Elgg tries to keep its API within major versions as backward compatible as possible. That means that a plugin written for Elgg 2.0 - 2.2 should also work on Elgg 2.3. For Elgg 1.10 the backward compatibility of the API efforts started with Elgg 1.10, so a plugin written for Elgg 1.10 should still work on Elgg 1.11 and 1.12. But you can't expect a plugin released for any 1.x version of Elgg to work on Elgg 2.x.

Only in rare cases a plugin releases for an older 2.x version might not work on more recent versions of Elgg 2 because the plugin author might have been too creative in his usage of the Elgg API in ways not expected by the Elgg core developers or using some plugin specific code that might not be compatible with later versions of Elgg even if the API as such is stable. If a plugin author hasn't updated the compatibility info you can just try the plugin on more recent versions of Elgg and it will work in almost all cases. Or you could ask the plugin author on a plugin page directly if he expects any issues.

Regarding the security question I don't know what to tell you. On the one hand, Elgg hasn't had any security issues "in the wild" I know of for many years. On the other hand, there's never a 100% guarantee that a code of a certain complexity is free of issues not yet discovered. That's not only the case with Elgg but the same with Wordpress, Jomlaa etc. And I also don't think that Wordpress has been bullet-proof security-wise over the years at all!

You can read about the upgrade policy of Elgg at http://learn.elgg.org/en/stable/appendix/support.html. So, Elgg 2.3 will get security fixes until the release of Elgg 5.0 which means at least about 2 years after the release of Elgg 3.0. And until then you might not want to stay on Elgg 2.3 anyway not mainly due to security fixes but maybe also to be able to take advantage of new features and other improvements added by then.

Thank you very much for your support!

I upgraded comments and group discussion as you suggested me,I disabled any 3rd party pluing my previous  elgg 1.8 version,  I upgraded with http://MYSITE.URL/upgrade.php, but It continuous to showing only dafault thumbnails.

DO you think there could be a configuration of .htaccess that could introduce the issue? WHen I configured my .htaccess I simply used previous .htaccess file and I have overwritten  the handler, cache and index rules.

Thank you very much again for your time

Hello iionly,

I flushed elgg and browser caches and now I see group thumbnails correctly, but I continue to see default user avatars.

Can't say for sure if it's a .htaccess issue but maybe it is. Try it the other way round and take the file htaccess_dist that comes with Elgg 1.9 as starting point. If you haven't made any modifications in your old .htaccess file of Elgg 1.8 compared to htaccess_dist of Elgg 1.8 (!!) just save htaccess_dist of Elgg 1.9 as your new .htaccess. If you have made any changes on Elgg 1.8 in .htaccess (e.g. change of some php_value or RewriteBase) then just make these modifications in the same way in the htaccess_dist file of Elgg 1.9 and then save your modified version as .htaccess. Then the new .htaccess file only has your own modifications (if any) but contains all the rewrite rules etc. as needed by Elgg 1.9.

Vielleicht ist das Bild (Bennenung facebook.png) gecacht. Hast Du mal den Cache von Elgg geflusht?