Bueno, MyBB acaba de sacar una nueva actualización. Ahora os dejamos aquí el comunicado oficial en inglés que pronto será traducido al español:
Fuente: MyBB 1.6.3 and 1.4.16 Security Update
Traducido por: -
Cita:MyBB 1.6.3 and 1.4.16 are now available to download. They fix 1 high risk vulnerability and 1 low risk vulnerability. We recommend everyone upgrades to this release immediately or patch their boards with the manual patching instructions below.
Thanks to Charlie Somerville and thebod for discovering them. These vulnerabilities are:
- An SQL injection vulnerability in showthread.php (internal report)
- Issue #1487 – CSRF vulnerability in misc.php?action=markread
In addition to the vulnerabilities, the updates also fix the following issues:
- SQL error on malformed search keywords
- IE9 Javascript Issues (1.6.3 only)
- MySQL 5.5 compatibility (1.6.3 only)
All other outstanding issues will be resolved in the next maintainence release.
For MyBB 1.6
The update to MyBB 1.6.3 also upgrades the Prototype and Scriptaculous javascript libraries to their latest versions. This is to help your MyBB forum work properly with Internet Explorer 9.
MyBB 1.6.2 to 1.6.3 Patch
This patch is only for those users running MyBB 1.6.2. If you’re running an older version of MyBB then please download the full version and update to it.
For help upgrading, see the MyBB Wiki: Upgrading.
Please download the attached ZIP archive below and replace the files in your forum directory with those from the ZIP archive.
1.6.3 changed files
You are required to run the upgrader for 1.6.3. After replacing the files above, remove the ‘lock’ file located in forum_root/install/, then visit forum_root/install/upgrade.php and follow the instructions (where forum_root is the web address for your forum). Remember to backup your forum’s files and database before performing this upgrade.
Once the upgrade has completed, visit the Templates & Style area of your ACP – click on Templates on the left and go to the “Find Updated Templates”. Revise and amend all affected templates here, paying attention to headerinclude, index_boardstats and forumdisplay_threadlist.
If you wish to manually patch your board please download “1.6.3 patches” and follow the instructions in that file. You are also required to amend templates to ensure functionality for your board. For this, please download “1.6.3 template patches” and follow the instructions – you must do these for all custom themes you have installed.
1.6.3 patches
1.6.3 template patches
Please remember that applying patches should only be a temporary measure until you can fully upgrade your board. The upgrader is required to run to allow the default templates to be updated with the new security fixes.
Changed Files since 1.6.2
- inc
- class_core.php
- functions_search.php
- install
- resources
- mysql_db_tables.php
- mybb_theme.xml
- upgrade12.php
- upgrade17.php
- upgrade19.php
- upgrade3.php
- upgrade5.php
- upgrade.php
- jscripts
- controls.js
- dragdrop.js
- effects.js
- general.js
- prototype.js
- scriptaculous.js
- slider.js
- thread.js
- forumdisplay.php
- index.php
- misc.php
- showthread.php
* Rojo representa archivos que tienen actualizaciones de seguridad
* Verde representa nuevos archivos agregados a este lanzamiento
For MyBB 1.4
For MySQL 5.5 compatibility and IE9 javascript fixes, please upgrade to MyBB 1.6.3. Support for MyBB 1.4 will be ending on 1st July 2011, after which there will be no more security updates for the 1.4 series.
1.4.15 to 1.4.16 Patches
This patch is only for those users running MyBB 1.4.15. If you’re running an older version of MyBB 1.4, and don’t want to upgrade to 1.6 just yet, then please the latest version of MyBB 1.4 from the MyBB Wiki: Versions.
For help upgrading, see the MyBB Wiki: Upgrading.
Please download the attached ZIP archive below and replace the files in your forum directory with those from the ZIP archive.
1.4.15 changed files
You are required to run the upgrader for 1.4.16. After replacing the files above, remove the ‘lock’ file located in forum_root/install/, then visit forum_root/install/upgrade.php and follow the instructions (where forum_root is the web address for your forum). Remember to backup your forum’s files and database before performing this upgrade.
Once the upgrade has completed, visit the Templates & Style area of your ACP – click on Templates on the left and go to the “Find Updated Templates”. Revise and amend all affected templates here, paying attention to headerinclude, index_boardstats and forumdisplay_threadlist.
If you wish to manually patch your board please download “1.4.16 patches” and follow the instructions in that file. You are also required to amend templates to ensure functionality for your board. For this, please download “1.4.16 template patches” and follow the instructions – you must do these for all custom themes you have installed.
1.4.15 patches
1.4.15 template patches
Please remember that applying patches should only be a temporary measure until you can fully upgrade your board. The upgrader is required to run to allow the default templates to be updated with the new security fixes.
Changed Files since 1.4.15
- inc
- class_core.php
- functions_search.php
- install
- resources
- mybb_theme.xml
- upgrade.php
- jscripts
- general.js
- forumdisplay.php
- index.php
- misc.php
- showthread.php
* Rojo representa archivos que tienen actualizaciones de seguridad
* Verde representa nuevos archivos agregados a este lanzamiento
Reportar vulnerabilidades en MyBB
Si has encontrado una vulnerabilidad en MyBB, te pedimos que no lo publiques en los foros o publicarlo de cualquier forma antes de que nosotros lanzemos un nuevo parche.
De todas formas, puedes mandarnos un mensaje desde la página de contáctanos del sitio web de MyBB.
Gracias,
MyBB Team
Fuente: MyBB 1.6.3 and 1.4.16 Security Update
Traducido por: -
Atentamente, el equipo de SoporteMyBB.
Última modificación: 18 Apr, 2011, 2:46 am por Cluster.
![[Imagen: f1a59a71225e5df3f33e8c7.gif]](http://img339.imageshack.us/img339/3395/f1a59a71225e5df3f33e8c7.gif)