MyBB update adds features, closes holes
Version 1.6.5 of the open source MyBB discussion board software has been released. According to its developers, the maintenance and security update includes several important feature changes and closes three security holes.
MyBB 1.6.5 adds support for Google's reCAPTCHA service and brings changes, such as improved search options, to the "Users & Groups/Find Users" panel in the Admin Control Panel (ACP) that should make it easier for administrators to find accounts belonging to spammers. The update also introduces some "fundamental changes to the Plugin System" aimed at improving support for PHP 5.3 or later; these changes may require users to upgrade their plugins prior to installing the new version of MyBB. Details can be found a posting on 1.6.5 Plugin System Changes.
Other changes include new signature control settings, custom profile fields, new birthday settings and fixes for a number of bugs found in the previous release. Vulnerabilities addressed by the update include a potential cross-site scripting (XSS) exploit and a cross-site request forgery (CSRF) issue, as well as an unparsed user avatar in the buddy list. The developers advise users to backup their forum's files and database before upgrading to the new version.
Further information about the update, including upgrade instructions, can be found in a post on the MyBB blog and on the 1.6.5 wiki page. MyBB 1.6.5 is available to download from the project's site and is licensed under the LGPLv3.
- MyBB downloads were infected, a report from The H.