MyBB 1.2.1 Released - Maintenance & Security Update Release
#1
MyBB 1.2.1 is now available on the MyBB site and is a security update & bug fix maintenance release.

We've fixed several issues identified in MyBB 1.2 in this release and added support for Internet Explorer's HttpOnly cookies. There have also been some publicly disclosed security related issues (minor severity) identified with 1.2 and a more potentially high risk vulnerability which was not transitioned from 1.1.8 to 1.2 which are all fixed in this release.

We recommend that all users upgrade to 1.2.1 so their board is patched against these vulnerabilities and running a more stable copy of the MyBB 1.2 series.

Information on upgrading, template changes and language changes can be found in the posts below.

If for some reason you cannot immediately update to this release:
We recommend applying the attached manual patch instructions for the moderately-high risk vulnerability identified in MyBB 1.2. You should only consider this a temporary solution and make the effort to upgrade to 1.2.1.


Attached Files
.txt   mybb_120_temp_patch.txt (Size: 1.08 KB / Downloads: 1,209)
#2
Upgrading from 1.2
When upgrading from 1.2, you will not lose any custom themes, plugins or language packs which you may have installed. Running the upgrade script is also optional but recommended.

Before you attempt to upgrade, ensure you have a database backup and a copy of the files currently in use on your board. This is so you can revert back to your earlier version if you need to or something goes horribly wrong with the upgrade process.

Follow the general [Wiki: Upgrading] (Broken link, head over to docs.mybb.com instead) guide outlined on the MyBB Wiki to complete the upgrade process.

You must then check for modified templates using the instructions in the next post.

Upgrading from other versions
If you are upgrading from a version earlier than 1.2 then you will lose your custom themes, templates and language packs due to the number of changes between your version and 1.2.

Before you attempt to upgrade, ensure you have a database backup and a copy of the files currently in use on your board. This is so you can revert back to your earlier version if you need to or something goes horribly wrong with the upgrade process.

Follow the general [Wiki: Upgrading] (Broken link, head over to docs.mybb.com instead) guide outlined on the MyBB Wiki to complete the upgrade process.

Changed files since MyBB 1.2
  • admin/adminfunctions.php
  • admin/dbtools.php
  • admin/forums.php
  • admin/global.php
  • admin/helpdocs.php
  • admin/maintenance.php
  • admin/moderate.php
  • admin/plugins.php
  • admin/profilefields.php
  • admin/settings.php
  • admin/themes.php
  • admin/usergroups.php
  • admin/users.php
  • archive/index.php
  • inc/datahandlers/post.php
  • inc/datahandlers/user.php
  • inc/datahandlers/pm.php
  • inc/languages/english/datahandler_event.lang.php
  • inc/languages/english/datahandler_user.lang.php
  • inc/languages/english/messages.lang.php
  • inc/languages/english/private.lang.php
  • inc/languages/english/search.lang.php
  • inc/plugins/hello.php
  • inc/class_core.php
  • inc/class_diff.php
  • inc/class_language.php
  • inc/class_moderation.php
  • inc/class_parser.php
  • inc/class_session.php
  • inc/db_mysql.php
  • inc/db_mysqli.php
  • inc/functions.php
  • inc/functions_post.php
  • inc/functions_search.php
  • inc/functions_user.php
  • inc/generic_error.php
  • jscripts/inline_edit.js
  • jscripts/moo.ajax.js
  • jscripts/thread.js
  • attachment.php
  • calendar.php
  • captcha.php
  • editpost.php
  • global.php
  • member.php
  • memberlist.php
  • misc.php
  • moderation.php
  • newreply.php
  • newthread.php
  • online.php
  • portal.php
  • private.php
  • report.php
  • reputation.php
  • rss.php
  • showteam.php
  • showthread.php
  • stats.php
  • syndication.php
  • usercp.php
#3
Theme and template changes
Using the "Find Updated" link under the "Templates" section in the Admin CP you can find a list of the templates that have changed in this release that you've got one or more custom copies of.

After identifying changed templates using the tool you can either revert your custom template to the default (delete it) or use the "diff" tool to perform a difference analysis on your custom template and the default.

Since MyBB 1.2 the following templates have been changed. "Revert required" indicates that for this template to work correctly with MyBB 1.2 you'll either need to revert it to the default or modify your custom template to include the changes in the default. If a revert is not required your custom version of the template should work perfectly fine.
  • forumdisplay_inlinemoderation
  • forumbit_depth1_cat
  • postbit
  • usercp_email
  • usercp_changename
  • portal_welcome_guesttext - Revert required

Language packs changes
Since MyBB 1.2 the following language files have had changes to them:
  • datahandler_event.lang.php
  • datahandler_user.lang.php
  • messages.lang.php
  • private.lang.php
  • search.lang.php

Either update your language packs to include the changes in these files or revert to the standard English language pack.

Plugins
Your MyBB 1.2 plugins will work correctly with 1.2.1 without any updates.

To plugin developers, due to a path disclosure vulnerability with calling plugins directly, we recommend placing the following code at the top of the plugin to ensure they're being accessed through MyBB:
if(!defined("IN_MYBB"))
{
	die("This file cannot be accessed directly.");
}

The "Hello World" plugin has been updated with this change as an example.
#4
Discuss this announcement


Forum Jump:


Users browsing this thread: 1 Guest(s)