Elgg 1.8.14 and Elgg 1.7.19 have been released to address a security issue in the profile tool. Thanks to Fabien Duchene for discovering and reporting this vulnerability to us.
Keep your Elgg site secure by upgrading today.
The 1.8.14 release also includes significant bug fixes to localization in JavaScript, saving blog drafts, and displaying system errors due to token timeouts. In all there were 40 bug fixes and enhancements. Thank you to all the developers who contributed:
If you would like to contribute to an Elgg release, fork our repository at Github.
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by Raül Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
The Type-2 XSS vulnerability in Elgg 1.8.13 and 1.7.18 has been assigned the number CVE-2013-7297 by the MITRE CVE Numbering Authority.