Elgg 1.8.4 has been released with over 70 closed tickets. This release contains important security enhancements, so be sure to upgrade as soon as possible to keep your network safe.
The first security enhancement addresses an issue with web services authorization that would allow unauthorized users access to an authorization token. Thanks to Christian Bode for the report. This is an important issue that all Elgg admins should upgrade immediately to correct.
The second security issue is a minor issue that could expose which plugins are loaded on a site.
In addition to security enhancements, there were a number of bugfixes and other improvements.
- UI: Tags display in the case they were saved.
- UI: Removed pagination in friends widget.
- UI: Tag search works for tags with spaces.
- Groups: Link for managing join requests is restored in the sidebar.
- Walled Garden: Cron and web services endpoints are exposed as public sites.
- The Wire: UTF usernames are correctly linked with @ syntax.
- Message Board: Fixed delete.
- API: entities loaded via elgg_get_entities_from_relationship() have the correct time_created.
- API: Deleting entities recursively works when code is logged out.
The full list can always be found in the CHANGES.txt file.
Download Elgg 1.8.4 and upgrade as soon as possible to take advantage of the security improvements, bug fixes, and enhancements.
Thanks to everyone who submitted bug reports, helped test, and submitted pull requests! There were a total of 10 contributing developers for this release:
- Adayth Talavera
- Brett Profitt
- Cash Costello
- Evan Winslow
- Ismayil Khayredinov
- Janek Lasocki-Biczysko
- Jerome Baker
- Steve Clay