Security release: Elgg 1.12.13 and 2.2.2

It's recommended that site owners upgrade to 2.2.2 or 1.12.13 to mitigate an information disclosure vulnerability:

An attacker could uncover a few general details (name, icon, short description) about groups that are usually hidden from him/her. This would not expose the group's description, content, or membership, and a probe would require knowledge of Elgg internals. This weakness exists in all previous Elgg versions.

There were a few other fixes. Notably 2.2.2 is now compatible with MySQL 5.7. See the changelogs for 1.12.13 and 2.2.2.

Latest comments