MyBB, formerly MyBBoard and originally MyBulletinBoard, is a free and open-source forum software developed by the MyBB Group. It is written in PHP, supports MySQL, PostgreSQL and SQLite as database systems and, in addition, has database failover support.[2] It is available in multiple languages[3] and is licensed under the LGPL.[4]
History and development
MyBB 1.0 and 1.1
Founded as DevBB in 2002 by Chris Boulton from a fork of XMB, the first public release (RC1) of MyBB was published on 10 December 2003. It wasn't until 2 years later, on 9 December 2005, that MyBB 1.0 was released.
On 9 March 2006, version 1.1 was released. The last version of this series was 1.1.8, a security update released on 20 August 2006.
MyBB 1.2
On 2 September 2006, with a revised and rewritten code base and over 40 new features, MyBB 1.2 was released. Support for the 1.2 series officially ended on 1 June 2009, although security updates were available until 31 December 2009.[5]
The final version of the 1.2 series, 1.2.14, was a security and maintenance update published on 17 July 2008.[6] Several security patches were available in consequent security updates for users still using the 1.2 series.
MyBB 1.4
After a long beta phase MyBB 1.4 was released on 2 August 2008 complete with over 70 new features, including a completely revised and redesigned Administration Control Panel (ACP).
On 12 October 2008, MyBB 1.4.2 was released. This version changed MyBB's license from proprietary to GNU GPL v3.[7] The change in license was driven from a request from KDE who, in a related announcement, launched their first web-based community using MyBB as an alternative to a mailinglist.
On 2 May 2009, due to time constraints, founder Chris Boulton left the day-to-day responsibilities to Dennis Tsang (previously the Support Team Manager) who took over as Product Manager of MyBB. Matt Rogowski would later take over Dennis' responsibilities as Support Team Manager.[8]
So far, much of MyBB's development happened internally on a closed cycle. After switching to an open source license, on 19 August 2009, the MyBB Group opened development access so that users had access to the official bugtracker and read access to the subversion repository.[9]
The final version in the 1.4 series was 1.4.16, released as a security update on 17 April 2011.[10] Support for the series ended on 1 July 2011 for both maintenance and security releases.[11]
MyBB 1.6
On 3 August 2010, on the 2 year anniversary of MyBB 1.4's release, MyBB 1.6 was released with over 40 new features and included many tweaks, fixes and performance optimizations. The 1.6 series is distributed under the GNU LGPL v3[4] and requires at least PHP 5.1.[12]
During the 1.6 series, several senior members of the MyBB Group changed positions. On 3 October 2010, Tim Bell was promoted to Product Manager with responsibilities of running the day-to-day operations of MyBB as well as the marketing aspect of the MyBB product. Dennis Tsang took a position as Technical Advisor, helping with software design and development of MyBB.
The old MyBB logo
On 5 December 2010 Ryan Gordon, the lead developer of MyBB for the past 5 years, resigned to pursue new challenges. As a result, Tom Moore took over Ryan's responsibilities for development and Dylan M took over management of the MyBB Merge System.
MyBB 1.6.4, released 26 July 2011, was one of the largest MyBB updates and the first release in MyBB's history that required all core files to be replaced due to errors in previous releases of 1.6. It was also the first release to include feature changes which are normally reserved for major point (feature) releases, but was marred upon discovery that the release had been contaminated during a MyBB server breach with dangerous code that could be used to exploit forum installations running 1.6.4.[13] The step to include new feature updates was taken to extend the life of the 1.6 series while MyBB's next series, MyBB 2.0, was being developed.
