Elgg 1.7.3 security release

Elgg 1.7.3 has been released and addresses a security vulnerability.  Users are encouraged to upgrade immediately.  Visit the blog for more information.

  • I knew there was more to it than the script. Couln't the file names be different?

    Thanks Cash!

  • Followed instructions dragging files using Filezilla (1.7.3 over 1.7.1). Didn't ask for any file overwrite permissions, which seemed odd, no?

    Now, no website loading. Page not redirecting poperly....

    I have .htacces and .htaccess_dist on my server. _dist has less lines of code. The .htaccess has this-

    RewriteCond %{THE_REQUEST} !^[A-Z]+\ .*/cpanel
    RewriteCond %{THE_REQUEST} !^[A-Z]+\ .*/pwiki
    RewriteCond %{THE_REQUEST} !^[A-Z]+\ .*/search
    RewriteCond %{THE_REQUEST} !^[A-Z]+\ .*/test.php
    RewriteCond %{THE_REQUEST} !^[A-Z]+\ .*/index.php
    RewriteRule ^([A-Za-z0-9\.\_\-\@]+/?)$ pg/link/$1

    Where the .htaccess_dist does not. I drah _dist to desktop then drop back over .htacess yes? Now .htaccess is less the above code!

    No website! Nice!


  • Okay I manually changed the .htaccess too out the above code and it works. This is not easy to do for beginners like me! Need exact details of how to replace .htaccess with .htaccess_dist, I still may not have it correct!

    Anyways site is up, profiles and groups get me 404 error, help! Tried old profile from 1.7 didn't help!

  • Pkay something to do with Vazco URL, so we seem to be getting there.

  • @TahoeBilly:

    If you made any changes on your own in the old .htaccess file, you should make the same changes in htaccess_dist. The you can just rename htaccess_dist to .htaccess, i.e. overwrite the old .htaccess file.

    Have you executed upgrade.php already? Maybe it's best to disable all non-core plugins prior the upgrade. If you made sure that the upgrade was successful, you can enable the non-core plugins again, maybe one at a time to check if any are not compatible with Elgg 1.7.3.

  • Elgg version : Release - 1.7, Version - 2010030101

    I hope this is the correct version!

    iionly thanks for tips, I think I moving along...

  • On my site it says:

    Elgg version : Release - 1.7.3, Version - 2010071002

    So I would say you haven't run the upgrade.php script yet, it hasn't been completed, or there might have been a problem with copying the files. You said that there was no response asking for permission to overwrite the files, so there are maybe still the files of version 1.7.0 on your server and the Elgg 1.7.0 uggrade script. The .htaccess file might not fit then if you copied it separately from the 1.7.3 htaccess_dist file.


  • Elgg version : Release - 1.7.3, Version - 2010071002

    I don't know what I did, no, I think I had my Filezilla set wrong to NOT overwrite...anyways, now it says Dbase upgraded and so on, shows above version.

  • iionly thanks so much!! So I am up and running. Should I do a final check of .htaccess somehow?

    If it runs is that good, or might I be missing some security? Also not sure but my Vazco URL is not working right, maybe needs configuration...I didn't install it, otherwise yea we have 1.7.3 and runs clean!

  • Have you replaced .htaccess with htaccess_dist already? If yes, and everything apart from vazco_url runs fine, I would say your upgrade is finished. Maybe it's best to ask Mike directly about the vazco_url issue. It could be a compatibility issue with 1.7.3 as I believe there were some changes in profile picture handling introduced with 1.7.3 that could conflict with the current version of vazco_url.

This discussion is closed.

This discussion is closed and is not accepting new comments.

Feedback and Planning

Feedback and Planning

Discussions about the past, present, and future of Elgg and this community site.