1.1.4
In something which couldn't have come at a worse time for us with 1.2 going in to beta next week, we're releasing MyBB 1.1.4 - a security update to the MyBB 1.x series. It fixes a moderate risk SQL injection vulnerability affecting MyBB 1.0 to MyBB 1.1.3.
We recommend all users upgrade their copy of MyBB to the latest available release.
* Potential SQL injection in usercp.php (imei Web Security)
The release on the MyBB site has also been updated to 1.1.4.
Update instructions are in the next post, including a list of changed files (and a ZIP archive of them) as well as manual patching instructions for those of you who have customized their code.
I was only notified of this issue within the past hour and I am unaware of any widespread knowledge of it. It is a small fix for what is debatable as being something partly to blame on how PHP works and its treatment of 'true' and '1'.
| 1.4.x | 1.4.1 - 1.4.0 |
| 1.2.x | 1.2.14 - 1.2.13 - 1.2.12 - 1.2.11 - 1.2.10 - 1.2.9 - 1.2.8 - 1.2.7 - 1.2.6 - 1.2.5 - 1.2.4 - 1.2.3 - 1.2.2 - 1.2.1 - 1.2.0 |
| 1.1.x / 1.0x | 1.1.8 - 1.1.7 - 1.1.6 - 1.1.5 - 1.1.4 - 1.1.3 - 1.1.2 - 1.1.1 - 1.1.0 - 1.04 - 1.03 - 1.02 - 1.01 - 1.00 |
| Pre-1.0 | PR2 - PR1 - RC4 - RC3 - RC2 - RC1 - Beta 4 - DevBB |
| Legend | Italics: Development / Beta / Private Latest Public Release |