MyBB 1.8.4
FeatureSecurityMaintenance
Important Notes
The upgrade script does not need to be run when upgrading to this release with the Changed Files package.
Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.
Follow the Upgrade Documentation for more detailed instructions.
Security vulnerabilities addressed (7)
Medium risk
A XSS vulnerability in member.php
Medium risk
A XSS vulnerability in MyCode editor
Low risk
Multiple XSS vulnerability requiring admin permissions
Low risk
A CSRF vulnerability within ACP login
Low risk
Group join request notifications sent to wrong group leaders
Low risk
Cache handler using var_export without encoding checks
No risk
A full path disclosure vulnerability within JSON library
Issues resolved (118)
View issues on GitHubChanged Files (210)
-
admin/
-
inc/
- class_form.php
- class_page.php
- class_table.php
- functions_themes.php
- functions_view_manager.php
- functions.php
-
jscripts/
-
codemirror/
-
addon/
-
dialog/
- dialog.js
-
fold/
- foldcode.js
- foldgutter.js
- index.html
- xml-fold.js
-
search/
- match-highlighter.js
- matchesonscrollbar.css
- matchesonscrollbar.js
- search.js
- searchcursor.js
-
dialog/
-
lib/
- codemirror.css
- codemirror.js
-
mode/
-
css/
- css.js
- index.html
- less.html
- scss.html
-
htmlmixed/
- htmlmixed.js
- index.html
-
javascript/
- index.html
- javascript.js
- json-Id.html
- test.js
- typescript.html
-
xml/
- index.html
- xml.js
-
css/
-
theme/
- index.html
- mybb.css
-
addon/
-
jqueryui/
-
css/
-
redmond/
- jquery-ui.min.css
- jquery-ui.structure.min.css
- jquery-ui.theme.min.css
-
redmond/
-
js/
- jquery-ui.min.js
- peeker.js
- tabs.js
- themes.js
-
css/
-
codemirror/
-
modules/
-
config/
- attachment_types.php
- badwords.php
- banning.php
- calendars.php
- help_documents.php
- languages.php
- mod_tools.php
- mycode.php
- plugins.php
- lost_icons.php
- profile_fields.php
- questions.php
- settings.php
- smilies.php
- spiders.php
- thread_prefixes.php
- warning.php
-
forum/
- announcements.php
- attachments.php
- management.php
- moderation_queue.php
-
home/
- credits.php
- index.php
- preferences.php
-
style/
- templates.php
- themes.php
-
tools/
- adminlog.php
- cache.php
- file_verification.php
- mailerrors.php
- maillogs.php
- modlog.php
- optimizedb.php
- recount_rebuild.php
- spamlog.php
- statistics.php
- tasks.php
- warninglog.php
-
user/
- admin_permissions.php
- banning.php
- group_promotions.php
- groups.php
- mass_mail.php
- titles.php
- users.php
-
config/
-
styles/
-
default/
- main.css
- index.php
-
default/
-
inc/
-
archive/
- global.php
-
inc/
-
3rdparty/
-
2fa/
- GoogleAuthenticator.php
-
json/
- json.php
-
2fa/
-
cachehandlers/
- apc.php
- disk.php
- eaccelerator.php
-
datahandlers/
- event.php
- login.php
- pm.php
- post.php
- user.php
- warnings.php
-
languages/
-
english/
-
admin/
- config_banning.lang.php
- forum_management.lang.php
- global.lang.php
- hello.lang.php
- home_credits.lang.php
- home_preferences.lang.php
- style_templates.lang.php
- tools_adminlog.lang.php
- user_groups.lang.php
- user_users.lang.php
- contact.lang.php
- global.lang.php
- hello.lang.php
- member.lang.php
- newreply.lang.php
- newthread.lang.php
- online.lang.php
- sendthread.lang.php
- showthread.lang.php
- usercp.lang.php
-
admin/
- english.php
-
english/
-
plugins/
- hello.php
-
tasks/
- versioncheck.php
- class_captcha.php
- class_core.php
- class_datacache.php
- class_error.php
- class_parser.php
- class_session.php
- class_stopforumspamchecker.php
- db_base.php
- db_mysql.php
- db_mysqli.php
- db_pdo.php
- db_pgsql.php
- db_sqlite.php
- functions_archive.php
- functions_modcp.php
- functions_online.php
- functions_post.php
- functions_search.php
- functions_serverstats.php
- functions_upload.php
- functions_user.php
- functions.php
- init.php
-
3rdparty/
-
install/
-
resources/
- mysql_db_tables.php
- pgsql_db_tables.php
- settings.xml
- sqlite_db_tables.php
- upgrade12.php
- upgrade26.php
- upgrade30.php
- upgrade31.php
- upgrade32.php
- index.php
- upgrade.php
-
resources/
-
jscripts/
-
sceditor/
-
editor_plugins/
- undo.js
-
editor_themes/
- buttons.css
- monocons.css
-
editor_plugins/
-
select2/
- select2.css
- select2.min.js
-
validate/
- additional-methods.min.js
- jquery.validate.min.js
- bbcodes_sceditor.js
- captcha.js
- general.js
- inline_edit.js
- inline_moderation.js
- jquery.js
- jquery.plugins.js
- jquery.plugins.min.js
- question.js
- rating.js
- report.js
- thread.js
- usercp.js
-
sceditor/
- announcements.php
- attachment.php
- calendar.php
- captcha.php
- contact.php
- css.php
- editpost.php
- forumdisplay.php
- global.php
- managegroup.php
- member.php
- memberlist.php
- misc.php
- modcp.php
- moderation.php
- newreply.php
- newthread.php
- online.php
- polls.php
- portal.php
- printthread.php
- private.php
- ratethread.php
- report.php
- reputation.php
- search.php
- sendthread.php
- showthread.php
- stats.php
- syndication.php
- usercp.php
- usercp2.php
- warnings.php
- xmlhttp.php
Changed Language Files (18)
There are changes to 18 language file(s). Changed languages files can be cross-referenced from the list above.Changed Templates (53)
announcementcodebuttonsforumbit_depth2_catforumbit_depth2_forumforumdisplayforumdisplay_inlinemoderationforumdisplay_threadlist_ratingforumjump_advancedforumjump_specialglobal_board_offline_modalheader_quicksearchheader_welcomeblock_guestheader_welcomeblock_memberheaderincludemanagegroup_addusermanagegroup_inviteusermember_profilemember_profile_contact_detailsmember_profile_contact_fields_aimmember_profile_contact_fields_skypemember_profile_contact_fields_yahoomember_registermember_register_questionmember_register_referrermember_register_regimagemember_register_regimage_nocaptchamemberlistmemberlist_searchmisc_imcenter_navmisc_smilies_smiliemodcp_banusermodcp_findusermodcp_ipsearch_results_informationmodcp_warninglogsmoderation_getip_modoptionspost_captchapost_captcha_nocaptchapostbit_gotopostprivate_sendprivate_send_autocompletereputationsearchsearch_results_posts_inlinemoderationsearch_results_threads_inlinemoderationshowthreadshowthread_inlinemoderationshowthread_moderationoptions_restoreshowthread_moderationoptions_softdeleteshowthread_ratethreadsmilieinsert_getmoreusercp_attachmentsusercp_draftsusercp_editlists