3 Vulnerabilities Fixed in Elgg 1.8.17

Elgg 1.81.7 released to address security and functionality issues

The developers of the open source social networking platform Elgg have released versions 1.8.17 and 1.7.20 to address three critical security holes and several functionality issues.

One of the vulnerabilities is a reflected cross-site scripting (XSS) flaw that impacts Elgg 1.8 installations. Another bug could have been leveraged to access the contents of sensitive files via a specially crafted request.

The third security fix addresses the problem of cryptographic keys generated with weak entropy. This is particularly problematic on Windows.

The issues have been reported by an anonymous user and by Mike Kasper. Those who find vulnerabilities in Elgg are advised to disclose them responsibly by sending an email to security@elgg.org.

Users are advised to update their installations as soon as possible. You can download Elgg from Softpedia’s Scripts section.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s