Elgg 1.7.11 has been released with security improvements. All users are advised to upgrade immediately.
The following security enhancements were made:
* Aung Khant from the YEHG reported and helped to fix a XSS vector in the Embed plugin and an SQL exposure vector in the Search plugin.
* Lostmon Lords reported and helped to fix an SQL injection vector in the search plugin.
Tons of thanks to these two people, who have been helping us find and fix security problems for the last few releases!
1.7.11 also includes a few minor bugfixes:
* Filtering by content works again in the activity stream.
* Dragging works in IE 9 for profile widgets.
Again, uses are encouraged to upgrade to Elgg 1.7.11 ASAP to keep their networks and users safe.