A screenshot of a default MyBB installation
|Stable release||1.8.4 (February 15, 2015 ) [±]|
|Written in||PHP / MySQL (PostgreSQL and SQLite are also supported)|
|Size||2.20 MB zipped; 13.93 installed|
|Available in||Official support is given in English, but language packs are available for German, Spanish, Vietnamese, Portuguese, and many others|
MyBB, originally MyBulletinBoard, is a free and open source forum software which is developed by the MyBB Group. It is written in PHP, supports MySQL, PostgreSQL and SQLite as database systems and has database failover support. It is licensed under the LGPL.
History and development
MyBB 1.0 and 1.1
Founded as DevBB in 2002 by Chris Boulton from a fork of XMB, the first public release (RC1) of MyBB was published on 10 December 2003. It wasn't until 2 years later, on 9 December 2005, that MyBB 1.0 was released.
On 9 March 2006, version 1.1 was released. The last version of this series was 1.1.8, a security update released on 20 August 2006.
On 2 September 2006, with a revised and rewritten code base and over 40 new features, MyBB 1.2 was released. Support for the 1.2 series officially ended on 1 June 2009, although security updates were available until 31 December 2009.
The final version of the 1.2 series, 1.2.14, was a security and maintenance update published on 17 July 2008. Several security patches were available in consequent security updates for users still using the 1.2 series.
After a long beta phase MyBB 1.4 was released on 2 August 2008 complete with over 70 new features, including a completely revised and redesigned Administration Control Panel (ACP).
On 12 October 2008, MyBB 1.4.2 was released. This version changed MyBB's license from proprietary to GNU GPL v3. The change in license was driven from a request from KDE who, in a related announcement, launched their first web-based community using MyBB as an alternative to a mailinglist.
On 2 May 2009, due to time constraints, founder Chris Boulton left the day-to-day responsibilities to Dennis Tsang (previously the Support Team Manager) who took over as Product Manager of MyBB. Matt Rogowski would later take over Dennis' responsibilities as Support Team Manager.
So far, much of MyBB's development happened internally on a closed cycle. After switching to an open source license, on 19 August 2009, the MyBB Group opened development access so that users had access to the official bugtracker and read access to the subversion repository.
On 3 August 2010, on the 2 year anniversary of MyBB 1.4's release, MyBB 1.6 was released with over 40 new features and included many tweaks, fixes and performance optimizations. The 1.6 series is distributed under the GNU LGPL v3 and requires at least PHP 5.1.
During the 1.6 series, several senior members of the MyBB Group changed positions. On 3 October 2010, Tim Bell was promoted to Product Manager with responsibilities of running the day-to-day operations of MyBB as well as the marketing aspect of the MyBB product. Dennis Tsang took a position as Technical Advisor, helping with software design and development of MyBB.
On 5 December 2010 Ryan Gordon, the lead developer of MyBB for the past 5 years, resigned to pursue new challenges. As a result, Tom Moore took over Ryan's responsibilities for development and Dylan M took over management of the MyBB Merge System.
MyBB 1.6.4, released 26 July 2011, was one of the largest MyBB updates and the first release in MyBB's history that required all core files to be replaced due to errors in previous releases of 1.6. It was also the first release to include feature changes which are normally reserved for major point (feature) releases, but was marred upon discovery that the release had been contaminated during a MyBB server breach with dangerous code that could be used to exploit forum installations running 1.6.4. The step to include new feature updates was taken to extend the life of the 1.6 series while MyBB's next series, MyBB 2.0, was being developed.
On 10 February 2012, MyBB version 1.6.6 was released as a security update. It fixed 14 low-risk vulnerabilities and fixed an issue allowing for the import of a non-CSS stylesheet. MyBB also fixed a bug in 1.6.5 where announcements would disappear.
On March 31, 2012, MyBB 1.6.7 was released, fixing over 70 issues, and introducing 5 feature updates. It fixed 4 SQL Injection vulnerabilities (low risk), an XSS vulnerability, and a path disclosure issue. The feature updates included wider display of Forum Rules, Custom Moderator Tool permissions, an override permission for sending an email to a user who has ignored you, and the ability for a user to login with their email address.
