Thread

A security and maintenance release for 1.7.1 is now available for download.  The release addressed a critical bug where each member’s settings for ‘Enable Avatar’ and ‘Enable Signatures’ were reset to ‘No’ when preferences were updated in the control panel’s General Configuration page.  The release also addresses a security issue where an SQL injection was at least theoretically possible.  There are no known cases of a successful exploit and such an attack could only be executed by someone with control panel access and access to the admin area with “Can administrate general preferences”.

Given the potential security exploit (however unlikely) and the chance for data loss, we decided a small, fast release to address these issues was in order.  This release is recommended for all users.

Is there anyway you could let us know which files changed just this one time? I have a lot of hacks (including all the language files) and just went through this three days ago with the previous update. Pretty please…? 😊

😉  It’s the system/cp/cp.admin.php file.  Replace that and you’ll be fine.  For the build to be correct- replace core.system.php as well- but not doing so won’t hurt anything.

Thanks…much appreciated!

Not a problem- this one really was a quick fix out the door.  Just did not want to take a chance on someone goofing up all of their members’ settings!