Elgg 1.8.5 Released

Elgg 1.8.5 is now released Worldwide. This version consists of three major security enhancements to keep your network safe, upgrade your old version soon.

Following are the resolved fixes with the names who reported them:-

  • Prevents a potential XSS attack against users who click a specially crafted URL – Yang Dingjie of Qualys
  • Closes a loophole which allowed users to create a new account without requiring validation – Pawel Sroka
  • This bug is not exploitable for most Elgg installations, this fix addresses an access bug that could inadvertently reveal private entities to users who wouldn’t otherwise have access – Mike Hedman

Some more notable bugfixes were made:

  • Networks that have enabled the Twitter API plugin, new users are redirected to the correct page after creating an account with Twitter.
  • Instead of downloading PDF files, displaying them in the browser directly to users computers.
  • Some upgrade issues were Fixed related to the system log.
  • CHANGES.txt file will show full list.

Six developers who contributed their efforts for this release are:

  • Brett Profitt
  • Evan Winslow
  • Steve Clay
  • Sem
  • Jeroen Dalsem
  • Jerome Bakker