RSS

Bloggers

Brett Profitt
All posts
Twitter

Cash Costello
All posts
Twitter

Evan Winslow
All posts
Twitter

Juho Jaakkola
All posts
Twitter

Matt Beckett
All posts
Twitter

PaweĊ‚ Sroka
All posts
Twitter

Steve Clay
All posts
Twitter

Search

Blog tagcloud

    Aug
    15th
    by
    Brett Profitt

    Elgg 1.7.11 released

    Elgg 1.7.11 has been released with security improvements. All users are advised to upgrade immediately.

    The following security enhancements were made:

    * Aung Khant from the YEHG reported and helped to fix a XSS vector in the Embed plugin and an SQL exposure vector in the Search plugin.

    * Lostmon Lords reported and helped to fix an SQL injection vector in the search plugin.

    Tons of thanks to these two people, who have been helping us find and fix security problems for the last few releases!

    1.7.11 also includes a few minor bugfixes:

    * Filtering by content works again in the activity stream.

    * Dragging works in IE 9 for profile widgets.

    Again, uses are encouraged to upgrade to Elgg 1.7.11 ASAP to keep their networks and users safe.