Elgg 1.8.14

If somebody didn't noticed yet, we have Elgg 1.8.14 version availible for download at http://elgg.org

Thanks to Cash for making this release.

Changes include:

  Security Fixes:
  •    Fixed a XSS vulnerability when accepting URLs on user profiles
  •    Fixed bug that exposed subject lines of messages in inbox
  •    Added requirement for CSRF token for login
  •    Strip html tags from tag input
  •    Fixed several display issues for IE7
  •    Fixed several issues with blog drafts
  •    Fixed repeated token timeout errors
  •    Fixed JavaScript localization for non-English languages
  •    Web services fall back to json if the viewtype is invalid
Probably official blog post will show up eventually.
  • @Herauf: the problem is due to plugins that are not correctly registering a simple cache view for their libraries. These plugins still worked with Elgg < 1.8.14 but now fail to work due to a bugfix that no longer allows using libraries in connection with simple cache that are not correctly registered.

    You can fix these plugin by adding an elgg_register_simplecache_view() call for the libraries that are intended to be cached (by use of elgg_get_simplecache_url()). Just check the start.php of these plugins and modify them accordingly.

    It seems Elgg 1.8.15 will also fix this issue automatically: https://github.com/Elgg/Elgg/issues/5302.

  • Thanks iionly, I was just looking at the simple cache registrering.

    I will continue and and post the corrections to the plugin's owners.

  • @Herauf: For hypeAlive and hypeEvents, it's my understanding that the developer is workign on an upgrade for these. You may want to check with him.

  • After upgrading to 1.8.14 (from 1.8.11) some users are having problems with login. They stay on the logon screen with no error message or anything to indicate the problem. (da-DK language)

    In some cases the problem was selved by adding site to "allow to save cookie" (eg. Win/Chrome) on others I'm unable to spot the problem. 2 computers with same configuration, one fails, one works fine (eg. Ipad) same user.

    Anyone with same issues and/or having any idears where to look?


  • Update to above issue: if using emailadress instead og username, the user is logged ind...

  • @Herauf: take a look here: http://docs.elgg.org/wiki/Login_token_mismatch_error

    The login issue might be connected with siteurl not equal the url people use to visit your site, i.e. one with www the other without or vice-versa.

  • Thanks iionly, I will look into that