MyBB 1.6.6 Security Release

[Prorootect]

.
MyBB 1.6.6 Security Release topic for you!


MyBB 1.6.6 Security Release: on blog.mybb.com: http://blog.mybb.com/2012/02/10/mybb-1-6-6-security-release/


QUOTE:
'What’s added/changed in this version?
In 1.6.6, 1 major issue and 14 low risk vulnerabilities have been fixed. Only the issues listed below are fixed; a further maintenance release will be available with general fixes to functionality in the near future.

•Vulnerabilities:
◦Non Critical: Import a non-CSS stylesheet (Theme)
◦Low Risk: CSRF vulnerability on Admin CP logout (Issue #1769)
◦Low Risk: CSRF vulnerability when clearing a stored password (Issue #1824)
◦Low Risk: CSRF vulnerability when removing a buddy (Issue #1825)
◦Low Risk: CSRF vulnerability with Admin CP join requests (Issue #1834)
◦Low Risk: CSRF vulnerability in Group Promotions Enable/Disable
◦Low Risk: CSRF vulnerability in ACP Edit User (Avatar)
◦Low Risk: CSRF vulnerability with activating a user
◦Low Risk: XSS vulnerability when moving an event (Calendar)
◦Low Risk: XSS vulnerabilities in Akismet plugin
◦Low Risk: XSS vulnerabilities in Forum Subscriptions (User CP)
◦Low Risk: XSS vulnerability in Moderator Logs
◦Low Risk: XSS vulnerability in Edit Post
◦Low Risk: XSS vulnerability when editing Announcements'
.

 

[McLovin]

I have already applied this update to my forum and it works perfectly fine. No big updates I thought in this one.