08-16-2013, 11:42 PM
MyBB 1.6.10 is now available from the MyBB website and is a security and maintenance release.
What’s added/changed in this version?
This release fixes 7 vulnerabilities and over 95 reported issues
causing incorrect functionality of MyBB. Please be aware that to be
able to provide easy to manage updates not all issues have been fixed in
this version.
A considerable amount of effort has been put in to MyBB 1.6.10 to fix
a myraid of issues with PHP 5.4. This is the main reason why the
release has been delayed until now. MyBB 1.6.10 should now be compatible
with PHP 5.4 hosts.
What’s added/changed in this version?
This release fixes 7 vulnerabilities and over 95 reported issues
causing incorrect functionality of MyBB. Please be aware that to be
able to provide easy to manage updates not all issues have been fixed in
this version.
A considerable amount of effort has been put in to MyBB 1.6.10 to fix
a myraid of issues with PHP 5.4. This is the main reason why the
release has been delayed until now. MyBB 1.6.10 should now be compatible
with PHP 5.4 hosts.
- Vulnerabilities:
- Low Risk: Potential SQL Injection when optimizing the database – reported by Jakub Galczyk
- Low Risk: Potential SQL Injection when creating the database backups – reported by StefanT
- Low Risk: Potential XSS vulnerability in theme name – reported by pandaa
- Low Risk: Improper permission checks for forums where you can only see your own threads – reported by Jordan Mussi and StefanT
- Non Critical: XSS vulnerability on debug page – reported by 1llusion
- Non Critical: Improper input validation in modcp.php – reported by 1llusion
- Non Critical: Improper input validation in calendar.php – reported by Jakub Galczyk
- Fixed issues in 1.6.10
- Unfixed issues