MyBB 1.2.7 Released - Security & Maintenance Release
#1
MyBB 1.2.7 is now available on the MyBB website and is a general maintenance release as well as a security update release that patches a recently discovered low threat vulnerability.

Over 50 bugs were identified with MyBB 1.2.3 in 1.2.6 through bug report submissions, beta testing and internal analysis. These bugs have been fixed to provide a more stable version of MyBB for public use.

What's added/changed in this version?
  • Speed improvements for forums with millions of posts (Rewritten count system)
  • When using MySQL fulltext searching, the minimum search term error is only shown when all search terms are below the minimum length.
  • Additional information on plugins in debug mode

Information on upgrading, template changes and language changes can be found in the posts below. MyBB 1.1.x patches can also be found below.

If for some reason you cannot immediately update to this release:
We recommend applying the attached manual patch instructions for the vulnerability found in MyBB 1.2.6. You should only consider this a temporary solution and make the effort to upgrade to 1.2.7 as soon as possible.

To patch your 1.2.7 to fix these vulnerabilities please follow the following instructions:

.txt   mybb_126_xss_fix.txt (Size: 1.01 KB / Downloads: 1,543)

Please note, that you need to run the upgrade script for this version. This is so the templates may be updated.
There are no database schema changes in this version.

Thank you to Ryan for preparing this announcement for me as I have been pre-occupied with family related things this week.
#2
Upgrading from the 1.2 series
When upgrading from 1.2, you will not lose any custom themes, plugins or language packs which you may have installed.

Follow the general [Wiki: Upgrading] (Broken link, head over to docs.mybb.com instead) guide outlined on the MyBB Wiki to complete the upgrade process. You may download a ZIP archive of changed files here:

.zip   mybb_127_changed_files.zip (Size: 425.1 KB / Downloads: 1,486)

You must then check for modified templates using the instructions in the next post.

Upgrading from other versions
If you are upgrading from a version earlier than 1.2 then you will lose your custom themes, templates and language packs due to the number of changes between your version and the 1.2 series.

Before you attempt to upgrade, ensure you have a database backup and a copy of the files currently in use on your board. This is so you can revert back to your earlier version if you need to or something goes horribly wrong with the upgrade process.

Follow the general [Wiki: Upgrading] (Broken link, head over to docs.mybb.com instead) guide outlined on the MyBB Wiki to complete the upgrade process.

Changed files since MyBB 1.2.3
Green indicates files which have been added since the MyBB 1.2.3 release.
  • admin/
    • adminfunctions.php
    • attachments.php
    • forums.php
    • index.php
    • maintenance.php
    • moderate.php
    • templates.php
    • usergroups.php
    • users.php
  • archive/
    • index.php
  • inc/
    • class_core.php
    • class_custommoderation.php
    • class_datacache.php
    • class_feedgeneration.php
    • class_moderation.php
    • class_parser.php
    • class_plugins.php
    • class_session.php
    • db_mysql.php
    • db_mysqli.php
    • functions.php
    • functions_archive.php
    • functions_post.php
    • functions_rebuild.php
    • functions_search.php
    • functions_upload.php
    • init.php
    • datahandlers/
      • event.php
      • pm.php
      • post.php
      • user.php
    • languages/
      • english.php
      • english/
        • global.lang.php
        • member.lang.php
        • misc.lang.php
        • showthread.lang.php
        • usercp.lang.php
        • admin/
          • users.lang.php
  • install/
    • index.php
    • upgrade.php
    • resources/
      • language.lang.php
      • mybb_theme.xml
      • upgrade1.php
      • upgrade2.php
      • upgrade5.php
      • upgrade9.php
  • jscripts/
    • editor.js
    • inline_edit.js
    • post.js
    • thread.js
  • captcha.php
  • editpost.php
  • forumdisplay.php
  • global.php
  • member.php
  • moderation.php
  • newreply.php
  • newthread.php
  • portal.php
  • private.php
  • report.php
  • search.php
  • showteam.php
  • showthread.php
  • usercp.php

