We want to hear from you more regularly, and give a voice and platform to those who may not engage via public channels, or are typically just too busy to do so. So we are spinning up an ExpressionEngine Focus Group Program. By opting in to this program, you will receive opportunities to participate in surveys, live chats, gain access to previews, and more!
What are you waiting for? Join today!
This is a guest post from Matt Weinberg, Co-Founder, and Ben Smith, Technical Lead, of the New York City based interactive digital agency, Vector Media Group. The Vector team has immense experience with ExpressionEngine, including on high profile and high traffic sites. Find out below how they implemented Elasticsearch1 for blazing and powerful site searching in ExpressionEngine for a recent client.
We love ExpressionEngine and are always looking for new and exciting ways to integrate it with
We are giving away two tickets to this year’s UpFront Conference in Manchester, UK on May 19. That’s a £228 ($357) value! As the name indicates, UpFront is all about the front-end, and is for anyone who makes the bits we see and interact with on the web. ExpressionEngine CMS has always been the designer’s friend, so we are sponsoring and sending two happy customers to the conference.
To enter, tweet why you love ExpressionEngine, following the official rules:
- Tweet a brief reason why you
On March 24, 2015, hackers executed an attack to gain unauthorized access to EllisLab’s servers. The attackers may have obtained personal information relating to members registered at EllisLab.com. Just to be safe, we are recommending all users change their passwords, and we apologize for any inconvenience.
At 10:49am PDT on March 24, 2015, an attacker logged into EllisLab.com with a Super Admin’s stolen password. The perpetrator then uploaded a common PHP backdoor script (a WSO
ExpressionEngine 2.10.1 is now available for download. It fixes a few bugs we noticed in a some installs of 2.10.0.
For a full list of the changes, take a look at the change log.
ExpressionEngine 2.10.0 introduced a new MIME type detection library. We use
this library in our upload code to ensure the file being uploaded is safe. We now
PHP’s Fileinfo extension, which
they note “is enabled by
default as of PHP 5.3.0,” and we have updated our
server compatibility wizard to check for
Fileinfo. We have made the assumption that most hosts have
Fileinfo available, however, it can be explicitly disabled via the
--disable-fileinfo configuration option when compiling.
ExpressionEngine 2.10.01 has been released as a security and stability release, along with Discussion Forum 3.1.19. These upgrades are recommended for all installations. Some of the security enhancements include:
- File uploads are now validated against a whitelist of acceptable MIME types.
- Added a config override to blacklist certain filenames from being uploaded.
- Added hidden file upload prevention.
.htaccessto images directory to prevent execution of PHP files.
If you’re within a drive or short flight to Minneapolis, and don’t have plans for April 13–14, you should really check this conference out. With three tracks and topics on design, front-end development, content strategy, and work, there is something for everyone. Register today!
ExpressionEngine 2.9.3 has been released and is a stability release with 11 minor improvements, 44 bug fixes, 3 developer enchancements, and is recommended for all installations. This release mostly cleans up some small annoyances, but has a few relevant changes that will improve your site and how you work. For example:
- Fixed a bug (#20621) where fieldtype modifiers were not working in conditionals unless they were braced and quoted.
This change means that you should be able to stop using