MyBB 1.4.13 is now available on the MyBB website and is a patch to MyBB 1.4.12 which introduced two regressions related to the security updates in MyBB 1.4.12.

This release is to ensure that all users on 1.4.12 have the proper security patches applied to their forum.

Thank you to Pirata Nervo and Labrocca for alerting us of these issues and to Stefan Esser for assisting us in a patch for Issue #843.

What’s fixed in this version?

This update does not require running the upgrader.

There are no database schema, language string, or template changes in this version.

MyBB 1.4.12 to MyBB 1.4.13 Patch

This patch is only for users running MyBB 1.4.12. If you are running an older version of MyBB then please download MyBB 1.4.13 from the MyBB site and update to it using the general [Wiki: Upgrading] guide.

Please download the attached ZIP archive and replace the files in your forum directory with those from the ZIP archive.

Alternatively, if you are running MyBB 1.4.11, you may follow the “MyBB 1.4.11 to MyBB 1.4.12 Patch” instructions in the MyBB 1.4.12 announcement and then apply the MyBB 1.4.12 to MyBB 1.4.13 patch above.

The following files were changed since the initial MyBB 1.4.12 release:

  • inc
    • datahandlers
      • post.php
    • functions.php
    • class_core.php
* Red represents files that contain security updates

* Green represents new files added in this release

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page.

MyBB 1.2.14 Patch

All users of the 1.2.x series are urged to upgrade to the latest release of MyBB. (1.4.13) MyBB 1.2 is no longer being supported and security updates for the MyBB 1.2 series ceased as of January 1, 2010.

Thank you,

MyBB Team

View the full article