Bugs fixed since MyBB 1.2.3
  1. Fixed Bug #18652 - codeblock and alignment invalid
  2. Fixed Bug #18185 - Attachment quota
  3. Fixed Bug #18268 - Quote/Apostrophe in usernames
  4. Fixed Bug #19137 - Quick reply problem.
  5. Fixed Bug #16976 - Post doesn't check referrer
  6. Fixed Bug #16485 - Quick edit mess up message if images > max
  7. Fixed Bug #18909 - Merged Admin loses access
  8. Fixed Bug #18728 - A bug, and a solution
  9. Fixed Bug #18257 - Search bug
  10. Fixed Bug #17139 - Edited by bug
  11. Fixed Bug #18604 - -1 post count bug
  12. Fixed Bug #18552 - Translation of buttons
  13. Fixed Bug #18523 - posts colors Valid CSS
  14. Fixed Bug #18490 - Editing user and DST
  15. Fixed Bug #17645 - Notify PM rechecked in ACP when editing member
  16. Fixed Bug #18245 - variable name mismatch
  17. Fixed Bug #18253 - Hidden Admin CP links
  18. Fixed Bug #17513 - Attachments stats
  19. Fixed Bug #18046 - Time Spent Online - Grammar Error
  20. Fixed Bug #18157 - portal bug
  21. Fixed Bug #16469 - Poll copying still doesn't work.
  22. Fixed Bug #18059 - MyBB1.2.4 fix
  23. Fixed Bug #17549 - & in code tags...
  24. Fixed Bug #17306 - XHTML Errors in templates
  25. Fixed Bug #17654 - CSS missing ;
  26. Fixed Bug #16704 - Language Error!
  27. Fixed Bug #17253 - Always setting new session (sid from cookie not in DB?)
  28. Fixed Bug #17201 - Version of PCRE is not compiled with PCRE_UTF8
  29. Fixed Bug #17237 - XHTML error in template "portal"
  30. Fixed Bug #15696 - reply position lost after Post Flood Check
  31. Fixed Bug #16205 - Bugy recover password
  32. Fixed Bug #16339 - Still e-mail notification after moving post to unallowed category
  33. Fixed Bug #16525 - Notify by email for new PM bug
  34. Fixed Bug #16706 - reputation system
  35. Fixed Bug #16294 - MyCode not parsed
  36. Fixed Bug #16742 - data corruption in settings...
  37. Fixed Bug #16705 - Portal.php Validation errors
  38. Fixed Bug #16618 - XHTML Validation fails
  39. Fixed Bug #16948 - JS Error still happening?
  40. Fixed Bug #16894 - Typo in code, in class_parser
  41. Fixed Bug #16794 - / me bug test
  42. Fixed Bug #16801 - Moderators issues
  43. Fixed Bug #16290 - MyBB won't install Sad
  44. Fixed Bug #16619 - No error message (avatar)
  45. Fixed Bug #16582 - Editor and IE7
  46. Fixed Bug #16584 - build_theme_select() bug
  47. Fixed Bug #16285 - Report Thread Bug [MyBB 1.2.3]
  48. Fixed Bug #16446 - Merging posts with lastpost
  49. Fixed Bug #16433 - Lite (Archive) Mode post order bug
  50. Fixed Bug #16410 - Atom feed time zone
  51. Fixed Bug #16333 - Version check
  52. Fixed Bug #16303 - [code] tag error
  53. Fixed Bug #19190 - when posting...
  54. Fixed Bug #19181 - Installation Script : DB Host value
  55. Fixed Bug #19196 - Birthday age error
#3
Theme and template changes
Using the "Find Updated" link under the "Templates" section in the Admin CP you can find a list of the templates that have changed in this release that you've got one or more custom copies of.

After identifying changed templates using the tool you can either revert your custom template to the default (delete it) or use the "diff" tool to perform a difference analysis on your custom template and the default.

Since MyBB 1.2.3 the following templates have been changed. "Revert required" indicates that for this template to work correctly with MyBB 1.2.7 you'll either need to revert it to the default or modify your custom template to include the changes in the default. If a revert is not required your custom version of the template should work perfectly fine.
  • newreply
  • footer
  • usercp_avatar
  • showthread_quickreply
  • portal
  • showthread_multipage
  • member_resetpassword - Revert required
  • moderation_split_post
  • previewpost

Language packs changes
Since MyBB 1.2.6 the following language files have had changes to them:
  • global.lang.php
  • member.lang.php
  • misc.lang.php
  • showthread.lang.php
  • usercp.lang.php
  • admin/users.lang.php
Either update your language packs to include the changes in these files or revert to the standard English language pack.

Plugins
Most of your MyBB 1.2.x plugins will work correctly with 1.2.7 without any updates.
#4
MyBB 1.1.8 Patch
This patch is only for users running MyBB 1.1.8 or any release of the MyBB 1.1 series.

Please download "mybb_118_xss_patch_127.txt" attached to this post and follow the manual patching instructions.

Please note all users of the 1.1.x series are urged to upgrade to the latest release of MyBB (1.2.7) as support for 1.1.8 is soon to end.


.txt   mybb_118_xss_fix_127.txt (Size: 1,013 bytes / Downloads: 511)
#5
Discuss this Announcement


Forum Jump:


Users browsing this thread: 1 Guest(s)