magic apps

Send private message

You must be logged in to send a private message.


No friends yet.

Group membership

  • Beginning Developers

    Beginning Developers

    This space is for newcomers, who wish to build a new plugin or to customize an existing one to their liking


  • magic apps added a new discussion topic Plugin compatibility 2.0 vs 2.3? & Security in the group Beginning Developers
    1. Before I decide which Elgg version I am going to use, I notice some of the apps don't say they are 2.3 compatible.  are some of the old plugins (for 2.0 and 2.2) still compatible with the 2.3, or is it likely they need to be...
    • Elgg tries to keep its API within major versions as backward compatible as possible. That means that a plugin written for Elgg 2.0 - 2.2 should also work on Elgg 2.3. For Elgg 1.10 the backward compatibility of the API efforts started with Elgg 1.10, so a plugin written for Elgg 1.10 should still work on Elgg 1.11 and 1.12. But you can't expect a plugin released for any 1.x version of Elgg to work on Elgg 2.x.

      Only in rare cases a plugin releases for an older 2.x version might not work on more recent versions of Elgg 2 because the plugin author might have been too creative in his usage of the Elgg API in ways not expected by the Elgg core developers or using some plugin specific code that might not be compatible with later versions of Elgg even if the API as such is stable. If a plugin author hasn't updated the compatibility info you can just try the plugin on more recent versions of Elgg and it will work in almost all cases. Or you could ask the plugin author on a plugin page directly if he expects any issues.

      Regarding the security question I don't know what to tell you. On the one hand, Elgg hasn't had any security issues "in the wild" I know of for many years. On the other hand, there's never a 100% guarantee that a code of a certain complexity is free of issues not yet discovered. That's not only the case with Elgg but the same with Wordpress, Jomlaa etc. And I also don't think that Wordpress has been bullet-proof security-wise over the years at all!

      You can read about the upgrade policy of Elgg at So, Elgg 2.3 will get security fixes until the release of Elgg 5.0 which means at least about 2 years after the release of Elgg 3.0. And until then you might not want to stay on Elgg 2.3 anyway not mainly due to security fixes but maybe also to be able to take advantage of new features and other improvements added by then.

    • To expand on iionly excellent answer.

      Elgg since 1.10 follows Semver ( which means a plugin made on 2.0 must be able to work on every higher minor version (so 2.1, 2.2, etc).

      In 3.0 Elgg can break the API so this plugin could stop functioning.

      Regarding security.

      I know that several security audits have been done on Elgg websites throughout the years. This is no guarantee that Elgg is perfect, but in the audits I know about no issues were found.

      If you want to be secure always use the latest version of Elgg (currently 2.3.x)