You are here: Home / Headlines / Elgg 1.7.3 and 1.6.3 security releases

Elgg 1.7.3 and 1.6.3 security releases

By September 2, 2010 Leave a Comment

Georg-Christian Pranschke from http://www.sensepost.com/ discovered a vulnerability in Elgg that could potentially allow SQL injection attacks using crafted URLs or POSTs. Versions 1.7.3 and 1.6.3 correct this and are highly recommended for all Elgg users.

1.7.3 also includes additional bugfixes for problems found in 1.7.2:

  • Entering an invalid captcha now forwards to the referring page instead of the front page.
  • “Edit details” and “Edit profile icon” only show up on user’s own profile.
  • get_objects_in_group() works correctly.
  • Legacy wrapper functions correctly support multiple owner guids.
To maintain the security of your network and its users, all Elgg installations should be upgraded immediately.
You can download the latest releases from their website: Elgg CMS
Filed Under: Headlines Tagged With: , , , , , , ,
About Mike Johnston

Mike is a CMS Analyst & Consultant who founded CMS Critic in 2009. He regularly consults with companies to assist them with the CMS selection process and is available for speaking engagements. You can contact him here or follow him on Google Plus.

Speak Your Mind

*