diff options
author | Sem <sembrestels@riseup.net> | 2012-05-20 02:39:46 +0200 |
---|---|---|
committer | Sem <sembrestels@riseup.net> | 2012-05-20 02:39:46 +0200 |
commit | 59bec8bc3e61e6ad537c1418e64094d0665470af (patch) | |
tree | 9f9826a3ca09a23c46d63284a93bf3523e60f36c /CHANGES.txt | |
parent | 5da1b3002e12ed112c92c0902f518c82bdd3fbe0 (diff) | |
parent | 14d2c70e1872f4045fc857be9b9022d085f1fbd1 (diff) | |
download | elgg-59bec8bc3e61e6ad537c1418e64094d0665470af.tar.gz elgg-59bec8bc3e61e6ad537c1418e64094d0665470af.tar.bz2 |
Merge branch '1.8' of git://github.com/Elgg/Elgg into lorea-preprod
Diffstat (limited to 'CHANGES.txt')
-rw-r--r-- | CHANGES.txt | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index 11060aa2d..870c4f57d 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,3 +1,32 @@ +Version 1.8.5 +(May 17, 2012 from https://github.com/Elgg/Elgg/tree/1.8) + + Contributing Developers: + * Brett Profitt + * Evan Winslow + * Sem + * Steve Clay + * Jeroen Dalsem + * Jerome Bakker + + Security Enhancements: + * Fixed possible XSS vulnerability if using a crafted URL. + * Fixed exploit to bypass new user validation if using a crafted form. + * Fixed incorrect caching of access lists that could allow plugins + to show private entities to non-admin and non-owning users. (Non-exploitable) + + Bugfixes: + * Twitter API: New users are forwarded to the correct page after creating + an account with Twitter. + * Files: PDF files are downloaded as "inline" to display in the browser. + * Fixed possible duplication errors when writing metadata with multiple values. + * Fixed possible upgrade issue if using a plugin uses the system_log hooks. + * Fixed problems when enabling more than 50 metadata or annotations. + + API: + * River entries' timestamps use elgg_view_friendly_time() and can be + overridden with the friendly time output view. + Version 1.8.4 (April 24, 2012 from https://github.com/Elgg/Elgg/tree/1.8) |