All our EE2 sites are displaying:
“An ExpressionEngine version 2.11.6, build 20170207 has been released as a security release”
Does anyone have any details about what security vulnerabilities are being addressed? Are they specific to version 2.11 or a general security vulnerability in all EE2 sites?
The security fixes in the latest release do affect older versions, not just 2.11. This issue was introduced from CodeIgniter, undiscovered until now, so it affects all versions of ExpressionEngine 2.0.0+. While most security patches you see throughout the software world are not highly exploitable, they are always recommended updates for all users.
Security is top priority in ExpressionEngine. If you skim the changelog you’ll see a steady stream of security enhancements. Keeping clients current is in their best interests.
Packet Tide owns and develops ExpressionEngine. © Packet Tide, All Rights Reserved.