We’ve got new builds of ExpressionEngine 2 and 3 with all the usual fixin’s, including several important security updates: we’ve mitigated a potential remote code execution vulnerability, SQL injection vulnerability, as well as improved cryptographic security when pseudo-random numbers are used.
In ExpressionEngine 3, you’ll also find you can add an option with a blank value to option fieldtypes such as the select dropdown. We’ve also added some handy debugging for that pesky “Disallowed Key Characters” error, just set
$debug = 1;. There’s another dozen or so other fixes listed in the changelog.
As ExpressionEngine 2 approaches its retirement at the end of the month, we applied much of the same security fixes as well as sprinkled in a few helpful bug fixes. There’s even a new Discussion Forum release (3.1.22) that fixes a bug with editing member profiles.