2006-06-10, 12:07 PM
(This post was last modified: 2006-06-10, 05:36 PM by Dennis Tsang.)
MyBB 1.1.3 is a security update to the MyBB 1.x series. It fixes a moderate risk cross site scripting vulnerability and a moderate-high risk PHP injection vulnerability affecting all versions of MyBB (1.0 RC, 1.0 Final, 1.1 series).
We recommend all users upgrade their copy of MyBB to the latest available release.
Fixed vulnerabilities:
Update instructions are in the next post, including a list of changed files (and a ZIP archive of them) as well as manual patching instructions for those of you who have customized their code.
Regarding MyBB 1.2
Development is still continuing. Myself (and other developers) are currently unable to be as active as we'd like to beat the moment due to being in major assessment and examination periods.
The beta testing phase will soon begin and users will be contacted to test this upcoming release. (Please do not request to become a tester - we chose you based on your experience and community participation)
Regards,
MyBB Group
We recommend all users upgrade their copy of MyBB to the latest available release.
Fixed vulnerabilities:
- Potential cross site scripting with unsanitized input variable in private.php (D3vil-0x1)
- Potential PHP arbitrary code executation vulerability with post parser (Secunia)
Update instructions are in the next post, including a list of changed files (and a ZIP archive of them) as well as manual patching instructions for those of you who have customized their code.
Regarding MyBB 1.2
Development is still continuing. Myself (and other developers) are currently unable to be as active as we'd like to beat the moment due to being in major assessment and examination periods.
The beta testing phase will soon begin and users will be contacted to test this upcoming release. (Please do not request to become a tester - we chose you based on your experience and community participation)
Regards,
MyBB Group