Elgg 1.8.9 and 1.7.16 released

Elgg 1.8.9 has been released with over 30 resolved tickets and numerous enhancements.

This release, and the accompanying 1.7.16 release, contain crucial security enhancements. To keep your network safe, we urge you to upgrade as soon as possible. If you must delay upgrading, we've written step-by-step guides to help you manually patch Elgg 1.8 and Elgg 1.7 systems in the meantime.

Without the fixes in these releases an attacker could inject scripts into some pages or trigger a denial of service on a site.

There are, of course, many other improvements and fixes to make upgrading worth your while!

  • UX: A group's owner can transfer ownership to another member
  • UX: Titles containing HTML tokens are never mangled
  • UX: Search queries persist in the search box
  • UX: Empty user profile values saved properly
  • UX: Blog creator always mentioned in activity stream (not user who published it)
  • UI: Fixed ordering of registered menu items in some cases
  • UI: Embed dialog does not break file inputs
  • UI: Datepicker now respects language
  • UI: More reliable display of access input in widgets
  • UI: Group edit form is sticky
  • UI: Site categories are sticky in forms
  • API: Language fallback works in Javascript
  • API: Fallback to default viewtype if invalid one given
  • API: Notices reported for missing language keys
  • Several (X)HTML validation improvements
  • Improved performance via more aggressive entity and metadata caching
  • Memcache now safe to use; never bypasses access control
  • BC: 1.7 group profile URLs forward correctly
  • BC: upgrade shows comments consistently in activity stream

To get all these security fixes and improvements, download and upgrade to Elgg 1.8.9 (or Elgg 1.7.16).

Thanks to everyone who submitted bug reports, helped test, and submitted pull requests! There were 9 contributing developers for this release:

  • Brett Profitt
  • Cash Costello
  • Evan Winslow
  • Jeroen Dalsem
  • Jerome Bakker
  • Matt Beckett
  • Paweł Sroka
  • Sem
  • Steve Clay
  • Even if its a headache for designers, 5% of the population still uses IE7. We cant completely discard the support for these 5%. 

  • Sure we can - the only reason those 5% still use IE7 is because sites spend untold $$ writing custom code to support it.  If everyone took a hardline stance and didn't support it that 5% would upgrade pretty quick - and they'd be better off for it.

  • Nobody will update / change their browser for a single site. Otherwise the giants like youtube etc has to stop support for the same (fortunately they are going to stop support for IE7 soon) or we need to have some good campaign like

  • I'm far less worried about IE7 users than I am about those with various disabilities.

    On this simple and, you'd think, trouble-free page alone, using WAVE, I get some major accessibility errors, including inconveniences like CSS-hidden content, missing alt text, empty headings, missing form labels, etc. Once you move to pages with widgets etc this becomes even more serious and makes an Elgg site extremely difficult or even impossible to use for those with motor and visual impairment. If those issues were dealt with then IE7 would take care of itself. Is anyone looking into this problem? In parts of Europe, at least, this can mean it can be actually illegal to use Elgg for your site.

  • jondron - humanity has a way of disregarding the difficult challenges as impossible and then attempting to cludge a solution together in other areas which don't work.. like attempting to make websites 'illegal'.. instead of locating the true source of disability. i'm not asking you to learn how to heal disability, i am saying that that is the solution and it is possible and many know how to do it and are in process of resolving that. much like how the time and energy invested in coding for old browsers is completely moot because people upgrade when sites don't load for them anymore - and rigidity and opposition to change (such as policies as to which browser 'has' to be used in agencies and companies) eventually evolves due to necessity.

    so my 'solution' is not to code specifically for disabilities; and to instead find out how to heal the disabilities.

  • We're unlikely to make changes to international law nor cure all disabilities. Bearing in mind that the majority of the population have one or more impairments, ranging from presbyopia, colour blindness, mild dyslexia,  and clumsiness to more serious issues that are actually declared as disabilities (which means 11%-20% of the population, depending on your region) like motor problems, cognitive impairment, injury to limbs, deafness or blindness, this is not a trivial issue. Quite apart from the ethical and legal imperatives, that's a lot of potential site users being abandoned. 

    Sites coded for those with disabilities should also work with any browser and almost always gain in usability because you have to think seriously about information design. Given Elgg's ongoing usability issues, I think that's enough alone to make it a high priority.

  • one of the disabilities is disbelief in our ability to heal and evolve. that is one of the primary causes of rigid energy/rigid patterns/rigid behaviour/rigid belief and thus associated disability.
    however, in truth, this thread is not really the place to discuss all that. 

  • I did not test IE7 but happy to fix that in 1.8.10. I usually delete these commas when I see them. We're happy to receive accessibility bugs, but we don't have the resources to test JAWS, etc. I'd love to add more Aria support but I'm pretty clueless about it at this point.

Latest comments