Security release: Elgg 1.12.18 and 2.3.11

Thanks to a detailed report by Jyoti Raval we were able to mitigate an open redirect vulnerability.

Please report any security issue to security [at] elgg.org

The latest version of Elgg can be found in the download section of the website.

Elgg 1.12.18 release notes

Contributors

  • Jyoti Raval (1)
  • Wouter van Os (1)

Bug Fixes

  • core: revert original libxml_use_internal_errors value after use (bc30e941)

Elgg 2.3.11 release notes

Contributors

  • Jerôme Bakker (4)
  • Ismayil Khayredinov (1)

Bug Fixes

  • gatekeeper: more consistency in resource gatekeepers (60a045a3)
  • livesearch: prevent PHP warning in switch statement (44e671d0)
  • notifications: fix faulty subscription list mutations (0edb38d1)
  • walled_garden: allow access to webapp manifest.json (73c36a13)