Cancel

MyBB 1.8.6

SecurityMaintenance

Important Notes

The upgrade script does not need to be run when upgrading to this release with the Changed Files package.

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

Follow the Upgrade Documentation for more detailed instructions.

Security vulnerabilities addressed (5)

Medium risk

Forum password bypass in xmlhttp.php

Low risk

SQL Injection in Grouppromotions module (ACP)

Low risk

Possible XSS Injection in the error handler

Low risk

Possible XSS issues in old upgrade files

Low risk

Possible Full Path Disclosure in publicly accessible error log files

Issues resolved (51)

View issues on GitHub

Changed Files (143)

  • admin/
    • inc/
      • class_form.php
      • class_page.php
      • class_table.php
      • functions.php
      • functions_themes.php
      • functions_view_manager.php
    • modules/
      • config/
        • calendars.php
        • help_documents.php
        • module_meta.php
        • mycode.php
        • plugins.php
        • post_icons.php
        • profile_fields.php
        • settings.php
        • smilies.php
        • thread_prefixes.php
      • forum/
        • announcements.php
        • attachments.php
        • management.php
        • module_meta.php
      • home/
        • credits.php
        • module_meta.php
        • preferences.php
      • style/
        • module_meta.php
        • templates.php
      • tools/
        • adminlog.php
        • backupdb.php
        • mailerrors.php
        • module_meta.php
        • recount_rebuild.php
        • statistics.php
        • tasks.php
      • user/
        • banning.php
        • group_promotions.php
        • groups.php
        • module_meta.php
        • users.php
  • archive/
    • index.php
  • inc/
    • 3rdparty/
      • 2fa/
        • GoogleAuthenticator.php
    • cachehandlers/
      • apc.php
      • disk.php
      • eaccelerator.php
      • memcache.php
      • memcached.php
      • xcache.php
    • datahandlers/
      • event.php
      • login.php
      • pm.php
      • post.php
      • user.php
      • warnings.php
    • languages/
      • english/
        • admin/
          • user_groups.lang.php
        • calendar.lang.php
        • datahandler_user.lang.php
        • messages.lang.php
        • polls.lang.php
        • search.lang.php
        • usercp.lang.php
      • english.php
    • mailhandlers/
      • php.php
      • smtp.php
    • tasks/
      • checktables.php
    • adminfunctions_templates.php
    • class_captcha.php
    • class_core.php
    • class_custommoderation.php
    • class_datacache.php
    • class_error.php
    • class_feedgeneration.php
    • class_feedparser.php
    • class_graph.php
    • class_language.php
    • class_mailhandler.php
    • class_moderation.php
    • class_parser.php
    • class_plugins.php
    • class_session.php
    • class_stopforumspamchecker.php
    • class_templates.php
    • class_timers.php
    • class_xml.php
    • datahandler.php
    • db_base.php
    • db_mysql.php
    • db_mysqli.php
    • db_pdo.php
    • db_pgsql.php
    • db_sqlite.php
    • functions.php
    • functions_archive.php
    • functions_calendar.php
    • functions_forumlist.php
    • functions_image.php
    • functions_indicators.php
    • functions_massmail.php
    • functions_modcp.php
    • functions_online.php
    • functions_post.php
    • functions_posting.php
    • functions_rebuild.php
    • functions_search.php
    • functions_serverstats.php
    • functions_task.php
    • functions_time.php
    • functions_user.php
    • functions_warnings.php
  • install/
    • resources/
      • mybb_theme.xml
      • output.php
      • upgrade3.php
      • upgrade12.php
      • upgrade13.php
      • upgrade17.php
      • upgrade30.php
      • upgrade33.php
      • upgrade34.php
    • index.php
    • upgrade.php
  • jscripts/
    • select2/
      • select2.css
      • select2.min.js
    • validate/
      • additional-methods.min.js
      • jquery.validate.min.js
    • general.js
    • jquery.js
    • jquery.plugins.js
    • jquery.plugins.min.js
  • calendar.php
  • captcha.php
  • editpost.php
  • global.php
  • htaccess-nginx.txt
  • htaccess.txt
  • managegroup.php
  • member.php
  • misc.php
  • modcp.php
  • moderation.php
  • newreply.php
  • polls.php
  • printthread.php
  • private.php
  • showthread.php
  • usercp.php
  • xmlhttp.php

Changed Language Files (7)

There are changes to 7 language file(s). Changed languages files can be cross-referenced from the list above.

Changed Templates (18)

  • calendar_editevent
  • codebuttons
  • headerinclude
  • managegroup_adduser
  • managegroup_inviteuser
  • member_register_referrer
  • memberlist
  • memberlist_search
  • modcp_banuser
  • modcp_finduser
  • modcp_warninglogs
  • private_advanced_search
  • private_quickreply
  • private_send_autocomplete
  • search
  • search_results_posts_inlinemoderation
  • search_results_threads_inlinemoderation
  • usercp_avatar
Copyright © 2002-2017 MyBB Group