ExpressionEngine 3.5.5 and 2.11.8 Released

by: Kevin Cupp on: 4/10/2017

We’ve got new builds of ExpressionEngine 2 and 3 with all the usual fixin’s, including several important security updates: we’ve mitigated a potential remote code execution vulnerability, SQL injection vulnerability, as well as improved cryptographic security when pseudo-random numbers are used.

In ExpressionEngine 3, you’ll also find you can add an option with a blank value to option fieldtypes such as the select dropdown. We’ve also added some handy debugging for that pesky “Disallowed Key Characters” error, just set $debug = 1;. There’s another dozen or so other fixes listed in the changelog.

As ExpressionEngine 2 approaches its retirement at the end of the month, we applied much of the same security fixes as well as sprinkled in a few helpful bug fixes. There’s even a new Discussion Forum release (3.1.22) that fixes a bug with editing member profiles.

For a complete list of changes, check our changelogs (3.5.5, 2.11.8).

.(JavaScript must be enabled to view this email address) or share your feedback on this entry with @ellislab on Twitter.

ExpressionEngine News

#eecms, #events, #releases