Elgg 1.8.19 and 1.7.22 have been released with important security enhancements. All users are encouraged to upgrade immediately to keep their sites and users protected. Users of 1.7 should migrate to 1.8 ASAP as Elgg 1.7 will no longer be updated when Elgg 1.9 is released.
The security fixes in both version improves the security of the "Remeber Me" feature and introduces measures to prevent brute-force attacks of the Remember Me cookie. This upgrade will invalidate all Remember Me cookies for admin users, so admin users may need to log in again.