03-07-2015 Saat: 17:18
MyBB 1.8.5 is now available from the MyBB website, and is a security and maintenance release.
What’s added/changed in this version?
This release fixes 6 security vulnerabilities and 58 reported issues causing incorrect functionality of MyBB. Please be aware that not all issues have been fixed in this version in order to provide easy to manage updates.
What’s added/changed in this version?
This release fixes 6 security vulnerabilities and 58 reported issues causing incorrect functionality of MyBB. Please be aware that not all issues have been fixed in this version in order to provide easy to manage updates.
- Vulnerabilities:
- Medium Risk: Reset password code check could be circumvented in member.php – reported by solati.sadegh
- Medium Risk: Sender email could be spoofed when sending an email to a user in member.php – reported by onlinedevelopers
- Medium Risk: Permissions not checked for post search with old sid in search.php – reported by pedder55655
- Medium Risk: XSS in quick edit function of xmlhttp.php – reported by TiberiusG
- Low Risk: CSRF in ACP mass mail cancellation – reported by Destroy666
- Low Risk: Use of the U+200E Unicode character to create “duplicate” username – reported by mahdy2021
- Medium Risk: Reset password code check could be circumvented in member.php – reported by solati.sadegh
- Bugs fixed: