verification error [R] [C-Michael83]
  • #39978 - Wrong reputation_end hook [C-Chris]
  • #39941 - Mass deleting posts via search [C-Chris]
  • #39829 - Merge posts - attachment(s) problem [R] [C-Michael83]
  • #39807 - How to Remove old Templates? [C-Michael83]
  • #39696 - Test thread [R] [C-DennisTT]
  • #39690 - DB_SQLITE error
  • #39686 - No recipient when replying after draft [R] [C-Michael83]
  • #39607 - Reputation Limit and bbcodes in rep [R]
  • #39604 - Maximum Avatar Dimensions in Posts PROBLEM [C-Chris]
  • #39592 - Admincp Remove Avatars [C-Michael83]
  • #39525 - Warning types typo [C-Michael83]
  • #39521 - Ban length [C-Michael83]
  • #39505 - Mysql 4.0.27 install problems
  • #39398 - Admincp IPaddress query problem
  • #39382 - Missing PostgreSQL concat function
  • #39343 - Old 1.2 settings not removed in upgrade to 1.4 [C-Michael83]
  • #39334 - changing week start day issue [C-Michael83]
  • #39332 - Number of online users on portal [C-Michael83]
  • #39331 - Mass mail preview [C-Michael83]
  • #39330 - You can not use "Javascript:" in a post [C-Michael83]
  • #39329 - <) and >) converted to smilies [R] [C-Michael83]
  • #39328 - Calendar: Week view problem [C-Chris]
  • #39327 - Attachment search: SQL error [C-Michael83]
  • #39276 - A JS issue with toggling forum permissions in ACP [C-Michael83]
  • #39189 - Can't delete user
  • #39157 - No profile stars in profile [C-Michael83]
  • #39149 - mybb1.4.2 and PostgreSQL
  • #39126 - Stripslashes [C-Michael83]
  • #39050 - small textbox (+ fix)
  • #39041 - Moderation permissions issue - user with moderator permissions cannot delete [C-Michael83]
  • #38991 - Users ban is not lifted in class_session - bad banned cache array?
  • #38980 - Unable to set permissions for forum. [C-Michael83]
  • #38853 - *Small* error in Archive [C-Michael83]
  • #38654 - SQLite 3 show_fields_from doesn't work
  • #38647 - Replace Query doesn't work on PGsql / SQLite
  • #38646 - PostgreSQL Doesn't support "ALTER .. CHANGE" syntax
  • #38643 - check_thumbnail_memory doesn't work
  • #38642 - [Installation] PHP < 5.1.0 & sqlite_query
  • #38597 - url with brackets [C-Michael83]
  • #38524 - Error when activating members
  • #38488 - Thread tool post reply disable smilies [C-Michael83]
  • #38308 - Deleting queued attachments [C-Michael83]
  • #39181 - Attachments for New Threads [with fix]
  • #38270 - Admin CP / Users search bug
  • #38266 - Inherited stylesheet problem [C-Michael83]
  • #38222 - Duplicate session key in insert SQL with spider bot
  • #38221 - Bad profile link in archive mode, SEO off [C-Michael83]
  • #38218 - [MCP] - moderators cant mark reported posts in child forums [C-Chris]
  • #38207 - SQL error in usergroups management in ACP [C-Michael83]
  • #38170 - Default templates problem [C-Michael83]
  • #38166 - Date format bug [C-Michael83]
  • #38165 - Mod-CP: Sorting by last visit not working [C-Michael83]
  • #38112 - Template sets collapsing / expanding problem [C-Michael83]
  • #38085 - WOL: Viewing a profile [C-Michael83]
  • #38078 - Duplicate settings issue
  • #37981 - Thumbnails Not Rebuilding [C-Michael83]
  • #37977 - Post Icons won't save in Drafts [C-Michael83]
  • #37844 - forum emails reply-to admin not email sender
  • #37824 - Error with editing a user [C-Michael83]
  • #37819 - Birthday reset [C-Michael83]
  • #37787 - Not Sure If This is Bug...But [C-Michael83]
  • #37723 - Blank page with MyBB installation and MySQL4
  • #37713 - Moderators cache - array_merge() reindex bug
  • #37695 - ACP Avatar Galleries [C-Michael83]
  • #37584 - The User with no name [R] [C-Michael83]
  • #37486 - No way to remove a suspension.
Theme and template changes
Using the "Find Updated" link under the "Templates" page in the Admin CP you can find a list of the templates that have changed in this release that you've got one or more custom copies of.

After identifying changed templates using the tool you can either revert your custom template to the default (delete it) or use the "diff" tool to perform a difference analysis on your custom template and the default.

"Revert required" indicates that for this template to work correctly with MyBB 1.4.4 you'll either need to revert it to the default or modify your custom template to include the changes in the default. If a revert is not required your custom version of the template should work perfectly fine.

Template changes
Since MyBB 1.4.2 the following templates have had changes to them:
  • showthread_moderationoptions
  • forumbit_depth3
  • member_login
  • search_results_posts_inlinemoderation

* Red represents the template must be updated or reverted to fix security problems

Language file changes
Since MyBB 1.4.2 the following language files have had changes to them:
  • admin/
    • home_preferences.lang.php
  • akismet.lang.php
  • datahandler_pm.lang.php
  • helpdocs.lang.php
  • member.lang.php
  • misc.lang.php
  • newreply.lang.php
  • online.lang.php
Either update your language packs to include the changes in these files or revert to the standard English language pack.

Plugins
Most of your MyBB 1.4.x plugins will work correctly with 1.4 without any updates.
Please note when you upgrade, you need to run the upgrader script (install/upgrade.php). Apparently we didn't make that clear enough. Smile