A new security release of ExpressionEngine CMS is available. Version 1.7.1 is now available for download and addresses a <a href="http://expressionengine.com/bug_tracker/bug/15753/" target="_blank" rel="noopener noreferrer">critical bug</a> where each member’s settings for ‘Enable Avatar’ and ‘Enable Signatures’ were reset to ‘No’ when preferences were updated in the control panel’s General Configuration page.  The release also addresses a security issue where an SQL injection was at least theoretically possible.  There are no known cases of a successful exploit and such an attack could only be executed by someone with control panel access and access to the admin area with “Can administrate general preferences”.
You can learn more about this release on the <a href="http://expressionengine.com/blog/entry/version_1.7.1_build_20110520_security_and_maintenance_release/">ExpressionEngine blog</a>.

ExpressionEngine 1.7.1 Security Release available

mike-johnston company logo

mike-johnston

mike-johnston Profile

A new security release of ExpressionEngine CMS is available. Version 1.7.1 is now available for download and addresses a critical bug where each member’s settings for ‘Enable Avatar’ and ‘Enable  Signatures’ were reset to ‘No’ when preferences were updated in the  control panel’s General Configuration page.  The release also addresses a  security i...