Security Release: PeepSo 2.2.4 & Gecko Theme 2.2.4.0

This security release is recommended for everyone using the file uploads feature in the Audio & Video plugin.

Audio & Video file upload vulnerability

A few days ago it was brought to our attention that the Audio Uploads feature allows uploading other file types. According to preliminary research, files such as PHP or HTML were not going through, which meant the severity of the issue is rather low.

After some more digging we were able to replicate the issue on some browsers combined with certain server setups. As far as we know there is no meaningful way to exploit this by uploading malicious files, nevertheless we decided to tighten up the security just in case and release it as PeepSo 2.2.4.

Other Changes

No other changes were introduced in the Gecko theme nor any other PeepSo plugin, as this version is only shipping a patch to the aforementioned issue.

If you’re not using Audio & Video uploading features you can skip this release and wait for PeepSo 2.2.5. It should come out next week according to our regular two week release cycle.

Brought to you by PeepSo Team Matt Jaworski
I am a professional nerd with **over a decade of experience** in the field of Open Source web development. Before [PeepSo](https://PeepSo.com) I was a contractor and have helped build successful businesses around the world, including USA, UK, Germany, Indonesia and Malaysia. Stepping up from the role of contractor to business owner, I became [PeepSo](https://PeepSo.com) founder and Chief Technology Officer. I strive to build beautiful, fast and functional software that **empowers the users to build their own digital tribes with full autonomy and freedom** often not available on the mainstream social networking media. As a **location independent** *digital nomad* I travel almost constantly, although over the past five years I have spent most of my time in Indonesia and Malaysia.

Reactions & comments

Join Our Community!

Join us to discuss PeepSo's features, connect with the development team and give suggestions.

@peepso_user_14699(kovin albert)
I think to upgrand my hosting to VPS plan so that My users could be able to upload videos
3 months ago
@peepso_user_14699(kovin albert)
@peepso_user_10(Matt Jaworski) yes i just check them on their website it looks great and very interesting I’ve already connected with them

Thank you
3 months ago
@peepso_user_10(Matt Jaworski)
@peepso_user_6203(Brijawi L.) video uploads require in-depth technical knowledge so if you can't do it and your hosting can't do it then you'll need to hire a sysadmin
3 months ago
@peepso_user_16397(Marcos Salazar)
Hi - I just updated and I am getting a notification:

The following PeepSo add-on plugins are incompatible with PeepSo Foundation 2.2.4. Please update PeepSo Foundation and the add-on plugins to avoid conflicts and issues.
Core: Audio & Video (2.2.3)
Extras: AutoFriends (2.2.3), Email Digest (2.2.3)
Core: Polls (2.2.3)
Extras: User Limits (2.2.3), VIP (2.2.3), WordFilter (2.2.3)
Core: Friends (2.2.3), Groups (2.2.3)
Monetization: LearnDash (2.2.3)
Core: Chat (2.2.3), Photos (2.2.3)
Monetization: WooCommerce (2.2.3)

Are all the others going to be updated soon?
3 months ago
@peepso_user_10(Matt Jaworski)
@peepso_user_16397(Marcos Salazar) you should never update the Foundation until all updates are available in your backend. We release everything at once, but sometimes it might get out of sync if something is not working right on your end.

If you can't see updates of the child plugins you can use the [Rollback](https://wordpress.org/plugins/wp-rollback/) plugin to take the Foundation back to the previous version. When all is on 2.2.3, it will work fine.

After that [contact us](/contact) and we will check why the updates are not showing.
3 months ago
@peepso_user_16397(Marcos Salazar)
@peepso_user_10(Matt Jaworski) Thanks for the heads up! Yes, I was able to update them individually and will wait till they are all available in the future!
3 months ago