Tan
17th Feb, 08:51 am
As many of you know (or don't know) the Mybb Group has released MyBB 1.8.4 out to the masses. Feel free to read the official announcement here. Or just read the bullet points below.
MyBB 1.8.4 – Feature Update, Security & Maintenance Release
MyBB 1.8.4 – Feature Update, Security & Maintenance Release
Quote:This release fixes 7 vulnerabilities and 118 reported issues causing incorrect functionality of MyBB. Please be aware that to be able to provide easy to manage updates not all issues have been fixed in this version.
- Vulnerabilities:
- Medium Risk: A XSS vulnerability in member.php – reported by ATofighi
- Medium Risk: A XSS vulnerability in MyCode editor – reported by Matthias Ungethüm
- Low Risk: Multiple XSS vulnerability requiring admin permissions – reported by adamziaja, Devilshakerz, DingjieYang and sroesemann
- Low Risk: A CSRF vulnerability within ACP login – reported by Devilshakerz
- Low Risk: Group join request notifications sent to wrong group leaders – reported by Snake_
- Low Risk: Cache handler using var_export without encoding checks – reported by chtg
- No Risk: A full path disclosure vulnerability within JSON library – reported by Nathan Malcolm
- Bugs fixed:
- New features:
GS9