Social networking CMS Elgg have released two important security updates for two of their current versions. Elgg 1.8 has received version 1.8.19, whilst Elgg 1.7 has been upgraded to 1.7.22.
Elgg is a free and open source social networking software that has been around since 2004. The popular platform provides a robust framework on which to build all kinds of social environments, from a campus wide social network for your university, school or college or an internal collaborative platform for your organization through to a brand-building communications tool for your company and its clients.
Features and functionalists include blogging, microblogging, file sharing, networking, groups and much more.
The security fixes in both of these new security updates will help to enhance the security of the "Remember Me" feature and also introduces measures to prevent brute-force attacks of the "Remember Me" cookie. This upgrade will invalidate all "Remember Me" cookies for admin users, so admin users may need to log in again.
Other changes in 1.8.19 include:
- Fixed numerous PHP warnings.
- Groups: Corrected breadcrumb for group discussion pages.
- Fixed RSS validation for the River RSS feed.
- Moved Site Secret update to configure -> advanced.
However, perhaps more importantly, Elgg have also strongly encouraged their 1.7 users to make the migration to 1.8 in lieu of Elgg 1.9 releasing.
Users of 1.7 should migrate to 1.8 ASAP as Elgg 1.7 will no longer be updated when Elgg 1.9 is released.
For more information on the release of Elgg versions 1.8.19 and 1.7.22, check out Elgg's official blog. Both versions can also be downloaded here.
Additionally, you can explore more of Elgg via our CMS Directory.