MyBB 1.1.7 Released - Security Update
#1
Due to a low risk browser based cross-site scripting vulnerability found in MyBB, we're releasing a security update to the MyBB 1.1.x series. The exact vulnerability allows cross-site scripting by invalid input in to an avatar URL which will then cause certain browsers (Internet Explorer) to execute that input.

We recommend all users upgrade their copy of MyBB to the latest available release.

The release on the MyBB site has also been updated to 1.1.7.

Update instructions are in the next post, including a list of changed files (and a ZIP archive of them) as well as manual patching instructions for those of you who have customized their code.

We're also after feedback regarding your preferred methods for applying patches to your board - and your feedback of two new methods which you may see in the future. Please let us know your opinions

Regards,
Chris Boulton


Messages In This Thread
MyBB 1.1.7 Released - Security Update - by - 07-28-2006, 02:34 AM
RE: MyBB 1.1.7 Released - Security Update - by - 07-28-2006, 02:35 AM
RE: MyBB 1.1.7 Released - Security Update - by - 07-28-2006, 02:38 AM
RE: MyBB 1.1.7 Released - Security Update - by - 07-28-2006, 01:31 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)