MyBB Community Forums
[Discuss] MyBB 1.2.11 Released - IMPORTANT Security Update - Printable Version

+- MyBB Community Forums (https://community.mybb.com)
+-- Forum: Community Archive (https://community.mybb.com/forum-106.html)
+--- Forum: Archived Forums (https://community.mybb.com/forum-143.html)
+---- Forum: Miscellaneous Archive (https://community.mybb.com/forum-140.html)
+----- Forum: Old Announcements (https://community.mybb.com/forum-2.html)
+------ Forum: Announcements Discussion (https://community.mybb.com/forum-31.html)
+------ Thread: [Discuss] MyBB 1.2.11 Released - IMPORTANT Security Update (/thread-27228.html)

Pages: 1 2 3 4 5 6


RE: [Discuss] MyBB 1.2.11 Released - IMPORTANT Security Update - Yumi - 2008-01-09

apa Wrote:Patched. All works fine, but it still says the version is 1.2.10.

Is this normal?
Did you edit / upload a new /inc/class_core.php ?

flick Wrote:Patched, thanks! Big Grin IT happened to coincide with the my host's SQL having a slight downtime, which might have been lucky?
This patch only affects the PHP files, and has nothing to do with your MySQL server (well, in this sense). Toungue

alt3rn4tiv3 Wrote:By the way, thanks for all those who helped me check out JobForums. I fixed the problem by deactivating the SpiceFuse SEO plugin. Although this seems to have solved the problem, I don't know why did the problem occur in the first place, or why despite me clearing my cache, using local proxies, etc, I still could see the page / post threads / posts just fine (along with a few other people).

In any case, I installed the Dynamic Meta plugin and modified it to include forum names / descriptions in the meta keywords tag. Although I can't use the SEO-friendly URLs from the SpiceFuse SEO plugin, I guess I'll wait for MyBB 1.4 to be released. Smile

Thanks to all who helped again!
This update doesn't actually touch or affect index.php at all, so it's unlikely to be the problem.
Could be the plugin doing some version checks or something...


RE: [Discuss] MyBB 1.2.11 Released - IMPORTANT Security Update - Wet Willie - 2008-01-09

So, i never updated my board to 1.2.10, still on 1.2.09, what is the preferred procedure for updating to 1.2.11 now? Install update to 1.2.10, then the security update for 1.2.10 and then the 1.2.11 version? Or should i go directly from 1.2.09? And will any of the updates ruin my swedish translation? A bit confused here......


RE: [Discuss] MyBB 1.2.11 Released - IMPORTANT Security Update - tmhai - 2008-01-09

You will need to UPGRADE your forum.

To do so, download the complete 1.2.11 package, and follow the upgrade procedures as outlined here: [Wiki: Upgrading] (Broken link, head over to docs.mybb.com instead)

You need to upgrade because 1.2.10 required an upgrade. Doing so using the latest download package will also patch your forums from the security issues as outlined by this release.


RE: [Discuss] MyBB 1.2.11 Released - IMPORTANT Security Update - Paretje - 2008-01-09

Thanks Wink


RE: [Discuss] MyBB 1.2.11 Released - IMPORTANT Security Update - metalappie - 2008-01-09

Not sure if it's relevant to this security issue but I patched the forums last night (which went smoothly) and this morning I noticed this really odd PHP file in the inc directory. It was called ._class_parser.php, but when I checked the file it didn't contain any PHP code but just some unreadable garbage. I'm now wondering if some idiot actually tried hacking our forums or was this just a corrupt file?

Forums still work great though, I'm just wondering if this could have been some hacker trying to use the exploits described in this announcement?


RE: [Discuss] MyBB 1.2.11 Released - IMPORTANT Security Update - aglioeolio - 2008-01-09

Thanks for this update Smile


RE: [Discuss] MyBB 1.2.11 Released - IMPORTANT Security Update - tmhai - 2008-01-09

metalappie Wrote:Not sure if it's relevant to this security issue but I patched the forums last night (which went smoothly) and this morning I noticed this really odd PHP file in the inc directory. It was called ._class_parser.php, but when I checked the file it didn't contain any PHP code but just some unreadable garbage. I'm now wondering if some idiot actually tried hacking our forums or was this just a corrupt file?

Forums still work great though, I'm just wondering if this could have been some hacker trying to use the exploits described in this announcement?

That could be residue from your FTP client. Whether it is or it's a malicious file it's safe to say that it can be deleted as it isn't necessary for the function of MyBB.


RE: [Discuss] MyBB 1.2.11 Released - IMPORTANT Security Update - Faisal Shah - 2008-01-09

Well, what i need to do?? just replace files thats all?? there is no upgrade for Database etc???

Help!
FAISAL!


RE: [Discuss] MyBB 1.2.11 Released - IMPORTANT Security Update - tmhai - 2008-01-09

Depending on what version of MyBB you are currently running you may need to take one of two options:

If you are running 1.2.9 or below, you will need to UPGRADE your forum. See [Wiki: Upgrading] (Broken link, head over to docs.mybb.com instead)
If you are running 1.2.10, you will need to PATCH your forum. This just involves replacing the affected files, as per the announcement thread.


RE: [Discuss] MyBB 1.2.11 Released - IMPORTANT Security Update - Faisal Shah - 2008-01-09


well, DONE! all of the forums are patched! Smile but i am still looking forward to have 1.4!