Entry

ExpressionEngine 2.9.1 Released

by: Kevin Cupp on: 10/3/2014

ExpressionEngine 2.9.1 and Discussion Forum 3.1.17 are now available for download. ExpressionEngine 2.9.1 is a security and stability release recommended for all users. In addition to improving security, it includes over 40 bug fixes. Some of the more noteworthy bug fixes or improvements to functionality or security are:

  • Made {cp_edit_entry_url} available to Admin Notification of New Entry.
  • Improved Control Panel custom theme organization: view files can now be stored in a views subfolder.
  • Fixed several issues with Grid regarding entry saving and compatibility with third-party content types.
  • Fixed a bug where the site index template would be rendered after the site’s 404 template.
  • Fixed a bug where orderby="random" in Channel Entries would not work properly with pagination.
  • Fixed potential SQL injection vulnerabilities in the control panel.
  • Fixed potential XSS vulnerabilities in the control panel.
  • Removed some unnecessary queries when displaying category images (thanks to Robson Sobral).

For a full list of changes, head over to the change log.

This release contains quite a bit more security fixes than normal, but it shouldn’t cause alarm. We’ve recently opened ExpressionEngine up to white hat security researchers to report even the smallest issue. Most of the potential attacks found involve attacking yourself or the existence of a malicious admin, but we still recommend this update for all users. We’re committed to the hardening of our software to keep your data safe and remain one of the most provenly secure web platforms out there.

.(JavaScript must be enabled to view this email address) or share your feedback on this entry with @ellislab on Twitter.

ExpressionEngine News

#eecms, #events, #releases