On May 27, 2012, MyBB version 1.6.8 was released. It was a general maintenance release and fixes over 40 reported issues. To provide support for EU users cookies tracking forums or threads that have been read by guests are now session cookies. The information held within these cookies will be destroyed when the user's browser is closed.
On December 15, 2012, MyBB version 1.6.9 was released. It was a security release for the 1.6 series. In this version was fixed a high risk SQL vulnerability when editing a post and another medium vulnerability about CAPTCHA systems. Also was fixed a bug related to the editor that not working in Firefox 16 (and above).
On April 22, 2013, MyBB version 1.6.10 was released. It was a security & maintenance release. It saw the fixation of seven minor vulnerabilities and over 95 reported bugs causing the incorrect utilization. A considerable amount of effort has been put into MyBB 1.6.10 to fix a myriad of issues with PHP 5.4.
On October 8, 2013, MyBB Version 1.6.11 was released. It was a security & maintenance release. In this release, 5 vulnerabilities and over 65 reported issues causing incorrect functionality of MyBB were fixed, including a vulnerability that affected users using a MySQL Database.
On December 30, 2013, MyBB Version 1.6.12 was released. It was a security & maintenance release. In this release, 4 vulnerabilities and 10 reported issues causing incorrect functionality of MyBB were fixed, adding a new feature: support for 4-Byte UTF-8 Unicode Encoding for a MySQL Database.
On April 26, 2014, MyBB Version 1.6.13 was released. It was a security & maintenance release. In this release, 4 vulnerabilities and 38 reported issues causing incorrect functionality of MyBB were fixed, solving two medium risk reported vulnerabilities.
On June 30, 2014, MyBB Version 1.6.14 was released. It was a security & maintenance release. In this release, 5 vulnerabilities and 50 reported issues causing incorrect functionality of MyBB were fixed, solving two medium risk reported vulnerabilities.
The MyBB Team said many times that MyBB would be jumping directly from MyBB 1.6 to 2.0. However, on 1 April 2012, the MyBB group announced that there would in fact be a MyBB 1.8. Many considered this to be an April Fool's joke. Then, on 3 April 2012, another blog post was released saying that "it was no April Fool". MyBB 1.8 will feature a new default theme based on MyBB lead designer Justin S.'s Apart theme series. A brand new feature to do with themes was announced:
The MyBB Team also announced that the development SVN reposiotry would be moving from their own dev site at dev.mybb.com to GitHub. The GitHub repository was opened to the public on January 23, 2013. All open issues on the development site were moved to GitHub on March 3, 2014.
On June 1, 2014, 1.8 Beta 1 was released for the public to test and report bugs and issues.
On April 22, 2011, MyBB announced that they were looking for a "creative doodler" to create a mascot for MyBB. Mike Creuzer of Audentio Design was chosen for the job. The new MyBB mascot and logo were officially announced on January 12, 2012. A forum discussion was created to propose names for the mascot. The top ten names were placed into a poll, and the community voted and decided upon the name "Bolt", representing MyBB founder Chris Boulton and the speediness and ease of use MyBB has.
The next major release of MyBB will be 2.0, targeted for a release within MyBB's typical release cycle. Currently in early planning, it is being rewritten from scratch in a MVC method. It will use the Laravel framework.
On 27 April 2010, the MyBB Group started a donation drive in an effort to purchase the mybb.com domain name. The Group needed to raise $5,000 from community donations for the transfer, and with founder Chris Boulton and community member Jesse Labrocca personally providing $1,000, that left $3,000 from the community.
Just a month later, on 27 May 2010, MyBB.com was transferred and in use across the site.
MyBB supports multiple database engines. It currently supports MySQL, PgSQL, and SQLite v2 and v3. MyBB also supports database failover support so that if one database fails, MyBB will load the next database on the list. Master and slave databases are also configurable.
