Time to upgrade! Elgg posts some new security updates for their social networking CMS.

Users of the social networking CMS, Elgg, should be aware of a new update that has been posted on the main website. Version 1.8.5 has been made available and resolves a number of outstanding issues including:

  • a security fix that prevents a potential XSS attack against users who click a specially crafted URL.
  • a fix that closes a loophole which allowed users to create a new account without requiring validation.
  • a third fix that addresses an access bug that could inadvertently reveal private entities to users who wouldn’t otherwise have access.

There are also a few minor bug fixes in this release:

  • For those networks that have enabled the Twitter API plugin, new users are forwarded to the correct page after creating an account with Twitter.
  • PDF files display in the browser instead of downloading directly to users computers.
  • Fixed some upgrade issues related to the system log.

Users of prior version should consider upgrading as soon as possible.

Have you read our Elgg Review? You should check it out if you are in the market for a social networking solution.