On 25 November 2011, MyBB 1.6.5 was released. This version included over 10 new feature updates, including reCAPTCHA support and advancements to prevent spam users.[14]
On 10 February 2012, MyBB 1.6.6 was released as a security update. It fixed 14 low-risk vulnerabilities and fixed an issue allowing for the import of a non-CSS stylesheet. MyBB also fixed a bug in 1.6.5 where announcements would disappear.[15] On 14 February 2012, the MyBB Group announced that MyBB 1.6.6 was originally released with development code unintentionally included.[16]
On March 31, 2012, MyBB 1.6.7 was released, fixing over 70 issues, and introducing 5 feature updates. It fixed 4 SQL Injection vulnerabilities (low risk), an XSS vulnerability, and a path disclosure issue. The feature updates included wider display of Forum Rules, Custom Moderator Tool permissions, an override permission for sending an email to a user who has ignored you, and the ability for a user to log in with their email address.[17]
On May 27, 2012, MyBB 1.6.8 was released. It was a general maintenance release and fixes over 40 reported issues. To provide support for EU users cookies tracking forums or threads that have been read by guests are now session cookies. The information held within these cookies will be destroyed when the user's browser is closed.[18]
On December 15, 2012, MyBB 1.6.9 was released. It was a security release for the 1.6 series. In this version was fixed a high risk SQL vulnerability when editing a post and another medium vulnerability about CAPTCHA systems. Also was fixed a bug related to the editor that not working in Firefox 16 (and above).[19]
On April 22, 2013, MyBB 1.6.10 was released. It was a security & maintenance release. It saw the fixation of seven minor vulnerabilities and over 95 reported bugs causing the incorrect utilization. A considerable amount of effort has been put into MyBB 1.6.10 to fix a myriad of issues with PHP 5.4.[20]
On October 8, 2013, MyBB 1.6.11 was released. It was a security & maintenance release. In this release, 5 vulnerabilities and over 65 reported issues causing incorrect functionality of MyBB were fixed, including a vulnerability that affected users using a MySQL Database.[21]
On December 30, 2013, MyBB 1.6.12 was released. It was a security & maintenance release. In this release, 4 vulnerabilities and 10 reported issues causing incorrect functionality of MyBB were fixed, adding a new feature: support for 4-Byte UTF-8 Unicode Encoding for a MySQL Database.[22]
On April 26, 2014, MyBB 1.6.13 was released. It was a security & maintenance release. In this release, 4 vulnerabilities and 38 reported issues causing incorrect functionality of MyBB were fixed, solving two medium risk reported vulnerabilities.[23]
On June 30, 2014, MyBB 1.6.14 was released. It was a security & maintenance release. In this release, 5 vulnerabilities and 50 reported issues causing incorrect functionality of MyBB were fixed, solving two medium risk reported vulnerabilities.[24]
On August 4, 2014, MyBB 1.6.15 was released. It was a security & maintenance release. In this release, 1 vulnerability and 26 reported issues were fixed, solving one medium risk vulnerability.[25]
On November 20, 2014, MyBB 1.6.16 was released. It was a security release. In this release, 5 low risk vulnerabilities were fixed, in addition to sanitizing all data obtained from the MyBB server.[26]
MyBB 1.8
The new MyBB Logo, used from MyBB 1.8.0 onwards.
The MyBB Team said many times that MyBB would be jumping directly from MyBB 1.6 to 2.0. However, on 1 April 2012, the MyBB group announced that there would in fact be a MyBB 1.8.[17] Many considered this to be an April Fool's joke. Then, on 3 April 2012, another blog post was released saying that "it was no April Fool".[27] MyBB 1.8 will feature a new default theme based on MyBB lead designer Justin S.'s Apart theme series. A brand new feature to do with themes was announced:
[Attachable base colors] allow you to create colours to which you can attach stylesheets (just like you can attach stylesheets to pages). You can also set a display order for all your stylesheets so that they can override styles. Together, the changes mean you can add a theme with as many custom colours as you want. Using the parent/child theme structure that already exists in 1.x you can restrict or allow certain usergroups to use these colours and, as they inherit the main stylesheets, they’re very easy to manage. So, there is no longer the need to install a dozen different themes just for a different colour header.
