01.04.2012, 09:01
In 1.6.7 there are 5 new feature updates and over 70 reported issues fixed. Please be aware that to be able to provide easy to manage updates not all issues have been fixed in this version.
Fixed issues in 1.6.7
Unfixed issues
1.6.7 fixes 5 low-risk security vulnerabilities.
SQL injection vulnerability within the Admin Control Panel (ACP) in user search (reported by Nathan Malcolm, MyBB SQA Team)
SQL injection vulnerability within the ACP in Mail Log (reported by Nathan Malcolm, MyBB SQA Team)
SQL injection vulnerability within the ACP in User Inline Moderation (reported by Jammerx2, MyBB Developer)
XSS within the ACP where an orphaned attachment has a malformed filename (reported by Nathan Malcolm, MyBB SQA Team)
Full Path Disclosure if malformed forumread cookie is used
ACP vulnerabilities require Administrator permissions and so considered low-risk. We recommend planning your upgrade as quickly as possible to ensure your forum is as secure as it can be.
New features included in 1.6.7 update include the ability to login with a username, an email or both. For more information about new features, please see the Wiki on 1.6.7.
i nowa wersja 1.8... czyżby na 2.0 przyszło nam poczekać kolejny rok??
Fixed issues in 1.6.7
Unfixed issues
1.6.7 fixes 5 low-risk security vulnerabilities.
SQL injection vulnerability within the Admin Control Panel (ACP) in user search (reported by Nathan Malcolm, MyBB SQA Team)
SQL injection vulnerability within the ACP in Mail Log (reported by Nathan Malcolm, MyBB SQA Team)
SQL injection vulnerability within the ACP in User Inline Moderation (reported by Jammerx2, MyBB Developer)
XSS within the ACP where an orphaned attachment has a malformed filename (reported by Nathan Malcolm, MyBB SQA Team)
Full Path Disclosure if malformed forumread cookie is used
ACP vulnerabilities require Administrator permissions and so considered low-risk. We recommend planning your upgrade as quickly as possible to ensure your forum is as secure as it can be.
New features included in 1.6.7 update include the ability to login with a username, an email or both. For more information about new features, please see the Wiki on 1.6.7.
i nowa wersja 1.8... czyżby na 2.0 przyszło nam poczekać kolejny rok??