Elgg 1.8.19 and 1.7.22 have been released with important security enhancements. All users are encouraged to upgrade immediately to keep their sites and users protected. Users of 1.7 should migrate to 1.8 ASAP as Elgg 1.7 will no longer be updated when Elgg 1.9 is released.
The security fixes in both version improves the security of the "Remeber Me" feature and introduces measures to prevent brute-force attacks of the Remember Me cookie. This upgrade will invalidate all Remember Me cookies for admin users, so admin users may need to log in again.
Other changes in 1.8.19 include:
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.