MyBB 1.8.8
SecurityMaintenance
Important Notes
The upgrade script does not need to be run when upgrading to this release with the Changed Files package.
Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.
Follow the Upgrade Documentation for more detailed instructions.
Security vulnerabilities addressed (7)
Medium risk
Style import CSS overwrite on Windows servers
Medium risk
SQL Injection in the users data handler
Medium risk
SSRF attack in fetch_remote_file()
Medium risk
Possible short name access to ACP backups on Windows servers
Low risk
Stored XSS in the ACP
Low risk
Loose comparison false positives
Low risk
Possible XSS injection in ACP users module
Issues resolved (58)
View issues on GitHubChanged Files (364)
-
admin/
-
backups/
- .htaccess
-
inc/
- class_page.php
- functions_themes.php
- functions_view_manager.php
-
jscripts/
-
jqueryui/
-
css/
-
redmond/
-
images/
- ui-bg_flat_0_aaaaaa_40x100.png
- ui-bg_flat_55_fbec88_40x100.png
- ui-bg_glass_75_d0e5f5_1x400.png
- ui-bg_glass_85_dfeffc_1x400.png
- ui-bg_glass_95_fef1ec_1x400.png
- ui-bg_gloss-wave_55_5c9ccc_500x100.png
- ui-bg_inset-hard_100_f5f8f9_1x100.png
- ui-bg_inset-hard_100_fcfdfd_1x100.png
- ui-icons_2e83ff_256x240.png
- ui-icons_6da8d5_256x240.png
- ui-icons_217bc0_256x240.png
- ui-icons_469bdd_256x240.png
- ui-icons_cd0a0a_256x240.png
- ui-icons_d8e7f3_256x240.png
- ui-icons_f9bd01_256x240.png
-
images/
-
redmond/
-
css/
- search.js
- themes.js
-
jqueryui/
-
modules/
-
config/
- attachment_types.php
- languages.php
- module_meta.php
- plugins.php
- post_icons.php
- report_reasons.php
- settings.php
- smilies.php
-
forum/
- announcements.php
- attachments.php
- management.php
- moderation_queue.php
-
home/
- credits.php
- index.php
- module_meta.php
-
style/
- templates.php
- themes.php
-
tools/
- adminlog.php
- file_verification.php
- maillogs.php
- modlog.php
- spamlog.php
- system_health.php
- warninglog.php
-
user/
- admin_permissions.php
- banning.php
- groups.php
- mass_mail.php
- users.php
-
config/
-
styles/
-
default/
-
images/
-
icons/
- bullet_off.png
- bullet_on.png
- cross.png
- custom.png
- decrease.png
- default.png
- delete.png
- error.png
- find.png
- group.png
- increase.png
- logout.png
- maillogs_contact.png
- maillogs_thread.png
- maillogs_user.png
- make_default.png
- mobile_user.png
- no_change.png
- run_task.png
- search.png
- success.png
- tick.png
- user.png
- warning.png
- world.png
- close.png
- login_logo.png
- logo.png
- submit_bg.png
- tcat.png
- thead.png
-
icons/
- main.css
-
images/
-
default/
- index.php
-
backups/
-
archive/
- index.php
-
images/
-
attachtypes/
- blank.png
- css.png
- doc.png
- html.png
- image.png
- pdf.png
- php.png
- ppt.png
- psd.png
- tar.png
- txt.png
- unknown.png
- xls.png
- zip.png
-
colors/
- black_header.png
- black_tcat.png
- black_thead.png
- calm_header.png
- calm_tcat.png
- calm_thead.png
- dawn_header.png
- dawn_tcat.png
- dawn_thead.png
- earth_header.png
- earth_tcat.png
- earth_thead.png
- flame_header.png
- flame_tcat.png
- flame_thead.png
- leaf_header.png
- leaf_tcat.png
- leaf_thead.png
- night_header.png
- night_tcat.png
- night_thead.png
- sun_header.png
- sun_tcat.png
- sun_thead.png
- twilight_header.png
- twilight_tcat.png
- twilight_thead.png
- water_header.png
- water_tcat.png
- water_thead.png
-
groupimages/
-
english/
- team-administrator.png
- team-designer.png
- team-developer.png
- team-supermod.png
- team-tester.png
-
english/
-
icons/
- bell.png
- biggrin.png
- brick.png
- bug.png
- car.png
- exclamation.png
- game.png
- heart.png
- information.png
- lightbulb.png
- lightning.png
- music.png
- pencil.png
- photo.png
- question.png
- rainbow.png
- sad.png
- shield.png
- shocked.png
- smile.png
- sport.png
- star.png
- thumbsdown.png
- thumbsup.png
- tongue.png
- user.png
- video.png
- wink.png
- arrow_down.png
- buddies.png
- buddy_away.png
- buddy_delete.png
- buddy_offline.png
- buddy_online.png
- buttons_bg.png
- buttons_sprite.png
- close.png
- collapse.png
- collapse_collapsed.png
- default_avatar.png
- dismiss_notice.png
- error.png
- folders_sprite.png
- fw_pm.png
- headerlinks_sprite.png
- invalid.png
- jump.png
- logo.png
- logo_white.png
- mini_status_sprite.png
- modcp_sprite.png
- nav_bit.png
- new_pm.png
- old_pm.png
- paperclip.png
- pollbar.png
- printable.png
- re_pm.png
- send.png
- star.png
- star_rating.png
- tcat.png
- thead.png
- usercp_sprite.png
- valid.png
-
attachtypes/
-
inc/
-
cachehandlers/
- apc.php
- eaccelerator.php
- interface.php
- memcache.php
- memcached.php
- xcache.php
-
datahandlers/
- post.php
- pm.php
- user.php
-
languages/
-
english/
-
admin/
