Social networking CMS Elgg has released two important security updates for two of their current versions. Elgg 1.8 has received version 1.8.19, whilst Elgg 1.7 has been upgraded to 1.7.22.
Elgg is a free and open-source social networking software that has been around since 2004. The popular platform provides a robust framework on which to build all kinds of social environments, from a campus-wide social network for your university, school, or college or an internal collaborative platform for your organization to a brand-building communications tool for your company and its clients.
Features and functionalists include blogging, microblogging, file sharing, networking, groups, and much more.
The security fixes in both of these new security updates will help to enhance the security of the “Remember Me” feature and also introduces measures to prevent brute-force attacks of the “Remember Me” cookie. This upgrade will invalidate all “Remember Me” cookies for admin users, so admin users may need to log in again.
Other changes in 1.8.19 include:
- Fixed numerous PHP warnings.
- Groups: Corrected breadcrumb for group discussion pages.
- Fixed RSS validation for the River RSS feed.
- Moved Site Secret update to configure -> advanced.
However, perhaps more importantly, Elgg have also strongly encouraged their 1.7 users to make the migration to 1.8 in lieu of Elgg 1.9 releasing.
Users of 1.7 should migrate to 1.8 ASAP as Elgg 1.7 will no longer be updated when Elgg 1.9 is released.
Additionally, you can explore more of Elgg via our CMS Directory.