Elgg 1.8.10 has been released with important security enhancements. Be sure to upgrade immediately to protect your sites.
The primary security enhancement in 1.8.10 addresses a problem introduced in 1.8.9 that exposes user profile fields and other information stored in certain types of metadata. Versions below 1.8.9 are not affected by the security vulnerability.
Additional changes in 1.8.10 include:
- UX: Added a list of Administrators in the admin area
- UX: Limiting message board activity stream entries to excerpts
- Performance: Prefetching river entries
- Performance: Plugin entities are cached
- Removed superfluous commas in JS files to fix IE compatibility.
- API: Fixed Twitter API.
- Performance: Outputting valid ETags and expires headers.
The contributing developers for the 1.8.10 release were:
- Krzysztof Różalski
- Lars Hærvig
- Paweł Sroka
- Steve Clay