MyBB 1.1.4 Released
#1
In something which couldn't have come at a worse time for us with 1.2 going in to beta next week, we're releasing MyBB 1.1.4 - a security update to the MyBB 1.x series. It fixes a moderate risk SQL injection vulnerability affecting MyBB 1.0 to MyBB 1.1.3.

We recommend all users upgrade their copy of MyBB to the latest available release.

The release on the MyBB site has also been updated to 1.1.4.

Update instructions are in the next post, including a list of changed files (and a ZIP archive of them) as well as manual patching instructions for those of you who have customized their code.

I was only notified of this issue within the past hour and I am unaware of any widespread knowledge of it. It is a small fix for what is debatable as being something partly to blame on how PHP works and its treatment of 'true' and '1'.

Regards,
MyBB Group
#2
Updating from 1.1.3 Using Changed Files (Recommended)
You must already be running MyBB 1.1.3 to perform this method!
  • Download the attached "mybb_114_changed_files.zip" from this post.
  • Upload the contents of it to your forums in the corresponding folders.
  • Check your Admin CP to confirm you are running 1.1.4
Updating from 1.1.3 Manually
You must already be running MyBB 1.1.3 to perform this method!
  • Download the attached "mybb_114_patch.txt" from this post.
  • Follow the manual patch instructions in the file replacing or adding code where necessary and uploading the files back up to your web site.
Updating from Previous Releases
Download the latest release from the MyBB web site and follow the general upgrade procedure. (Found in docs/upgrade.html)

Changed Files
  • inc/functions.php (Optional - Version number change)
  • usercp.php


Attached Files
.txt   mybb_114_patch.txt (Size: 1.27 KB / Downloads: 974)
.zip   mybb_114_changed_files.zip (Size: 25.01 KB / Downloads: 1,162)
#3
Discussion thread for this announcement: http://community.mybboard.net/showthread.php?tid=9956
#4
Several forums have been exploited today, and by the looks of it, because of the lack of this patch. The consequences to your board of being exploited may be severe, including deletion of content. The MyBB Group urges all users to upgrade to the latest version as soon as possible.
Dennis Tsang
Former MyBB Team Member
Web: http://dennistt.net
#5
It has come to our attention that MyBB versions other than 1.1.3 may also be affected in this series of hackings. We strongly urge all individuals to maintain a daily MySQL backup for the time being.


Forum Jump:


Users browsing this thread: 1 Guest(s)