Tom Moore, MyBB lead developer[27]
The post went on to say that MyBB's default JavaScript library would be changed to the more popular jQuery from the current Prototype JavaScript Framework. A new "trash can" soft delete feature was also announced that allows deleted posts to be recovered in the Moderator Control Panel. It was also mentioned that instead of releasing an official anti-spam plugin as planned called Spam Ninja, the MyBB Team would be added many new anti-spam features directly to the MyBB core.
The MyBB Team also announced that the development SVN repository would be moving from their own dev site at dev.mybb.com to GitHub. The GitHub repository was opened to the public on January 23, 2013.[28] All open issues on the development site were moved to GitHub on March 3, 2014.[29]
On June 1, 2014, MyBB 1.8 Beta 1 was released for the public to test and report bugs and issues.[30]
On July 1, 2014, MyBB 1.8 Beta 2 was released for the public to test and report bugs and issues. It included 5 new features and several enhancements since the first beta.[31]
On July 21, 2014, MyBB 1.8 Beta 3 was released for the public to test and report bugs and issues. It was the last beta release before MyBB 1.8 went 'gold'. It included 8 new features and several enhancements since the second beta.[32]
On September 1, 2014, MyBB 1.8 was released with over 24 new features and many enhancements. These changes include: a new theme (for both the front-end forum and back-end Admin CP), IPv6 features, soft delete and the much anticipated change of JavaScript library from Prototype to the more popular jQuery. The release also saw an updated website design and the implementation of the new logo and brand.[33]
On September 17, 2014, MyBB Merge System 1.8 was released, dropping support for 5 other forum software versions, but also adding support for 9 more.[34]
On October 23, 2014, MyBB 1.8.1 was released along with MyBB Merge System 1.8.1. It was a maintenance release. 74 reported issues were fixed and 7 in the Merge System.[35]
On November 13, 2014, MyBB 1.8.2 was released. It was a security release. 5 vulnerabilities were fixed, including one high risk SQL injection vulnerability.[36]
On November 20, 2014, MyBB 1.8.3 was released. It was a security release. 6 vulnerabilities were fixed, including one high risk SQL injection vulnerability, in addition to sanitizing all data obtained from the MyBB server.[26]
On February 15, 2015, MyBB 1.8.4 was released. It was a feature update, security and maintenance release. 7 vulnerabilities, including 2 medium risk XSS vulnerabilities, and 118 reported issues were fixed.[37]
On May 27, 2015, MyBB 1.8.5 was released. It was a security and maintenance release. This release fixed 6 security vulnerabilities and 58 reported issues.[38]
The latest version of MyBB 1.8.x is 1.8.19, released on September 11, 2018.
Branding changes
On April 22, 2011, the MyBB Group announced that they were looking for a "creative doodler"[39] to create a mascot for MyBB. Mike Creuzer, of Audentio Design, was chosen for the job. The new MyBB mascot and logo were officially announced on January 12, 2012.[40] A forum discussion was created to propose names for the mascot. The top ten names were placed into a poll, and the community voted and decided upon the name "Bolt",[17] representing MyBB founder Chris Boulton and the speediness and ease of use MyBB has.
MyBB 1.9
After a community vote, the development of MyBB 2.0 was put on hold and the development shifted to smaller 1.x updates that can be rolled out in a quicker fashion, starting with 1.9.[41] 1.9 will feature a responsive theme written with the Twig template system, replace the current editor with TinyMCE and introducing the Swiftmailer mail handler. Some customization abilities will be added to the admin control panel. In January 2018 lead developer Euan announced a beta version of MyBB 1.9 for the first quarter of 2018.[42] In August 2019 no updated release date was announced by the development team.[43] The release of the beta of MyBB 1.9 didn't happen as of December 2020.
