MyBB 1.8.13
code 1813
SecurityMaintenance
Full Package
Install a new MyBB forum or upgrade from older versions.
.zip – 2.14 MB
Download from MyBB.com Download from GitHubmd5:
30f78d40160011f37bb071767bfea6a5
sha1:
61993c4a6991e1cdcb6de9c77e3760f89189a116
sha256:
1fe127bf840585f1738774b297e847ace4bccbc8a128b3e06ac48b097a1548c5
sha512:
35a7c9d2f98566c6f4e7a2f123b67a3da4163cb449ff400b56fe978d9b0a8df958cd8707f20341dd61e995a1a46372fc053a06a1ca305b5951df698f85f8af5f
Changed Files
Upgrade from the previous version.
.zip – 1.2 MB
Download from MyBB.com Download from GitHubmd5:
8a53d3c67a2a0f515eb9b6c9a090e83b
sha1:
831f8c6bee0bedac185d240a7a680212863a998d
sha256:
f17f6e1820a023427bd543e989dde2b885a865c0de5e1e734beba0385296cecc
sha512:
1a638b4039bbe4e874e7b57716258ffad367b3e6856c6eed0d972e6d763359c26612902f4a9fc2f24d030963100c0b9b7e793443d51e0e07f29fbf15975de10d
Important Notes
Running the upgrade script is required.
Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.
Follow the Upgrade Documentation for more detailed instructions.
Security vulnerabilities addressed (7)
Language file headers RCE
Reported by Julian Rittweger
Mod CP Edit Profile XSS
Reported by Julian Rittweger
Insufficient moderator permission check in delayed moderation tools
Reported by Starpaul20 MyBB Team
Announcements HTML filter bypass
Language Pack Properties XSS
Reported by Julian Rittweger
Issues resolved (62)
View issues on GitHubChanged Files (175)
- moderation.php
- member.php
- newthread.php
- contact.php
- showthread.php
- usercp.php
- modcp.php
-
install/
- index.php
-
resources/
- language.lang.php
- settings.xml
- mysql_db_inserts.php
- upgrade37.php
- upgrade41.php
- mybb_theme.xml
- output.php
- search.php
- forumdisplay.php
- portal.php
- misc.php
-
archive/
- index.php
- screen.css
- print.css
-
admin/
- index.php
-
jscripts/
-
codemirror/
-
lib/
- codemirror.css
- codemirror.js
-
addon/
-
fold/
- foldgutter.js
- foldcode.js
- indent-fold.js
- comment-fold.js
- brace-fold.js
- xml-fold.js
-
search/
- match-highlighter.js
- jump-to-line.js
- search.js
- matchesonscrollbar.js
- searchcursor.js
-
dialog/
- dialog.js
- dialog-mybb.css
- dialog.css
-
fold/
-
mode/
-
javascript/
- javascript.js
- test.js
- typescript.html
-
css/
- gss_test.js
- scss.html
- gss.html
- less.html
- scss_test.js
- less_test.js
- test.js
- css.js
-
htmlmixed/
- htmlmixed.js
-
xml/
- xml.js
-
javascript/
- LICENSE
-
lib/
-
jqueryui/
-
js/
- jquery-ui.min.js
-
css/
-
redmond/
- jquery-ui.min.css
-
images/
- ui-bg_glass_95_fef1ec_1x400.png
- ui-bg_inset-hard_100_fcfdfd_1x100.png
- ui-icons_6da8d5_256x240.png
- ui-bg_gloss-wave_55_5c9ccc_500x100.png
- ui-icons_f9bd01_256x240.png
- ui-bg_inset-hard_100_f5f8f9_1x100.png
- ui-bg_glass_85_dfeffc_1x400.png
- ui-icons_cd0a0a_256x240.png
- ui-bg_glass_75_d0e5f5_1x400.png
- ui-icons_d8e7f3_256x240.png
- ui-icons_469bdd_256x240.png
- ui-icons_2e83ff_256x240.png
- ui-icons_217bc0_256x240.png
- jquery-ui.theme.min.css
- jquery-ui.structure.min.css
-
redmond/
-
js/
-
codemirror/
-
modules/
-
style/
- templates.php
- themes.php
-
user/
- groups.php
- group_promotions.php
- banning.php
- users.php
-
tools/
- maillogs.php
- recount_rebuild.php
- mailerrors.php
- statistics.php
- modlog.php
- system_health.php
- tasks.php
- spamlog.php
-
forum/
- moderation_queue.php
- attachments.php
- announcements.php
-
home/
- index.php
- credits.php
-
config/
- banning.php
- settings.php
- plugins.php
- languages.php
-
style/
-
styles/
-
default/
- modal.css
- main.css
-
default/
-
inc/
- class_page.php
