Elgg 1.8.9 and 1.7.16 released

Elgg 1.8.9 has been released with over 30 resolved tickets and numerous enhancements.

This release, and the accompanying 1.7.16 release, contain crucial security enhancements. To keep your network safe, we urge you to upgrade as soon as possible. If you must delay upgrading, we've written step-by-step guides to help you manually patch Elgg 1.8 and Elgg 1.7 systems in the meantime.

Without the fixes in these releases an attacker could inject scripts into some pages or trigger a denial of service on a site.

There are, of course, many other improvements and fixes to make upgrading worth your while!

  • UX: A group's owner can transfer ownership to another member
  • UX: Titles containing HTML tokens are never mangled
  • UX: Search queries persist in the search box
  • UX: Empty user profile values saved properly
  • UX: Blog creator always mentioned in activity stream (not user who published it)
  • UI: Fixed ordering of registered menu items in some cases
  • UI: Embed dialog does not break file inputs
  • UI: Datepicker now respects language
  • UI: More reliable display of access input in widgets
  • UI: Group edit form is sticky
  • UI: Site categories are sticky in forms
  • API: Language fallback works in Javascript
  • API: Fallback to default viewtype if invalid one given
  • API: Notices reported for missing language keys
  • Several (X)HTML validation improvements
  • Improved performance via more aggressive entity and metadata caching
  • Memcache now safe to use; never bypasses access control
  • BC: 1.7 group profile URLs forward correctly
  • BC: upgrade shows comments consistently in activity stream

To get all these security fixes and improvements, download and upgrade to Elgg 1.8.9 (or Elgg 1.7.16).

Thanks to everyone who submitted bug reports, helped test, and submitted pull requests! There were 9 contributing developers for this release:

  • Brett Profitt
  • Cash Costello
  • Evan Winslow
  • Jeroen Dalsem
  • Jerome Bakker
  • Matt Beckett
  • Paweł Sroka
  • Sem
  • Steve Clay

Latest comments