Important Notes

The upgrade script does not need to be run when upgrading to this release with the Changed Files package.

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

Follow the Upgrade Documentation for more detailed instructions.

Security vulnerabilities addressed (6)

Medium risk

Reset password code check could be circumvented in member.php

Medium risk

Sender email could be spoofed when sending an email to a user in member.php

Medium risk

Permissions not checked for post search with old sid in search.php

Medium risk

XSS in quick edit function of xmlhttp.php

Low risk

CSRF in ACP mass mail cancellation

Low risk

Use of the U+200E Unicode character to create "duplicate" username

Issues resolved (58)

View issues on GitHub

Changed Files (102)

admin/
- inc/
  - class_form.php
- modules/
  - config/
    - calendars.php
    - mod_tools.php
    - mycode.php
    - profile_fields.php
    - settings.php
    - smilies.php
  - forum/
    - announcements.php
    - management.php
  - home/
    - preferences.php
  - style/
    - templates.php
    - themes.php
  - user/
    - admin_permissions.php
    - group_promotions.php
    - groups.php
    - mass_mail.php
    - users.php
- index.php
images/
- headerlinks_sprite.png
inc/
- datahandlers
- login.php
- pm.php
- post.php
- user.php
- warnings.php
- languages/
  - english/
    - admin/
      - config_profile_fields.lang.php
      - config_settings.lang.php
      - config_thread_prefixes.lang.php
      - forum_management.lang.php
      - global.lang.php
      - user_users.lang.php
    - datahandler_post.lang.php
    - global.lang.php
    - member.lang.php
    - private.lang.php
    - reputation.lang.php
    - showteam.lang.php
  - english.php
- tasks
- delayedmoderation.php
- userpruning.php
- adminfunctions_templates.php
- class_core.php
- class_custommoderation.php
- class_datacache.php
- class_moderation.php
- class_parser.php
- db_base.php
- db_mysql.php
- db_mysqli.php
- db_pdo.php
- db_pgsql.php
- db_sqlite.php
- functions.php
- functions_archive.php
- functions_forumlist.php
- functions_post.php
- functions_search.php
- functions_user.php
install/
- resources
- adminoptions.xml
- mybb_theme.xml
- mysql_db_tables.php
- pgsql_db_tables.php
- settings.xml
- sqlite_db_tables.php
- upgrade2.php
- upgrade3.php
- upgrade5.php
- upgrade12.php
- upgrade30.php
- upgrade32.php
- upgrade33.php
- index.php
jscripts/
- sceditor/
  - editor_plugins/
    - bbcode.js
    - format.js
    - undo.js
    - xhtml.js
    - jquery.sceditor.bbcode.min.js
    - jquery.sceditor.default.min.css
    - jquery.sceditor.min.js
    - jquery.sceditor.xhtml.min.js
contact.php
forumdisplay.php
global.php
managegroup.php
member.php
misc.php
modcp.php
moderation.php
newreply.php
newthread.php
private.php
reputation.php
search.php
sendthread.php
showteam.php
showthread.php
stats.php
usercp.php
warnings.php
xmlhttp.php

Changed Language Files (12)

There are changes to 12 language file(s). Changed languages files can be cross-referenced from the list above.

Changed Templates (8)

codebuttons
modcp
postbit_attachments_images_image
postbit_attachments_thumbnails_thumbnail
private_advanced_search
private_send_tracking
reputation
usercp_profile_contact_fields