This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.
The active forums are here.
April 07, 2011 6:22pm
Subscribe [4]#1 / Apr 07, 2011 6:22pm
Updates for all versions of ExpressionEngine have been released today in order to incorporate several security improvements and critical bug fixes. No sites are known to have been affected by the security issues, all of which are obscure. However, it is a possibility, and therefore this update is recommended for all users.
#2 / Apr 07, 2011 6:55pm
Would this mark the release of 2.1.4 ?
#3 / Apr 07, 2011 7:00pm
No- the current stable branch 2.1.3 and the 2.1.4 beta branch both were build updates, so version numbers stay the same. It was really a security and critical bug fix for both of those.
1.7.0 got a version upgrade to 1.7.1- and a larger number of bug fixes as it hasn’t had a release in a while. And we needed the version update to make some mysql changes to get it compatible w/5.5+.
The big file management changes didn’t make it into 2.1.3/2.1.4.
#4 / Apr 08, 2011 12:16pm
I’d love to hear the impetus behind the new unique_marker function and how we can use it.
#5 / Apr 08, 2011 5:24pm
It’s just used to randomize markers- it generates a unique once per page load. Just be sure to namespace it reasonably.
In truth- not used a ton, but handy if you need it!
#6 / Apr 10, 2011 11:18pm
I am using version 2.1.3 that I downloaded a month ago. Do I need to update it as we have several customers using this release without issues? There are only two items that I really need from the update, so is there a way to manually install these two items without going through entire update process? Interested in:
◦Improved XSS filtering of input data to prevent an XSS vulnerability (I do use this feature but it depends on the XSS vulnerability)
◦Fixed a bug (#15202) where saving an entry with a date in DST while you’re not in DST (or the opposite) caused the date to increase or decrease by an hour.
Bryan
#7 / Apr 11, 2011 6:30pm
bgarrant, it really is a good idea to update for security releases. I’ll admit I likely have some old personal sites on archaic versions, but I wouldn’t recommend it.
On the plus side- this is a build release rather than a version release- there are no changes to the database, so it’s a matter of replacing the files. That said- we ran into a glitch with the 2.x builds- see April 7th ExpressionEngine 2 Release Temporarily Rolled Back- so you’d want to wait for that to be resolved before proceeding.
But yes- for a security fix, it’s a good idea to get current. And this one has some critical bug fixes in it as well, so there’s an added benefit.