diff options
Diffstat (limited to 'CHANGES.txt')
-rw-r--r-- | CHANGES.txt | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index 11060aa2d..ae0cdc333 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,3 +1,28 @@ +Version 1.8.5 +(May 15, 2012 from https://github.com/Elgg/Elgg/tree/1.8) + + Contributing Developers: + * Brett Profitt + * Sem + + Security Enhancements: + * Fixed possible XSS vulnerability if using a crafted URL. + * Fixed exploit to bypass new user validation if using a crafted form. + * Fixed incorrect caching of access lists that could allow plugins + to show private entities to non-admin and non-owning users. (Non-exploitable) + + Bugfixes: + * Twitter API: New users are forwarded to the correct page after creating + an account with Twitter. + * Files: PDF files are downloaded as "inline" to display in the browser. + * Fixed possible duplication errors when writing metadata with multiple values. + * Fixed possible upgrade issue if using a plugin uses the system_log hooks. + * Fixed problems when enabling more than 50 metadata or annotations. + + API: + * River entries' timestamps use elgg_view_friendly_time() and can be + overridden with the friendly time output view. + Version 1.8.4 (April 24, 2012 from https://github.com/Elgg/Elgg/tree/1.8) |