Elgg 1.8.19 and 1.7.22 have been released with important security enhancements. All users are encouraged to upgrade immediately to keep their sites and users protected. Users of 1.7 should migrate to 1.8 ASAP as Elgg 1.7 will no longer be updated when Elgg 1.9 is released.
The security fixes in both version improves the security of the "Remeber Me" feature and introduces measures to prevent brute-force attacks of the Remember Me cookie. This upgrade will invalidate all Remember Me cookies for admin users, so admin users may need to log in again.
Other changes in 1.8.19 include:
- Fixed numerous PHP warnings.
- Groups: Corrected breadcrumb for group discussion pages.
- Fixed RSS validation for the River RSS feed.
- Moved Site Secret update to configure -> advanced.
The following deveopers contributed to these releases:
- Brett Profitt
- Evan Winslow
- Ismayil Khayredinov
- Jerome Bakker
- Juho Jaakkola
- Matt Beckett
- Steve Clay