- functions_themes.php
-
jscripts/
- thread.js
- jquery.js
- inline_reports.js
- jquery.plugins.min.js
- jquery.plugins.js
- general.js
-
validate/
- jquery.validate.min.js
- additional-methods.min.js
- bbcodes_sceditor.js
- private.php
- warnings.php
- announcements.php
- xmlhttp.php
- editpost.php
- global.php
- calendar.php
- newreply.php
-
inc/
- class_parser.php
-
mailhandlers/
- smtp.php
- functions_search.php
- db_mysqli.php
-
languages/
- english.php
-
english/
- datahandler_user.lang.php
- usercp.lang.php
- helpdocs.lang.php
- online.lang.php
-
admin/
- config_settings.lang.php
- tools_modlog.lang.php
- user_groups.lang.php
- home_preferences.lang.php
- forum_attachments.lang.php
- global.lang.php
- home_dashboard.lang.php
- tools_tasks.lang.php
- moderation.lang.php
- portal.lang.php
- misc.lang.php
- modcp.lang.php
- global.lang.php
- member.lang.php
- functions_post.php
- class_session.php
- db_sqlite.php
- class_captcha.php
- functions_forumlist.php
- functions.php
-
3rdparty/
-
diff/
-
Diff/
-
Engine/
- Native.php
- String.php
- Shell.php
- Xdiff.php
- Exception.php
-
ThreeWay/
-
Op/
- Base.php
- Copy.php
- BlockBuilder.php
-
Op/
-
Renderer/
-
Unified/
- Colored.php
- Unified.php
- Context.php
- Inline.php
-
Unified/
- Mapped.php
-
Op/
- Delete.php
- Base.php
- Change.php
- Copy.php
- Add.php
- ThreeWay.php
- Renderer.php
-
Engine/
- Diff.php
-
Diff/
-
diff/
- db_mysql.php
- class_core.php
- functions_indicators.php
- db_base.php
- class_stopforumspamchecker.php
- class_plugins.php
- functions_online.php
-
datahandlers/
- user.php
- pm.php
- post.php
- class_datacache.php
Removed Files (3)
-
admin/
-
jscripts/
-
jqueryui/
-
css/
-
redmond/
-
images/
- animated-overlay.gif
- ui-bg_flat_0_aaaaaa_40x100.png
- ui-bg_flat_55_fbec88_40x100.png
-
images/
-
redmond/
-
css/
-
jqueryui/
-
jscripts/
Changed Language Files (18)
There are changes to 18 language file(s). Changed languages files can be cross-referenced from the list above.Changed Templates (63)
calendarcalendar_nextlinkcalendar_prevlinkcalendar_weekviewcalendar_weekview_nextlinkcalendar_weekview_prevlinkeditpostfooterforumdisplay_inlinemoderationforumdisplay_threadheaderincludemanagegroupmember_profile_websitemember_registermember_register_regimage_recaptcha_invisiblemember_resetpasswordmisc_whoposted_pagemodcp_announcements_allowhtmlmodcp_announcements_editmodcp_announcements_newmodcp_findusermodcp_ipsearchmodcp_ipsearch_results_informationmodcp_modlogsmodcp_reportsmodcp_reports_reportmodcp_reports_selectallmoderation_delayedmoderation_approvemoderation_delayedmoderation_deletemoderation_delayedmoderation_openclosemoderation_delayedmoderation_softdeleterestoremoderation_delayedmoderation_stickmycode_urlnewreplynewthreadpost_captchapost_captcha_recaptcha_invisiblepostbitpostbit_classicpostbit_deleted_memberpostbit_editreasonpostbit_statuspostbit_wwwprintthreadprivateprivate_advanced_searchprivate_search_resultssearch_results_inlinemodcol_emptysearch_results_posts_inlinemoderationsearch_results_posts_postsearch_results_threads_inlinemoderationsearch_results_threads_threadshowteam_moderatorsshowteam_moderators_forumshowthreadshowthread_inlinemoderationshowthread_similarthreads_bitusercp_attachmentsusercp_latest_subscribed_threadsusercp_latest_threads_threadsusercp_subscriptionsusercp_subscriptions_threadvideo_twitch_embed
This update includes fixes related to compatibility with PostgreSQL, SQLite and PHP 7.2 and resolves attachment HTML output problems. Note that the theme’s CSS files may need to be updated.