MyBB Development Blog

Welcome to the MyBB Development Blog. Here you'll find updates relating to the development of future versions of MyBB as well as technical discussions, tips, tricks and modifications to help you get the most out of MyBB.

MyBB 1.4.11 Released – Minor Patch & Security Update

By Dennis Tsang | Published December 29th, 2009 | Releases, Security, Updates | Rating: 1 Star2 Stars3 Stars4 Stars5 Stars Loading ... Loading ...

MyBB 1.4.11 is now available on the MyBB website and is a minor patch update to 1.4.10.

This release is to ensure that all users on 1.4.10 have the latest patches, to fix a small and rare bug that with malicious intent can be used to assist a Denial-of-Service attack, and to patch a low security issue that can allow a user to check for file existence outside of the web root.

Thank you to Labrocca and Secunia (through a third party) for alerting us of these issues.

What’s fixed in this version?

This release has been tested by our Software Quality Assurance group.

This update does not require running the upgrader.
There are no database schema, language string, or template changes in this version.

MyBB 1.4.10 to MyBB 1.4.11 Patch

This patch is only for users running MyBB 1.4.10. If you are running an older version of MyBB then please download MyBB 1.4.11 from the MyBB site and update to it using the general [Wiki: Upgrading] guide.

Please download the attached ZIP archive and replace the files in your forum directory with those from the ZIP archive.
changed_files_1411.zip

If you wish to manually patch your board please download “mybb_1410_patches.txt” and follow the instructions in that file.
mybb_1410_patches.txt

The manual patch set instructions only fixes the security vulnerabilities and is only made available to temporarily secure your forum until you have time to run the complete upgrade.

The following files were changed since the initial MyBB 1.4.10 release:

  • admin
    • modules
      • style
        • templates.php
      • tools
        • backupdb.php
      • user
        • users.php
  • inc
    • datahandlers
      • event.php
      • user.php
    • class_core.php
    • class_error.php
    • class_moderation.php
    • functions_upload.php
    • functions_time.php
    • tasks
      • backupdb.php
  • calendar.php
  • usercp.php

* Red represents files that contain security updates
* Green represents new files added in this release

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page.

MyBB 1.2.14 Patch

Please follow step #1 in the mybb_1410_patches.txt file as listed above.

Please note all users of the 1.2.x series are urged to upgrade to the latest release of MyBB. (1.4.11) MyBB 1.2 is no longer being supported and security updates for the MyBB 1.2 series will only last through December 2009.

Thank you,
MyBB Team

Comments

  1. 1.

    Staff Response: Ryan Gordon (December 29th, 2009, 12:12 pm)

    PLEASE DO NOT POST SUPPORT REQUESTS IN THIS BLOG DISCUSSION THREAD – they will be ignored or deleted.

    If you need help please post it at the General Support forum:
    http://community.mybboard.net/forum-81.html

    This comment thread is for feedback and questions regarding the release, and any clarifications.

    Thanks for your cooperation.

  2. 2.

    Themem (December 29th, 2009, 12:36 pm)

    Thanks for update

  3. 3.

    depresan (December 29th, 2009, 1:23 pm)

    thank you for update^^

  4. 4.

    catfished (December 29th, 2009, 2:54 pm)

    Thanks for a quick and easy update.

  5. 5.

    Starnova (December 29th, 2009, 3:31 pm)

    I appreciate the update. Very easy. Thank you for being so ontop of things all the time. Mybb is the bomb!

  6. 6.

    Pietia (December 29th, 2009, 8:53 pm)

    THX for the update

    :]

  7. 7.

    ghazal (December 29th, 2009, 9:35 pm)

    Welldone release Ryan Gordon and all staff, congratulations ;)

  8. 8.

    Glas (December 29th, 2009, 10:21 pm)

    LOL GHAZAL

    Thanks MyBB guys for this patch :D

  9. 9.

    Fábio Maia (December 29th, 2009, 10:23 pm)

    Thank you for the update.

  10. 10.

    Chay Brandon (December 30th, 2009, 12:07 am)

    Thanks for the update

  11. 11.

    Gary (December 30th, 2009, 12:17 am)

    Perfect! Thanks for the update guys!

  12. 12.

    SoniQuake (December 30th, 2009, 12:32 am)

    Thank you for the update. We’ll waiting for the next release.

    Congratulations MyBB Team. :)

  13. 13.

    Menthix (December 30th, 2009, 1:15 am)

    I love changed_files.zip \o/

  14. 14.

    Eliran (December 30th, 2009, 2:13 am)

    Amazing! Good job. Keep it up. Soon I’m gonna open new My BB community forum in Israel.

  15. 15.

    phpBB 3.0.6, MyBB 1.4.11 released | Forum Bite - the forum admin blog - admin resources (December 30th, 2009, 3:19 am)

    [...] downloaded as usual from the MyBB website. You can also download the changed files and patches from this blog post over on the MyBB development [...]

  16. 16.

    Asyn (December 30th, 2009, 4:37 am)

    Thank for everything.

  17. 17.

    Harry Gumilar (December 30th, 2009, 12:00 pm)

    too late… our forum has been hacked yesterday.. our database has been dropped by somebody..

  18. 18.

    Staff Response: Ryan Gordon (December 30th, 2009, 4:15 pm)

    You must have neglected to update your forum for quite a long time Harry since there have been no vulnerabilities that could allow a hacker to drop your database for quite a while now.

  19. 19.

    MyBB 1.4.11 Released – Minor Patch & Security Update Scripts Rss (January 2nd, 2010, 11:39 pm)

    [...] the rest here: MyBB 1.4.11 Released – Minor Patch & Security Update By admin | category: MyBB, Object | tags: all-posts, MyBB, offers-quality, offline, patch, [...]

  20. 20.

    abib (January 4th, 2010, 2:38 pm)

    Thank for everything.

  21. 21.

    MyBB Blog » Blog Archive » MyBB 1.4.11 Released – Minor Patch … Hello CMS - the best cms website (January 4th, 2010, 8:28 pm)

    [...] more here: MyBB Blog » Blog Archive » MyBB 1.4.11 Released – Minor Patch … By admin | category: MyBB, Object | tags: central, development, find-updates, MyBB, [...]

  22. 22.

    buy essay (January 9th, 2010, 6:06 am)

    Thank you for posting article! :)

  23. 23.

    Habib (January 16th, 2010, 9:00 pm)

    Thank for everything.

  24. 24.

    xpserkan (February 16th, 2010, 12:23 pm)

    Thanks,for the update.

  25. 25.

    oyun (February 24th, 2010, 4:25 pm)

    thanks for the update.

  26. 26.

    lzj87980239 (February 28th, 2010, 1:14 pm)

    Thanks,for the update.

  27. 27.

    Tom (March 5th, 2010, 5:35 pm)

    Great! Finally an update here – have been waiting for it. Our managers at essay writing service have even been thinking about switching to a different service provider because of the bug. So, great that you fixed it and launched an update!

Post a Comment

Note: * indicates required fields.