Today I released wp-SwimTeam v1.45 which fixes a possible security problem I was alerted to as well as addresses a number of bugs. The CSV roster export bug was the primary issue holding up getting this release out, I fixed the security problem last week.
It turns out I had implemented a method in both a parent class and (redundantly) in a child class as well. The RE1, SDIF, and HY3 exports all (properly) used the method from the parent class but the CSV export was using the child class version. It took me a while to sort it out as I was staring at the wrong code trying to determine what was wrong. It turns out, nothing was wrong, I was just looking in the wrong place. Once I removed the redundant method declaration, everything resumed working as it should.
I think I have resolved all of the multi-site issues, please let me know if you run into any more.
Earlier today I received a report of a security bug in wp-SwimTeam. While the security flaw is true, I believe the ability to take advantage of the exploit is pretty hard is it would require knowing the value of a WordPress site’s ABSPATH value. It is certainly possible to guess the value in some cases but without knowing the proper value, the exploit simply fails.