Plugins and themes
MyBB plugins are written in PHP and use hooking techniques. Unlike other software like WordPress, plugins need to be uploaded via FTP as uploading from the admin panel is not supported without a plugin. However, this is a considerable advantage over the extension method used by phpBB where all modifications are core file edits.
MyBB Themes are written inside the Admin Control Panel, and exported to an XML file. The XML file includes all modified MyBB templates and CSS stylesheets, which is redistributed alongside any extra resources (such as images) in a Zip file.
There are over 2,400 plugins and themes on the MyBB mods website. Many other MyBB resource sites, such as MyBBCentral or MyBB-Plugins also offer exclusive, and sometimes paid, plugins and themes.
The MyBB Group strive to put security first, therefore when a high-risk security exploit is reported, a patch is typically available within 24 hours.
In October 2011, MyBB found 3rd party code had contaminated the 1.6.4 release files. This code could be exploited to open a security vulnerability on a forum running the affected version. It was later found that a security flaw in the custom CMS mybb.com uses to power its website allowed a malicious user to alter the download files to include their own code.
As a result of the intrusion, the MyBB Group now hosts downloads via GitHub to ensure the security of a release. A Forum Security section on the MyBB Community Forums opened in 2011 to provide support for users who have been a victim of an exploit.
Throughout 2011, automated registrations caused forum spam in many MyBB powered forums. In MyBB 1.6.5, released on 25 November 2011, additional methods were added to help administrators locate spam users and manage them effectively as well as providing standard reCAPTCHA support.
In May 2012, hacktivist group UGNazi gained unauthorized control over the MyBB.com domain name using a social engineering technique. The attack appears to have been motivated by the use of the MyBB software by a third-party website, HackForums.
The MyBB Merge System was first developed in early 2007. It allows conversions from Invision Power Board, phpBB, Simple Machines Forum, PunBB, bbPress, or vBulletin to MyBB, or merge MyBB installations together.
MyBB has a 9.6 out of ten review at forum-software.org and was named the best free forum software of 2008, 2010, 2011 and 2012 by the same site. It has a 4.33 out of 5 review at HotScripts, and has been recommended by cloud computing company Standing Cloud. It has been featured in magazines such as The H and runs several sizeable forums on the web, including HackForums, CSNbbs, and several EA Sports boards.
- "MyBB – License Agreement". Retrieved 2011-12-12.
- Boulton, Chris. "Some closure on the 1.6.4 Security Vulnerability". MyBB Blog. Retrieved 16 March 2013.
- Boulton, Chris. (2012-04-03)MyBB 1.8 Tour: Introduction | MyBB Blog. Blog.mybb.com. Retrieved on 2012-06-03.
- http://community.mybb.com/thread-123026-post-1064494.html#pid1064494 The actual transfer of issues occurred just before midnight the day before.
- "MyBB – Softaculous". Retrieved 2011-12-12.
- "Resource Sites". Retrieved 14 December 2011.
- Gordon, Ryan. "MyBB 1.4.2 Released - Maintenance and Security Update". MyBB Community Forums. Retrieved 8 October 2013.
- Boulton, Chris. "Some closure on the 1.6.4 Security Vulnerability". MyBB Blog. Retrieved 16 March 2013.
- Twitter / UG: HF Uses Mybb, We're tired. Twitter.com. Retrieved on 2012-06-03.
- Statement for MyBB.com – UGNazi. Pastebin.com (2012-05-30). Retrieved on 2012-06-03.
- "MyBB Merge System". Retrieved 2011-12-12.
- "MyBB Review". Retrieved 2011-12-12.
- "Best Free Forum Software of 2008".
- "Best Free Forum Software of 2010".
- "Best Free Forum Software of 2011".
- "Best Free Forum Software of 2012".
- "Reviews for MyBB". Retrieved 2011-12-12.
- "MyBB – Forum Software". Retrieved 2011-12-12.
- "MyBB update adds features, closes holes". Retrieved 2011-12-12.
- "Battlefield Heroes Forums". Retrieved 2011-12-12.
- "Lord of Ultima Forums". Retrieved 2011-12-12.