MyBB 1.6.12 is now available from the MyBB website and is a security and maintenance release.
What’s added/changed in this version?
This release fixes 4 vulnerabilities and 10 reported issues causing incorrect functionality of MyBB. Please be aware that to be able to provide easy to manage updates not all issues have been fixed in this version.
- Vulnerabilities:
- Medium Risk: A SQL vulnerability when editing smilies in ACP – reported by ChALkeR
- Medium Risk: A SQL vulnerability when deleting posts with Akismet in ACP – reported by ChALkeR
- Medium Risk: A XSS vulnerability in video MyCode – reported by ChALkeR
- Low Risk: A XSS vulnerability in smilie popup – reported by Spenzert
- Bugs fixed:
- MyCode parser adds new lines since 1.6.11
- Some plugins throwing errors due to usage of unsupported language file calls since 1.6.11
- Uploading attachments may fail when safe mode is enabled
- Promotion task option “weeks” doesn’t work properly
- Issue with queries not being executed in the correct order on logout
- #2196 Thread Prefix altered via Tamper Data
- #2251 Reputation doesn’t carry over when merging users
- #2267 See other’s posts in a “see own post forum” through archive
- #2275 Mod Log error when posting new thread
- Adding support for 4-Byte UTF-8 Unicode Encoding in MySQLWhen MySQL 5.5.3 or above is used a new option to convert the tables to 4-Byte UTF-8 Unicode Encoding is available in the “UTF-8 Conversion” page in the Admin Control Panel. This allows to store unicode characters with 4 bytes. If you don’t know what we are talking about you probably don’t need it. PgSQL and SQLite can store such characters by default.
Information on upgrading, template changes and language changes can be found on the Docs site.
Please note, that you do not need to run the upgrade script for this version.
There are no database schema changes in this version.
Upgrading from 1.6.11 and Other Versions
Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.
To upgrade, follow the Upgrading process. The upgrade script is not required. There are changes to 2 language files. No templates have been changed or added.
If you’re using MyBB 1.6.11
- Download and use the Changed Files Package (MD5: e39fbb0a8fcea856ed533c7d68869226)
- Follow the Docs Upgrading Instructions
If you’re using MyBB 1.6.10 or lower
- Download and use the full 1.6.12 Release Package (MD5: f1e6e5f5e9a835a0fad83173d70b26cc)
- Follow the Docs Upgrading Instructions
Reporting MyBB security vulnerabilities
If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.
As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.
Thanks,
MyBB Team
where is the link to the changed files?
There is a link in the blog post. 😉
Thanks mybb 😀
It’s been a while, thanks for the update. Glad to see the project is still alive! 🙂
Thanks Mybb, just updated 🙂 😀
Did anyone fix the LOWER sql search on usernames logging in yet? It means it doesn’t use the index and causes 100% cpu issues on larger sites when spam bots try to login. There is no need for that query to be case sensitive as far as I’m aware
Is there any ticket about it? I can’t remember something like this.
Thanks MyBB Team
Error while upgrading it is showing the older version till 1.6.10 but 1.6.11 is not their
As stated in the blog post, there is no need to run the upgrade script.
Thanks for fix bugs 🙂
Thanks MyBB ;]
Congrats all!
Thanks for the update!
Thanks for this new release i have to upgrade when i can xD.
Pingback: MyBB 1.6.12 gotowe - Polskie Wsparcie MyBB
I applied the changed files to a 1.6.11 installation, but got an error saying that the board needed to be updated when trying to visit my forum or the ACP. After running the upgrade script (which was announced as not being necessary), I no longer get that error.
You have probably missed to run the upgrade script on a previous release.
thanks for the release
Ugh, I was using 1.6.11 and used the changed files package, but MyBB still thinks it’s 1.6.11. The admin control panel keeps telling me I need to upgrade.
Please ensure you have uploaded all changed files properly.
I was afraid someone would say that. Just to be sure, I unpacked the files to the proper directory for a third and fourth time. MyBB still indicates that it is 1.6.11 and the control panel indicates that there is still a newer version.
Please use our forum to get support.
The old files seam not to be overwritten, I can’t tell you why.
Hi there,
silly question, upgrading from 1.6.8 do I need to run the script or not? Reading comment 14 it looks as if I might have to.
If that is NOT the case, then all I have to do is copy the files as points 2, 3 and 4, as described here
http://docs.mybb.com/Upgrading.html#Beginning_the_Upgrade, do not apply this time. Is that so?
Sorry for the dumb questions, but better be safe than sorry 😀
Yes, you have to run the upgrade script when you are not upgrading from 1.6.11.