Elgg 1.8.9 has been released with over 30 resolved tickets and numerous enhancements.
This release, and the accompanying 1.7.16 release, contain crucial security enhancements. To keep your network safe, we urge you to upgrade as soon as possible. If you must delay upgrading, we've written step-by-step guides to help you manually patch Elgg 1.8 and Elgg 1.7 systems in the meantime.
Without the fixes in these releases an attacker could inject scripts into some pages or trigger a denial of service on a site.
There are, of course, many other improvements and fixes to make upgrading worth your while!
To get all these security fixes and improvements, download and upgrade to Elgg 1.8.9 (or Elgg 1.7.16).
Thanks to everyone who submitted bug reports, helped test, and submitted pull requests! There were 9 contributing developers for this release:
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by Raül Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
thank you very much......
thankyou.. no glitches here so far. :)
oh there's one.. no way to delete double posts in this community.. lol
You could use WinMerge for example to compare folders and files in 1.8.8 and 1.8.9.
upgrading was a breeze
@Michele, github compare 1.8.9 to 1.8.8. Via the git diff CLI tool you can limit your view to specific directories. If the theme was mostly CSS changes, I wouldn't expect trouble.
@Cim @ura good to hear about smooth upgrades. I upgraded my work's site w/ no problems so far.
We use group_tools for this functionality, so after upgrading on dev I wanted to test that there was no incompatibility, but I can't find any interface for this without group tools...
Good news is that the group tools group ownership transfer is unaffected.
@Matt: I was looking for this functionality in Elgg 1.8.9, too, and did not find it. I think the corresponding pull request (https://github.com/Elgg/Elgg/pull/308) might have ended in the wrong branch, so it might be in line to be included in Elgg 1.9 only.
I wonder if there might be some confusion at Trac and Github about what issues have been fixed or are still open. There are quite a number of pull requests open for quite some time and also the Elgg 1.8.9 milestone at Trac is still not closed. Maybe simply a matter of the core developers with the necessary access rights not being available?
I also noticed missing group transfer. D'oh.
Hi. I upgraded to 1.8.9 yesterday. When I edit a Group, I get an empty form (the existing data is not there). Would appreciate advice on how to fix this. Thanks.
With 1.8.9 a new attribute was introduced: original_order
It shows up like this and prevent the document from validating,
<li class="elgg-menu-item-activity"><a href="http://example.com" original_order="0">Activity</a></li>
Can this be solved somehow?
@Steve will there be any conflict between group owner transfer in the existing "group tools" plugin?
Has anybody else noticed a js bug in IE7 ?
I get these errors in Elgg 1.8.9,
Line: 2019
Error: expected identifier, string or number
Line: 37
Error: 'elgg' is undefined
probably JSON object such as-->
variablexxxx: 999,
}
-- the typical lazy (wrong) elgg way to code strucs ;-)
if this is the code @2019...
remove that final comma ;oO
Yes, but where is that comma?
variable: 'value',
};
Do you get the other error too?
ohh lolzzz - ' where is that comma ?' in your code! i said ' if this is the code @2019... ' in your code that's failing.. the code thast you did not post above;o( if you see the comma somewhere there or close nearby, then this above is the fix b/c IE ;)
When I report a js bug in elgg 1.8.9 do you really think it's in my code??? Read the topic!
Bug ticket submitted.
oh well if u post the code @ 2019 in whatever file..could work out the fix before trac gets to it; i was just offering to help @asking 'what is the code at line 2019' ?
got an answer for you..
the comma is here -->
js/lib/ui.js - line 287
error: loadDatePicker,
that final comma is the one i meant when i said
' remove that final comma ;oO '
and it should work oki in yr code
(either xampp or server) for IE
Thank you, but ticket already sent (read my previous post).
yeah..
i saw the trac entry update on my email notifications;
good to see that my comments re: IE's handling of the commas
was useful for your trac entry after all;
tho for a while i was not quite sure
that you had picked out and that you had
got it all down pat from my comments.
if you wanna add more details to the trac -->
IE has stricter parsing of the javascript
and therefore *expects a variable after the comma,
and before it meets and recognizes the }
that demarcates the structure block' terminal;
while - all other browsers are more forgiving;
and having done the parser look-ahead,
find the } before any variable and..
make the assumption that there is really
no variable present after all ;)
Was 1.8.9 tested against IE7? On our installs it breaks :(
why would you use internet explorer in the first place? and it's version 7 LOL
i heard bill gates has a room in one of his houses for ie7 elgg changes to be made.. lol
I don't support IE 7 unless someone pays me *lots* of money for it - plus users with IE7 are used to looking at a broken internet - let them.