EasySocial 2.1 Teaser

Security Update For EasySocial 2.0.19

Security Update For EasySocial 2.0.19

It has always been our priority in ensuring that all our products are safe from any exploits. Today, while the team are in the midst of working on EasyArticles and EasySocial 2.1, a security analyst provided us with some insights on the way EXIF information was being processed in EasySocial which may lead to an unwanted xss attack. 

This possible mode of attack could affect sites that are processing EXIF metadata on photos uploaded on the site. If your site doesn't have EXIF installed or if you have already disabled this feature, you will not be affected but you are advised to update to the latest release as this release addresses the way EXIF metadata are being processed and on top of that, we have also included some bug fixes and minor enhancements into this update as well.


Update Soon

If you are using any versions prior to 2.0.19, kindly update to the latest version as soon as you can. Should you need any assistance with updating to the latest version, get in touch with us on our forums and our support guys will be there to assist you with the update. Please also refer to the link below for the changes and fixes applied in this update. 



Subscription Expired?

If you have an expired EasySocial license, you could use the coupon code [SOCIAL25] obtain 25% discount for your renewals. Please note that this coupon code valids till June 4th, 2017. 


Credits

All credits goes to Pedro (@tunelko) for discovering this loophole. 


Patch Files

We understand that not every customer is running on EasySocial 2.x or is not ready to upgrade their site yet. Therefore we urge you to download the patch file below for prior releases and patch it to your site. There is only a single file involved, you just need to extract the zip file and upload the photo.php file into the folder /administrator/components/com_easysocial/tables and you are good to go.


 

Comments (11)

Hello,

My site is running EasySocial v1.4.7 and I applied the patch: Patch file for EasySocial 1.4.x

in the path but now none of the EasySocial Main Menu links are loading?

Regards,
Imran

  Attachments
Your account does not have privileges to view attachments in the comment
  Comment was last edited about 1 month ago by Mark
  1.    Imran

Hm, perhaps there was some change since 1.4.7. Can you try this file.

  Attachments
Your account does not have privileges to view attachments in the comment
 
  1.    Mark

I'm afraid, it did not fix the issue.

Regards,

  Attachments
Your account does not have privileges to view attachments in the comment
 

Hello Mark,

That's the error I'm getting on the site:

"Strict Standards: Declaration of EasySocialControllerMain::checkToken() should be compatible with JControllerLegacy::checkToken($method = 'post', $redirect = true) in Youth.Studio/administrator/components/com_easysocial/includes/controller.php on line 34"

Regards,
Imran

  Attachments
Your account does not have privileges to view attachments in the comment
 
  1.    Imran

Hm, that is a different issue altogether and it does not get affected in this patch. I believe you probably updated to Joomla 3.7 but using a much older version.

  Attachments
Your account does not have privileges to view attachments in the comment
 
  1.    Mark

Hello Mark,

Sorry, about that.
Yes, you're right. I just had technical support from the hosting provider, the error was due to the gzip compression issue since the Joomla 3.7.1 update.

Best regards,
Imran

  Attachments
Your account does not have privileges to view attachments in the comment
 
  1.    Imran

No problem Glad that your issues are all sorted out now.

  Attachments
Your account does not have privileges to view attachments in the comment
 

Would this patch affect the ability to cycle through images (right or left) - see attached - as my buttons dont seem to work on multiple browsers now..

  Attachments
Your account does not have privileges to view attachments in the comment
 
  1.    Haki Saki

Nope, this patch doesn't affect the front end. Only when processing uploaded photos.

  Attachments
Your account does not have privileges to view attachments in the comment
 
  1.    Mark

If I renew, I will start a ticket I guess

  Attachments
Your account does not have privileges to view attachments in the comment
 
  1.    Haki Saki

Sure, if you have any support related inquiries, please use the forums

  Attachments
Your account does not have privileges to view attachments in the comment
 
There are no comments posted here yet

Subscribe To Our Blog

Subscribe to our blog by entering your email address:

Thanks! You have subscribed to our newsletter.

EasyArticles Alpha Released

Monday, 17 July 2017 by Sylvie

Introducing EasyArticles

Thursday, 25 May 2017 by Mark

Joomla 3.7.1 Security Release Available

Wednesday, 17 May 2017 by Mark

Echo Template Released

Tuesday, 24 January 2017 by Sylvie

ConverseKit 1.0.3

Friday, 20 January 2017 by Sylvie