cmsforum

MyBB 1.8.20 출시 - 보안 및 유지 보수 릴리스

조회 수 8 추천 수 0 2019.05.18 21:07:40

MyBB 1.8.20 출시 - 보안 및 유지 보수 릴리스


MyBB 1.8.20 is now available, and is a security & maintenance release.

This release includes allowing users to see their unapproved content and view user referrals; compatibility with PHP >= 7.2 has been improved and jQuery has been upgraded to 3.0.0, which might affect custom JavaScript code in plugins and themes.

  • 5 security vulnerabilities addressed:

    • Medium risk: Reset Password reflected XSS
    • Medium risk: ModCP Profile Editor username reflected XSS — reported by Jovan Zivanovic of MaTRIS Research Group, SBA Research
    • Low risk: Predictable CSRF token for guest users — reported by Devilshakerz of MyBB Team
    • Low risk: ACP Stylesheet Properties XSS — reported by Cillian Collins
    • Low risk: Reset Password username enumeration via email — reported by Abdullah Md. Shaleh
  • 42 issues resolved

Check Release Notes for a list of changes to language files, templates and unresolved issues.

Get latest MyBB Full & Upgrade Packages →

The MyBB Project extends thanks to reporters and researchers following responsible disclosure.
Go to mybb.com/security to report possible security concerns or to learn more about security research at MyBB.
If you would like to contribute to the Project, Get Involved.

Thanks,
MyBB Team


https://blog.mybb.com/2019/02/27/mybb-1-8-20-released-security-maintenance-release/

profile
엮인글 :
List of Articles
번호 제목 글쓴이 날짜 조회 수
4 [베타버전] 그누보드 5.4 시포 2019-05-19 12
» MyBB 1.8.20 출시 - 보안 및 유지 보수 릴리스 시포 2019-05-18 8
2 phpBB 3.2.7 Release 시포 2019-05-18 4
1 XE 3정식 버전 출시 시포 2019-05-16 22
회사명 : EZ소프트
주 소 : 부산광역시 기장군 기장읍 청강로 6
등록번호 : 449 - 34 - 00705
전화번호 : 051 - 723 - 9773
E-mail : gunwoo@cmsforum.net