MyBB 2.0
The next major release of MyBB will be 2.0, targeted for a release within MyBB's typical release cycle. It will be rewritten from scratch in a MVC method, using the Laravel PHP web application framework. The GitHub development repository will be opened to the public for contributions and an alpha download released once the new code-base becomes "working software with all the basics".[44] The development of MyBB 2.0 was put on hold in June 2018.
Donation drive
On 27 April 2010, the MyBB Group started a donation drive in an effort to purchase the mybb.com domain name. The Group needed to raise $5,000 from community donations for the transfer, and with founder Chris Boulton and community member Jesse Labrocca personally providing $1,000, that left $3,000 from the community.[45]
Just a month later, on 27 May 2010, MyBB.com was transferred and in use across the site.[46]
Features
Database support
MyBB supports multiple database engines. It currently supports MySQL, PgSQL, and SQLite v2 and v3.[47] MyBB also supports database failover support so that if one database fails, MyBB will load the next database on the list. Master and slave databases are also configurable.
Plugins and themes
MyBB plugins are written in PHP and use hooking techniques. Unlike other software like WordPress, plugins need to be uploaded via FTP as uploading from the admin panel is not supported without a plugin.[48] However, this is a considerable advantage over the old extension method used by phpBB where all modifications are core file edits.
MyBB Themes are written inside the Admin Control Panel, and exported to an XML file. The XML file includes all modified MyBB templates and CSS stylesheets, which is redistributed alongside any extra resources (such as images) in a Zip file.
There are over 2,400 plugins and themes on the MyBB mods website. Many other MyBB resource sites, such as MyBBCentral or MyBB-Plugins also offer exclusive, and sometimes paid, plugins and themes.[49]
Security
MyBB has a relatively low-risk security record. In August 2008, MyBB performed a security audit (provided by GulfTech) which led to the release of MyBB 1.4.2 on 17 September 2008.[50]
The MyBB Group put security first, giving it the highest priority, to the extent that the MyBB website has a "Security Hall of Fame" to recognise those who responsibly disclose vulnerabilities in the software.[51]
In October 2011, MyBB found 3rd party code had contaminated the 1.6.4 release files.[52] This code could be exploited to open a security vulnerability on a forum running the affected version. It was later found that a security flaw in the custom CMS mybb.com uses to power its website allowed a malicious user to alter the download files to include their own code.[13]
As a result of the intrusion, the MyBB Group now hosts downloads via GitHub to ensure the security of a release.[53] A Forum Security section on the MyBB Community Forums opened in 2011 to provide support for users who have been a victim of an exploit.
Throughout 2011, automated registrations caused forum spam in many MyBB powered forums. In MyBB 1.6.5, released on 25 November 2011, additional methods were added to help administrators locate spam users and manage them effectively as well as providing standard reCAPTCHA support.
In May 2012, hacktivist group UGNazi gained unauthorized control over the MyBB.com domain name using a social engineering technique. The attack appears to have been motivated by the use of the MyBB software by a third-party website, HackForums.[54][55]
Merge System
The MyBB Merge System was first developed in early 2007. MyBB Merge System 1.6 allows conversions from Invision Power Board, phpBB, Simple Machines Forum, PunBB, bbPress, or vBulletin to MyBB, or merge MyBB installations together.[56] MyBB Merge System 1.8 allows conversions from bbPress version 2.5, FluxBB, Invision Power Board versions 3 and 4 (Pre Release Version), MyBB version 1.8 (merge), phpBB version 3, SMF versions 1.1 and 2.0, PunBB version 1.2, Vanilla, vBulletin versions 3 and 4, WoltLab Burning Board versions 3, 4 and Lite 2, XenForo.[57]
Reviews
MyBB had a 9.6 out of ten review at forum-software.org[58] and was named the best free forum software of 2008,[59] 2010,[60] 2011[61] and 2012[62] by the same site. It has been featured in magazines such as The H[63] and runs several sizeable forums on the web, including HackForums, CSNbbs, and several EA Sports boards.[64][65]