MAINTENANCE RELEASE EasyBlog 5.3.4 is now available! Learn more about EasyBlog 5.3.4 ✨

Security Update For EasySocial 2.0.19

Security Update For EasySocial 2.0.19

It has always been our priority in ensuring that all our products are safe from any exploits. Today, while the team are in the midst of working on EasyArticles and EasySocial 2.1, a security analyst provided us with some insights on the way EXIF information was being processed in EasySocial which may lead to an unwanted xss attack. 

This possible mode of attack could affect sites that are processing EXIF metadata on photos uploaded on the site. If your site doesn't have EXIF installed or if you have already disabled this feature, you will not be affected but you are advised to update to the latest release as this release addresses the way EXIF metadata are being processed and on top of that, we have also included some bug fixes and minor enhancements into this update as well.


Update Soon

If you are using any versions prior to 2.0.19, kindly update to the latest version as soon as you can. Should you need any assistance with updating to the latest version, get in touch with us on our forums and our support guys will be there to assist you with the update. Please also refer to the link below for the changes and fixes applied in this update. 



Subscription Expired?

If you have an expired EasySocial license, you could use the coupon code [SOCIAL25] obtain 25% discount for your renewals. Please note that this coupon code valids till June 4th, 2017. 


Credits

All credits goes to Pedro (@tunelko) for discovering this loophole. 


Patch Files

We understand that not every customer is running on EasySocial 2.x or is not ready to upgrade their site yet. Therefore we urge you to download the patch file below for prior releases and patch it to your site. There is only a single file involved, you just need to extract the zip file and upload the photo.php file into the folder /administrator/components/com_easysocial/tables and you are good to go.


 

Comments (11)

Hello,

My site is running EasySocial v1.4.7 and I applied the patch: Patch file for EasySocial 1.4.x

in the path but now none of the EasySocial Main Menu links are loading?

Regards,
Imran

Comment was last edited about 2 years ago by Mark Mark

Hm, perhaps there was some change since 1.4.7. Can you try this file.

I'm afraid, it did not fix the issue.

Regards,

Hello Mark,

That's the error I'm getting on the site:

"Strict Standards: Declaration of EasySocialControllerMain::checkToken() should be compatible with JControllerLegacy::checkToken($method = 'post', $redirect = true) in Youth.Studio/administrator/components/com_easysocial/includes/controller.php on line 34"

Regards,
Imran

Hm, that is a different issue altogether and it does not get affected in this patch. I believe you probably updated to Joomla 3.7 but using a much older version.

Hello Mark,

Sorry, about that.
Yes, you're right. I just had technical support from the hosting provider, the error was due to the gzip compression issue since the Joomla 3.7.1 update.

Best regards,
Imran

No problem Glad that your issues are all sorted out now.

Would this patch affect the ability to cycle through images (right or left) - see attached - as my buttons dont seem to work on multiple browsers now..

Nope, this patch doesn't affect the front end. Only when processing uploaded photos.

If I renew, I will start a ticket I guess

Sure, if you have any support related inquiries, please use the forums

There are no comments posted here yet
Subscribe for product updates & promotions