Elgg 1.7.6 released with security enhancements

Elgg 1.7.6 has been released with important security enhancements to address a possible SQL injection attack using crafted URLs.  All 1.7 users should upgrade immediately to keep their networks and servers safe.  Thanks to Gerrit Venema from Gol Gol social community for following the security reporting guidelines and working with us to get a fix out!

In addition to security enhancements, Elgg 1.7.6 also contains a few bugfixes:

• Pages - Fixed "All Pages" link on "All Site Pages" page.
• Messages - Fixed invalid URLs when using old-style pg/messages/<username> links.
• Messages - Fixed redirect after deleting a message.

For developers, two API changes are included:

• Added get_entities_from_access_collection() and deprecated it.
• is_registered_entity_type() returns correctly when requesting just a type and not a subtype.