Thread

Hi Everyone,

We wanted to give you a heads up that we updated the Twitter Timeline plugin to address a security issue. We consider this one critical as it can result in unexpected information disclosure. Both ExpressionEngine 1 and 2 versions were affected. All users are encouraged to update to the latest version (tell your friends).

To update, simply download the appropriate version and replace the existing file in the plugin folder.

As with all security releases, we provide no further details to give our users time to update. If you have any questions or concerns, please contact our support staff.

Perhaps it’s quite important to verify that you downloaded the right Twitter Timeline upgrade.

The problem is that someone brought this subject up on #eecms Twitter yesterday, and I as perhaps some others soon after downloaded the apparent upgrade.

Checking today due to your post, Pascal, I find that the plugin wasn’t ready with its truly latest upgrade at the time I downloaded yesterday, so had to do it again and the installs today.

I believe the proper plugin within zipped folder should be dated 5/2/2011 (2 May 2011 in the surest timecoding), not some time confusingly close in April.

Leading us all perhaps towards more care than ever about Twitter, while keeping where it is useful.

Regards,
Clive

Is the download version for EE1 up-to-date, including the security patch?

Cole

If you downloaded in the last 48 hours, your files should be ok. We run our final tests on the package that we push out to the public, so the zip timestamp will always be a little behind.

Your changelog should read Version 1.3.3 for EE 1, and Version 1.4.3 for EE 2.

Does the plugin contain just one file?  I dropped it in my “Plugin” folder on the server, yet it’s not appearing in my plugins list in the CP.