2006-06-22, 11:50 AM
In something which couldn't have come at a worse time for us with 1.2 going in to beta next week, we're releasing MyBB 1.1.4 - a security update to the MyBB 1.x series. It fixes a moderate risk SQL injection vulnerability affecting MyBB 1.0 to MyBB 1.1.3.
We recommend all users upgrade their copy of MyBB to the latest available release.
The release on the MyBB site has also been updated to 1.1.4.
Update instructions are in the next post, including a list of changed files (and a ZIP archive of them) as well as manual patching instructions for those of you who have customized their code.
I was only notified of this issue within the past hour and I am unaware of any widespread knowledge of it. It is a small fix for what is debatable as being something partly to blame on how PHP works and its treatment of 'true' and '1'.
Regards,
MyBB Group
We recommend all users upgrade their copy of MyBB to the latest available release.
- Potential SQL injection in usercp.php (imei Web Security)
The release on the MyBB site has also been updated to 1.1.4.
Update instructions are in the next post, including a list of changed files (and a ZIP archive of them) as well as manual patching instructions for those of you who have customized their code.
I was only notified of this issue within the past hour and I am unaware of any widespread knowledge of it. It is a small fix for what is debatable as being something partly to blame on how PHP works and its treatment of 'true' and '1'.
Regards,
MyBB Group