Elgg 1.8.13 and Elgg 1.7.17 have been released to address a security issue in the Twitter widget. The issue is present in all versions of Elgg that have included the Twitter widget plugin. Thanks to Moritz Naumann of Naumann IT Security Consulting for discovering and reporting this vulnerability to us.
Keep your Elgg site secure by disabling the Twitter plugin or upgrading today.
Five developers contributed to this release:
- Cash Costello
- Juho Jaakkola
- Kevin Jardine
- Krzysztof Różalski
- Steve Clay
If you would like to contribute to an Elgg release, fork our repository at Github.