Pending Members Issue Fixed in 2.2.2

A forum thread popped up with a potential issue with how EE 2.2 treats members with the status of pending. Forum user “CrescendoNZ” (who tweeted about it) reported an issue where pending members are able to log in with all of the privileges of normal members. Well, that’s not good.

EllisLab technical support jumped in to look at the issue and confirmed the problem, created a bug report and now the fix is available in EE 2.2.2.

From the blog post announcing EE 2.2.2:

A change in behavior was introduced in 2.2 with respect to the “Pending” member group’s ability to log in to an ExpressionEngine web site. While template access restrictions, and member group access permissions are customizable for this special member group, previous versions of ExpressionEngine did not allow members assigned to this group to log in, but 2.2 did. The change was substantial enough to treat it as a critical bug for the small percentage of sites that are affected by this behavior, prompting today’s release.

If you are running EE 2.2 and requiring activation for new members (which would use the Pending member group), you should check your install and see if it is affecting you. This has been confirmed in EE 2.2.1. The best thing to do is to update to the latest version.