- config_attachment_types.lang.php
- config_banning.lang.php
- config_module_meta.lang.php
- config_report_reasons.lang.php
- config_settings.lang.php
- global.lang.php
- home_dashboard.lang.php
- home_preferences.lang.php
- style_templates.lang.php
- tools_adminlog.lang.php
- tools_system_health.lang.php
- tools_tasks.lang.php
- user_banning.lang.php
- user_groups.lang.php
- datahandler_user.lang.php
- forumdisplay.lang.php
- global.lang.php
- index.lang.php
- misc.lang.php
- moderation.lang.php
- report.lang.php
- usercp.lang.php
-
admin/
- english.php
-
english/
-
mailhandlers/
- php.php
-
plugins/
- hello.php
-
tasks/
- versioncheck.php
- class_core.php
- class_datacache.php
- class_error.php
- class_feedgeneration.php
- class_mailhandler.php
- class_moderation.php
- class_parser.php
- class_session.php
- datahandler.php
- db_sqlite.php
- functions.php
- functions_archive.php
- functions_calendar.php
- functions_forumlist.php
- functions_indicators.php
- functions_modcp.php
- functions_online.php
- functions_post.php
- functions_serverstats.php
- functions_upload.php
- functions_user.php
-
cachehandlers/
-
install/
-
images/
- active.png
- inactive.png
- logo.png
- submit_bg.png
- tcat.png
- thead.png
-
resources/
- adminoptions.xml
- language.lang.php
- mybb_theme.xml
- mysql_db_inserts.php
- mysql_db_tables.php
- pgsql_db_tables.php
- settings.xml
- sqlite_db_tables.php
- upgrade12.php
- upgrade17.php
- upgrade35.php
- upgrade2.php
- upgrade35.php
- upgrade36.php
- usergroups.xml
- index.php
- upgrade.php
-
images/
-
jscripts/
-
sceditor/
-
editor_themes/
-
emoticons/
- alien.png
- angel.png
- angry.png
- blink.png
- blush.png
- cheerful.png
- cool.png
- cwy.png
- devil.png
- dizzy.png
- ermm.png
- face.png
- getlost.png
- grin.png
- happy.png
- heart.png
- kissing.png
- laughing.png
- ninja.png
- pinch.png
- pouty.png
- sad.png
- shocked.png
- sick.png
- sideways.png
- silly.png
- sleeping.png
- smile.png
- tongue.png
- unsure.png
- w00t.png
- wassat.png
- whistling.png
- wink.png
- wub.png
- php.png
- video.png
-
emoticons/
-
textarea_styles/
- jquery.sceditor.buttons.css
- jquery.sceditor.default.css
- jquery.sceditor.modern.css
- jquery.sceditor.monocons.css
- jquery.sceditor.mybb.css
- jquery.sceditor.office-toolbar.css
- jquery.sceditor.office.css
- jquery.sceditor.square.css
-
editor_themes/
-
select2/
- select2.png
- select2x2.png
- bbcodes_sceditor.js
- captcha.js
- inline_edit.js
- post.js
- question.js
- rating.js
- thread.js
- usercp.js
-
sceditor/
- attachment.php
- calendar.php
- captcha.php
- contact.php
- editpost.php
- forumdisplay.php
- global.php
- htaccess.txt
- htaccess-nginx.txt
- index.php
- managegroup.php
- member.php
- memberlist.php
- misc.php
- modcp.php
- moderation.php
- newreply.php
- newthread.php
- online.php
- polls.php
- portal.php
- printthread.php
- private.php
- report.php
- reputation.php
- search.php
- showteam.php
- showthread.php
- stats.php
- usercp.php
- warnings.php
- xmlhttp.php
Changed Language Files (23)
There are changes to 23 language file(s). Changed languages files can be cross-referenced from the list above.Changed Templates (66)
calendar_mini_weekrow_day_linkcalendar_weekrow_day_eventseditpostfooterforumbit_subforumsforumdisplayforumdisplay_threadlist_ratingglobal_boardclosed_reasonglobal_dst_detectionglobal_no_permission_modalmember_profile_banned_remainingmember_register_questionmember_register_regimagememberlistmisc_smilies_no_smiliesmisc_smilies_popup_emptymisc_smilies_popup_no_smiliesmisc_smilies_popup_rowmisc_syndication_forumlist_forummodcp_banning_remainingmodcp_reportsmodcp_reports_reportmodcp_reports_report_commentmodcp_reports_report_comment_extramoderation_delayedmodaction_notes_forummoderation_delayedmodaction_notes_mergemoderation_delayedmodaction_notes_new_forummoderation_delayedmodaction_notes_redirectmoderation_delayedmodaction_notes_thread_multiplemoderation_delayedmodaction_notes_thread_singlemoderation_delayedmoderation_threadmoderation_threadnotes_modaction_forummoderation_threadnotes_modaction_postmoderation_threadnotes_modaction_threadmycode_codemycode_emailmycode_imgmycode_phpmycode_quote_postmycode_size_intmycode_urlnewreplynewreply_draftinputnewthreadnewthread_draftinputonline_refreshportal_stats_nobodypost_captchaprintthread_navprivate_messagebitprivate_search_messagebitprivate_sendreportreport_reasonreport_reasonssearch_results_posts_forumlinksearch_results_threads_forumlinkshowthreadshowthread_moderationoptions_approveshowthread_moderationoptions_unapproveshowthread_ratethreadsmilieinsert_rowsmilieinsert_row_emptystats_topforumusercp_editlistswarnings_postlink