MyBB Community Forums
MyBB 1.1.4 Released - Printable Version

+- MyBB Community Forums (https://community.mybb.com)
+-- Forum: Community Archive (https://community.mybb.com/forum-106.html)
+--- Forum: Archived Forums (https://community.mybb.com/forum-143.html)
+---- Forum: Miscellaneous Archive (https://community.mybb.com/forum-140.html)
+----- Forum: Old Announcements (https://community.mybb.com/forum-2.html)
+----- Thread: MyBB 1.1.4 Released (/thread-9955.html)



MyBB 1.1.4 Released - Chris Boulton - 06-22-2006

In something which couldn't have come at a worse time for us with 1.2 going in to beta next week, we're releasing MyBB 1.1.4 - a security update to the MyBB 1.x series. It fixes a moderate risk SQL injection vulnerability affecting MyBB 1.0 to MyBB 1.1.3.

We recommend all users upgrade their copy of MyBB to the latest available release.

The release on the MyBB site has also been updated to 1.1.4.

Update instructions are in the next post, including a list of changed files (and a ZIP archive of them) as well as manual patching instructions for those of you who have customized their code.

I was only notified of this issue within the past hour and I am unaware of any widespread knowledge of it. It is a small fix for what is debatable as being something partly to blame on how PHP works and its treatment of 'true' and '1'.

Regards,
MyBB Group


RE: MyBB 1.1.4 Released - Chris Boulton - 06-22-2006

Updating from 1.1.3 Using Changed Files (Recommended)
You must already be running MyBB 1.1.3 to perform this method!
  • Download the attached "mybb_114_changed_files.zip" from this post.
  • Upload the contents of it to your forums in the corresponding folders.
  • Check your Admin CP to confirm you are running 1.1.4
Updating from 1.1.3 Manually
You must already be running MyBB 1.1.3 to perform this method!
  • Download the attached "mybb_114_patch.txt" from this post.
  • Follow the manual patch instructions in the file replacing or adding code where necessary and uploading the files back up to your web site.
Updating from Previous Releases
Download the latest release from the MyBB web site and follow the general upgrade procedure. (Found in docs/upgrade.html)

Changed Files
  • inc/functions.php (Optional - Version number change)
  • usercp.php



RE: MyBB 1.1.4 Released - Chris Boulton - 06-22-2006

Discussion thread for this announcement: http://community.mybboard.net/showthread.php?tid=9956


RE: MyBB 1.1.4 Released - Dennis Tsang - 06-26-2006

Several forums have been exploited today, and by the looks of it, because of the lack of this patch. The consequences to your board of being exploited may be severe, including deletion of content. The MyBB Group urges all users to upgrade to the latest version as soon as possible.


RE: MyBB 1.1.4 Released - Kodaks - 06-26-2006

It has come to our attention that MyBB versions other than 1.1.3 may also be affected in this series of hackings. We strongly urge all individuals to maintain a daily MySQL backup for the time being.