This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.
The active forums are here.
June 26, 2008 8:33pm
Subscribe [10]#1 / Jun 26, 2008 8:33pm
Development of 2.0 is still in full swing, and we know everyone is looking forward to the new version, but we are still committed to keeping 1.x best in class, and keeping our high standards for quality and security. With that in mind, we are today releasing ExpressionEngine version 1.6.4, a maintenance and security release and is recommended for all users.
#2 / Jun 26, 2008 8:51pm
First!
I got real excited when i saw 2.0… rats.
#3 / Jun 26, 2008 11:46pm
Updated without any hassles. Thanks EE.
#4 / Jun 27, 2008 5:39am
A big thanks from me to the development team for the continued support on the 1.6.x branch. Fantastic amount of work that must have gone in there.
Absolutely brilliant. 😊
Best wishes,
Mark
#5 / Jun 27, 2008 10:21am
Looks like the link to EE’s documentation on the Downloads page is hosed.
#6 / Jun 27, 2008 10:31am
What versions are affected by the cross-site scripting vulnerability?
We have a couple of clients who didn’t pay for upgrade so they are still using 1.4 or 1.5.
Thanks!
#7 / Jun 27, 2008 10:55am
Yawn, not sure it’s worth upgrading a site that’s a brand new dev site, hopefully all would go well making the jump from 1.6.3 to 2. I know that’s not the official line on production sites, but w/ my dev so far stuff I think I’ll be ok?
Thanks for keepin’ on.
#8 / Jun 27, 2008 11:01am
Thanks for the report about the documentation, Markus; I’ve let the team know.
#9 / Jun 27, 2008 11:04am
What versions are affected by the cross-site scripting vulnerability? We have a couple of clients who didn’t pay for upgrade so they are still using 1.4 or 1.5.
From what we know so far (no sites are known to have been affected by this), all previous versions of EE are potentially vulnerable. Upgrading is definitely recommended.
#10 / Jun 27, 2008 11:32am
Is there a patch that can be applied to old versions to fix the cross-site scripting vulnerability?
We have over 40 clients running different EE versions. Upgrading all of them just before a long weekend is a lot of work.
Thanks.
#11 / Jun 27, 2008 11:43am
@the wire - email me (not PM please), via my profile page and I’ll give you a patch that should hold you over until you have time to update your client sites. This update is a fairly trivial thing in terms of time and difficulty, but I can understand needing a bit more time to get to 48 or so sites.
#12 / Jun 27, 2008 11:44am
@Markus, thanks for the heads up, the docs download is functional now.
#13 / Jun 28, 2008 7:05am
This is great news as I’ve just installed my very first EE 1.6.3 - However, where can I find this upgrade !?
Cheers!
#14 / Jun 28, 2008 7:13am
You can find the new version in the download area, as always.
#15 / Jun 28, 2008 7:16am
Thanks Ingmar - Still new to EE and trying to figure my way around. Great stuff so far!