If you've used the MyBB Merge System v1.6.1 or earlier please download the attached file, upload it to your forum root, and run it by going to
http://yourdomain.com/yourforumpath/icr.php for security purposes.
The reason for this is a potential security breach related to the "old db" password being stored in the datacache in plaintext form. Thanks goes to euantor & Malcolm for reporting this.
I removed the cache as soon as I merged.
(2011-07-20, 07:41 PM)Malcolm. Wrote: [ -> ]I removed the cache as soon as I merged.
Not everyone will be aware to do that though
This will be fixed in Merge System 1.6.2 thankfully.
(2011-07-20, 07:43 PM)Dylan M. Wrote: [ -> ] (2011-07-20, 07:41 PM)Malcolm. Wrote: [ -> ]I removed the cache as soon as I merged.
Not everyone will be aware to do that though
This will be fixed in Merge System 1.6.2 thankfully.
You are right i didn`t new about this
Done now thanks for letting us know
Done. Thanks for the fix Dylan.
(2011-07-20, 07:43 PM)Dylan M. Wrote: [ -> ]Not everyone will be aware to do that though
You are right... that's why I wonder if this was sent on any mailing, just like you (MyBB) do upon security advisories.
I came across this post just by coincidence. Most of us migrate a forum just once and then forget about this
MyBB Merge Support subforum.
P.S. Thanks for the fix
It was on the blog, I don't think it was sent out via mailing list though as I don't have access to that