MyBB 1.6.6 Released

MyBB 1.6.6 is now available for download.This is a security release.

MyBB 1.6.6 fixes:

Import a non-CSS stylesheet (Theme)
CSRF vulnerability on Admin CP logout
CSRF vulnerability when clearing a stored password
CSRF vulnerability when removing a buddy
CSRF vulnerability with Admin CP join requests
CSRF vulnerability in Group Promotions Enable/Disable
CSRF vulnerability in ACP Edit User (Avatar)
CSRF vulnerability with activating a user
XSS vulnerability when moving an event (Calendar)
XSS vulnerabilities in Akismet plugin
XSS vulnerabilities in Forum Subscriptions (User CP)
XSS vulnerability in Moderator Logs
XSS vulnerability in Edit Post
XSS vulnerability when editing Announcements

Continue ReadingMyBB 1.6.6 Released

MyBB 1.6.5 Released

MyBB 1.6.5 is now available to download.This is a feature update, security and maintenance release.What’s new in mybb 1.6.5?

Non Critical: Unparsed user avatar in the buddy list
Non Critical: Potential XSS vulnerability validating usernames via AJAX
Low Risk: CSRF vulerability in ?language
2 new settings that affect Birthdays
3 new settings that affect Signatures
changes to the Admin Control Panel (ACP) Users & Groups Find Users panel
new option to set a minimum post count in custom profile fields
hidden CAPTCHA field
choose between the MyBB CAPTCHA or reCAPTCHA was added
disable negative and/or neutral and/or postitive reputation
new usergroup setting was added that enables the group to be able to send a PM to a user even if the recipients have them disabled

Continue ReadingMyBB 1.6.5 Released