We are releasing SocialEngine PHP 6.4.3 to address a serious vulnerability reported to us. As this is a security release, we strongly recommend that everyone upgrade immediately. This vulnerability impacts all versions of SocialEngine PHP.
Clients with v6 access can download version 6.4.3 from our client dashboard. Clients who do not have access will need to purchase v6 access. All SocialEngine managed sites will be upgraded due to this vulnerability. Any on v5 will be set to the default Elpis theme. If you don’t want the default theme, please log into the client dashboard and open a ticket to request the v5 Serenity theme (which is upgraded now to v6).
A changelog is not available due to the nature of this vulnerability.
Please ensure that your server meets v6 requirements and recommendations before upgrading. As always we highly encourage all users to do a complete backup of both files and database before performing an upgrade. Please have the backup performed by your host or a developer if you’re not comfortable performing it yourself.
Important: There are special steps and patches for those upgrading from versions below v6. You will need to follow the special steps in the upgrading documents linked below before upgrading and applying the patches mentioned.
Fresh installs should follow our installation tutorial or you can order an installation and our team will get it installed in no time. To upgrade from a previous version to 6.4.3, please view our upgrade documentation.
We truly appreciate the client who informed us via a support ticket about this vulnerability.
With Great Appreciation,
The SocialEngine Team