Security release: Elgg 1.12.13 and 2.2.2

It's recommended that site owners upgrade to 2.2.2 or 1.12.13 to mitigate an information disclosure vulnerability:

An attacker could uncover a few general details (name, icon, short description) about groups that are usually hidden from him/her. This would not expose the group's description, content, or membership, and a probe would require knowledge of Elgg internals. This weakness exists in all previous Elgg versions.

There were a few other fixes. Notably 2.2.2 is now compatible with MySQL 5.7. See the changelogs for 1.12.13 and 2.2.2.

Steve Clay

Core Elgg team member, developer for University of Florida College of Education

Latest comments