RSS

Bloggers

Brett Profitt
All posts
Twitter

Cash Costello
All posts
Twitter

Evan Winslow
All posts
Twitter

Juho Jaakkola
All posts
Twitter

Matt Beckett
All posts
Twitter

PaweĊ‚ Sroka
All posts
Twitter

Steve Clay
All posts
Twitter

Search

Blog tagcloud

    Oct
    20th
    by
    Brett Profitt

    Elgg 1.7.14 released

    Elgg 1.7.14 has been released to address security vulnerabilities in all versions of Elgg 1.7, as well as a severe bug in Elgg 1.7.12 and 1.7.13. Special thanks to Jeroen Dalsem of Coldtrick IT Solutions for reporting the security issue.

    The security vulnerability is a possible SQL injection vector, but has a limited scope.

    The bug fix was for a change in the access system in 1.7.12 that could prevent new users from signing up.

    It is important to upgrade to Elgg 1.7.14 to give your users the best and safest experience on your Elgg-based network.

    Oct
    12th
    by
    Brett Profitt

    Elgg 1.8.1 beta 1 released!

    Elgg 1.8.1 beta 1 has been released to address a number of bugs discovered in Elgg 1.8.0. This beta is the first bug fix release for the 1.8 branch and contains many bug fixes and enhancements, including:

     Enhancements:

    • New group activity widget for user dashboard.
    • Added more sprites.
    • version.php information cached instead of loaded 100s of times.
    • Added class elgg-autofocus to add focus on inputs when the page loads.
    • Admins can edit user avatars again.
    • Added a filter for non-bundled plugins in plugin admin.
    • Improvements to admin area theme.

    Read more

    Oct
    08th
    by
    Brett Profitt

    Elgg 1.7.13 released

    Update: A serious bug was introduced in Elgg 1.7.12 that it still not fixed in this release. The bug causes a user to see an exception when creating an account if the site is using the default widgets plugin. We recommend that you revert to 1.7.11. Download that version and copy its files over to downgrade.

    Elgg 1.7.13 has been released to address a serious bug some users encountered when trying to upgrade to 1.7.12 and a mild security vulnerability.

    The upgrade bug prevented some users from being able to run the upgrade.php script.

    The security vulnerability was in the livesearch endpoint and could cause an SQL query exposure using a specially crafted URL.

    In addition to these bugfixes, a few other enhancements were included in 1.7.13:

     

    • Files that are too large to upload will be rejected with an error message by the Files plugin. Previous versions of Elgg would save these as empty files.
    • The pages plugin forwards to the All Pages page when there isn't a valid page owner.

    All users of Elgg 1.7 are encouraged to upgrade to 1.7.13 as soon as possible.

    Sep
    29th
    by
    Brett Profitt

    Elgg 1.7.12 released

    Update: A serious bug was introduced in this version. It results in White Screen of Deaths (WSODs) when non-logged in visitors hit certain pages. We recommend that you revert to 1.7.11. Download that version and copy its files over to downgrade.

    Elgg 1.7.12 has been released to address bugs in Elgg 1.7.11. Changes include:

    • Blog plugin supports group archives.
    • Better detection of file types in File plugin.
    • Catching exceptions on profile icon lookup to prevent problems that can occur when listing users with corrupt icon information.
    • Only admins can run unit tests.
    • Dragging widgets works in IE 9.
    For those who have migrated to 1.8, we will soon release a beta of 1.8.1 to address bugs found in 1.8.0.1.

    Sep
    24th
    by
    Cash Costello

    Elgg's New Menu System: Dynamic menus

    This is the second post in a series on Elgg's new menu system. Last time I explained how to register a menu item during initialization and just before the menu is rendered. In this post, I explain how to take advantage of the just-in-time registration to create dynamic menus.

    Read more

    Sep
    05th
    by
    Brett Profitt

    Elgg 1.8.0 released

    After over a year of development and more than 800 tickets closed, we're pleased to announce the availability of Elgg 1.8.0! In addition to fixing bugs, in Elgg 1.8.0 we focused on improving the end-user experience and making it easier for Elgg developers to build Elgg sites.

    Read more

    Aug
    15th
    by
    Brett Profitt

    Elgg 1.7.11 released

    Elgg 1.7.11 has been released with security improvements. All users are advised to upgrade immediately.

    The following security enhancements were made:

    * Aung Khant from the YEHG reported and helped to fix a XSS vector in the Embed plugin and an SQL exposure vector in the Search plugin.

    * Lostmon Lords reported and helped to fix an SQL injection vector in the search plugin.

    Tons of thanks to these two people, who have been helping us find and fix security problems for the last few releases!

    1.7.11 also includes a few minor bugfixes:

    * Filtering by content works again in the activity stream.

    * Dragging works in IE 9 for profile widgets.

    Again, uses are encouraged to upgrade to Elgg 1.7.11 ASAP to keep their networks and users safe.

    Jul
    07th
    by
    Brett Profitt

    Elgg 1.8.0 beta2 released

    Elgg 1.8.0 beta 2 has been released to address issues found in the first beta. Thanks to everyone who submitted bugs, made pull requests, or gave other feedback during the first beta!

    1.8.0 is the next version of Elgg and includes significant updates to the API and the UI. Developers and end users are encouraged to try the beta to provide feedback and bug reports, but please note that this release is beta quality software that should not be in production.

    Read more

    Jun
    18th
    by
    Brett Profitt

    Elgg on GitHub

    Elgg developers probably noticed that our trac and code sites were offline this Thursday and Friday. We took these services down to make one of the biggest transitions in Elgg’s development history: migrating our code repositories from SVN to GitHub. In addition to changing VCSs, we also moved the sites to the Oregon State University’s Open Source Labs, who donate hosting services to Elgg and a number of other OSS communities.

    Read more

    Jun
    15th
    by
    Brett Profitt

    Elgg 1.7.10 released

    Elgg 1.7.10 has been released to address multiple security issues in all previous versions of Elgg. Admins should upgrade immediately to keep their networks and users safe.

    Aung Khant from the YGN Ethical Hacker Group discovered multiple reflected cross site scripting vulnerabilities in bundled plugins and provided details so we could get a fix out quickly. Thanks again to Aung and the YGN Ethical Hacker Group!

    Elgg 1.7.10 also contains a few enhancements, bugfixes, and API changes.

    Read more