Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
+2 votes
in Q2A Core by
edited by

I still use version 1.7.5 and was wondering if it is less secure than the more up to date 1.8.6

Considering how simple it is to upgrade, this question should be irrelevant. Have you tried my suggested process to upgrade from a potentially broken installation?


1 Answer

+1 vote

Generally speaking: yes. It's practically always advisable to keep software up to date, because new versions fix known (potentially exploitable) bugs in older versions.

For more information you can review the version history. From a quick glance notable security improvements appear to be:

  • Security fix: prevent use of <embed> and <object> tags. (v1.8.4)
  • Reworked file cache to securely allow cache inside web root. (v1.8.0 beta 2)
  • Password security has been upgraded from sha1 to use PHP's password_hash function where available. (v1.8.0 beta 2)

You should also keep PHP, your webserver and your database updated, since those are part of the system's attack surface as well.