Update: The 2.1.2 and 2.0.4 .zips are now fixed. Upon first release they actually contained 2.1.1..
Elgg 2.1.2, 2.0.4, 1.12.11, and 1.11.6 are now available. These fix a potential security issue that arises when a user remains on a page for over 40 minutes.
This affects all versions of Elgg since 1.8.0. Those who cannot upgrade or run unsupported versions should follow these steps:
Note that we will be updating our support policy soon with the result that only the 1.12 and 2.1 branches will receive support and security fixes. You should plan to upgrade to one of these branches as soon as possible.
The CHANGELOG entry for Elgg 2.1.2 follows:
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by Raül Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
Is the content of the 2.0.4 zip really version 2.0.4? It looks to me rather to be almost the same as 2.1.2.
Additionally, is the content of the 2.1.2 zip really version 2.1.2 with all changes? It doesn't look like it is to me - changelog does not contain the changes of 2.1.2 and there's not a single changed file between 2.1.1 and 2.1.2 in mod and vendor/elgg!
The zips for 2.1.2 and 2.0.4 actually contain 2.1.1. I'm working on this.
Both 2.1.2 and 2.0.4 zips are fixed.