@Carlos:
He is right ;)
If you go back thru the Elgg Releases' Notes;
only find a simple reference to 'security fixes' --
with no details of what the security holes were that got fixed
( makes us more secure ).
These usually may have been XSS fixes - investigated and reported
by " those who research " this aspect ;)
And so... " always a good idea " is a good idea.. ;-P
Yes, you are bpth right, maybe I oversimplify my expression. I understand there are a lot of different risks in not keeping the scripts updated, not only in the topics I mentioned. Our implementation is highly customized, so we delayed the upgrades because it will surely require lot of rewriting, but ok, this seems to be the right moment :)
Hi Morgar,
I've also been rewriting plugins originally written for Elgg 1.5 or earlier and yes, rewriting them correctly for 1.8 is quite a bit of work.
The good side is that the database changes have not been huge - it is more the API and look and feel changes that affect the code.
To be honest, I wasn't that motivated to make major changes for Elgg 1.7. Sure, the new API functions were more convenient but that helps only when creating new code. For existing code, my attitude was: if it ain't broke, don't fix it. So I just added some security tokens and kept going.
For Elgg 1.8 there is no such simple fix. Moreover, the design changes and the new sticky form system are such an improvement that it is worth taking the time to rework my plugins from the ground up.
I keep telling myself that the effort will be worth it once I'm done digging my tunnel to the other side of the mountain.
:)
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by Raül Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.