Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with Google Sign In with OpenID

Elefant 2.0.4 - Security update

Elefant 2.0.4 has been released with a number of security improvements, as well as a number of bug fixes and other improvements.

Click here to download or update.

Security updates:

  • Fixed url decoding happening after validation on some file uploads
  • Increased restrictions in htaccess files
  • Added .phtml, .pht, .php3, .php4, and .phar to restricted uploads
  • Limit profile photo uploads to .jpg and .png
  • Verify .csv and .vcf user imports


  • Added responsive embed code for YouTube videos
  • Added superscript button to wysiwyg editor
  • Added social/cookienotice helper for cookie law compliance
  • Added .e-col-15 to minimal-grid.css
  • Added $.recenter_modal() to modal.js and auto-resize on window resize
  • Close modal dialogs by clicking away
  • User ID from API tokens is now available via user\Auth\HMAC::$user_id
  • Added --no-symbols option to ./elefant generate-password
  • Allow $page->add_style() with ?v= appended to stylesheet links for cache busting
  • Added month limit to blog archives sidebar
  • Re-enabled caching on blog archives sidebar

Bug fixes:

  • Fixed thumbnail preview in blog edit form
  • Fixed potentially skewed profile photos in accounts
  • Fixed validation errors in RSS output
  • Admins should be able to preview scheduled posts
  • Fixed admin toolbar not correctly fetching list of apps
  • Fixed use of undefined constant in admin toolbar
  • Strip script and style tags from open graph post descriptions
Sign In or Register to comment.