• Article
• Discussion
• Edit
• History

[edit] Release

MyBB 1.2.1 was released on 27 September 2006 fixing a couple of security vulnerabilities as well as reported bugs.

A patch for MyBB 1.2.1 was released on 26 November 2006 to fix a security vulnerability. However the version number was not incremented for this update.

[edit] Announcement

[edit] Original Announcement (27 September 2006)

MyBB 1.2.1 is now available on the MyBB site and is a security update & bug fix maintenance release.

We've fixed several issues identified in MyBB 1.2 in this release and added support for Internet Explorer's HttpOnly cookies. There have also been some publicly disclosed security related issues (minor severity) identified with 1.2 and a more potentially high risk vulnerability which was not transitioned from 1.1.8 to 1.2 which are all fixed in this release.

We recommend that all users upgrade to 1.2.1 so their board is patched against these vulnerabilities and running a more stable copy of the MyBB 1.2 series.

More information can be found here: http://community.mybboard.net/showthread.php?tid=12705

[edit] Security Patch (26 November 2006)

It has come to our attention that a new vulnerability has been found in MyBB 1.2.1 which also affects MyBB 1.1.8 and all other previous versions of MyBB.

This vulnerability allows a hacker to upload a false GIF image which contains executable code which can then be used to obtain the authentication details for a logged in user viewing the page.

Immediately we're releasing a patch for both versions of MyBB which we're currently supporting. Both versions, 1.2.1 and 1.1.8 have also been updated on the MyBB site.

As a security precaution we also recommend that all administrators change their passwords.

More information can be found here: http://community.mybboard.net/showthread.php?tid=14090