Elgg 3.3.11

A new version for Elgg 3.3 is now available in the download section.

Release notes for Elgg 3.3.11

Contributors

  • Jeroen Dalsem (3)
  • Jerôme Bakker (1)

Bug Fixes

  • core: do not save session for serve-file and CLI requests (cf8ee303)
  • database: use compatible DBAL version (c5ca05f1)
  • likes: comment listings are now correctly preloaded with likes info (f348802a)
  • session: correctly set httponly flag for remember_me cookie (91034947)
  • Hello,

    I was wondering what is the best security settings for the Elgg 3.3.8, as far of the accepting new users that register themselves.

    My site's settings are:
    Users:
     

    New users require manual validation by an administrator ( No)
    Allow user default access  (Yes)

    The settings on the control panel, and if you think that it is dangerous because of spammers and others, or if there is a stopper plugin or not. 

    I had it where I was approving, but then people try and never came back to fill up the profile. 
    Another thing is that I want to upgrade but, i'm worry about my plugins won't work with the higher Elgg versions.
    What could be your suggestion about the security of the site? Any ideas. Bookoflikes

  • @Book of Likes,

    I would recommend you enable the plugin User validation by Email. this will make at least sure the users have a valid (working) e-mail address. There are other spam helper plugins here on the community which you could have a look at.

    Updating Elgg with patches (so from 3.3.8 to 3.3.11) will always work without problems.
    Minor updates (from 3.3 to 3.4) should work but require a tiny bit of testing.
    Major updates (from 3.x to 4.x) will break everything and require extensive testing.