Elgg Security Warning

Our commitment is to keep your elgg site safe and secure from attacks. In this article, I will cover some security updates done recently in elgg.

Upgrade to Elgg immediately

If you are using elgg 1.8, you must upgrade to the latest version, which is 1.8.18. The most important security enhancement of this upgrade is the protection against Persistent Cross Site Scripting attacks. This vulnerability was reported by two elgg contributors. Also a special protection was added to prevent access of sensitive data in elgg.

Besides that, several bugs were fixed, such as:

-URLs with non-ASCII usernames again work
-Floated images are now properly cleared in content areas
-The activity page title now matches the document title
-Search again supports multiple comments on the same entity
-Group member listings are ordered by name
-Blog archive sidebar now reverse chronological
-URLs with matching parents can now be auto-linked
-Log browser links for users now work
-Disabling over 50 objects should no longer result in an infinite loop
-The system_log table can now store IPv6 addresses
-Radio/checkbox inputs no longer have border radius (for IE10)
-Htmlawed was upgraded to 1.1.16
-List functions: no need to specify pagination for unlimited queries
-User picker: the Only Friends checkbox again works
-Group bookmarklet no longer shown to non-members
-Widget reordering fixed when moving across columns
-Web services auth_gettoken() now accepts email address
-Refuse to deactivate plugins needed as dependencies

Such improvements were also made to elgg 1.7, however as stated on previous articles, we strongly recommend you to upgrade to elgg 1.8.18

If you need assistance upgrading elgg, contact Support or drop a comment here.

This concludes Elgg Security Warning

Looking for quality Elgg Hosting? Look no further than Arvixe Web Hosting!

Happy Hosting!

Rodolfo Hernandez

Tags: , , , , , , , , , , , , , , , , , | Posted under Elgg | RSS 2.0

Author Spotlight

Rodolfo Hernandez

Rodolfo Hernandez

I like photography and reading books. Currently working for Arvixe as Elgg Community Liaison. Elgg Security Expert Web Security Expert CEO of UDP SW Social Web

Leave a Reply

Your email address will not be published. Required fields are marked *


+ 1 = 6

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>