1 files changed, 146 insertions, 0 deletions
diff --git a/CHANGES.txt b/CHANGES.txt
index 13c30ae3e..f6974a3ae 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,3 +1,149 @@
+Version 1.8.18
+(January 11, 2014 from https://github.com/Elgg/Elgg/tree/1.8)
+  Contributing Developers:
+   * Juho Jaakkola
+   * Steve Clay
+
+  Bugfixes:
+   * Fixes notify_user() broken in 1.8.17
+
+
+Version 1.8.17
+(January 1, 2014 from https://github.com/Elgg/Elgg/tree/1.8)
+  Contributing Developers:
+   * Brett Profitt
+   * Cash Costello
+   * Ed Lyons
+   * Evan Winslow
+   * Jeroen Dalsem
+   * Jerome Bakker
+   * Juho Jaakkola
+   * Matt Beckett
+   * Paweł Sroka
+   * Sem
+   * Steve Clay
+
+  Security Fixes:
+   * Specially-crafted request could return the contents of sensitive files.
+   * Reflected XSS attack was possible against 1.8 systems.
+   * The cryptographic key used for various purposes may have been generated with weak entropy, particularly on Windows.
+
+  Bugfixes:
+   * URLs with non-ASCII usernames again work
+   * Floated images are now properly cleared in content areas
+   * The activity page title now matches the document title
+   * Search again supports multiple comments on the same entity
+   * Blog archive sidebar now reverse chronological
+   * URLs with matching parens can now be auto-linked
+   * Log browser links for users now work
+   * Disabling over 50 objects should no longer result in an infinite loop
+   * Radio/checkbox inputs no longer have border radius (for IE10)
+   * User picker: the Only Friends checkbox again works
+   * Group bookmarklet no longer shown to non-members
+   * Widget reordering fixed when moving across columns
+   * Refuse to deactivate plugins needed as dependencies
+
+  Enhancements:
+   * Group member listings are ordered by name
+   * The system_log table can now store IPv6 addresses
+   * Web services auth_gettoken() now accepts email address
+   * List functions: no need to specify pagination for unlimited queries
+   * Htmlawed was upgraded to 1.1.16
+
+
+Version 1.8.16
+(June 25, 2013 from https://github.com/Elgg/Elgg/tree/1.8)
+  Contributing Developers:
+   * Brett Profitt
+   * Cash Costello
+   * Jeff Tilson
+   * Jerome Bakker
+   * Paweł Sroka
+   * Steve Clay
+
+  Security Fixes:
+   * Fixed avatar removal bug (thanks to Jerome Bakker for the first report of this)
+
+  Bugfixes:
+   * Fixed infinite loop when deleting/disabling an entity with > 50 annotations
+   * Fixed deleting log tables in log rotate plugin
+   * Added full text index for groups if missing
+   * Added workaround for IE8 and jumping user avatar
+   * Fixed pagination for members pages
+   * Fixed several internal cache issues
+   * Plus many more bug fixes
+
+
+Version 1.8.15
+(April 23, 2013 from https://github.com/Elgg/Elgg/tree/1.8)
+  Contributing Developers:
+   * Cash Costello
+   * Ismayil Khayredinov
+   * Jeff Tilson
+   * Juho Jaakkola
+   * Matt Beckett
+   * Paweł Sroka
+   * Sem
+   * Steve Clay
+   * Tom Voorneveld
+
+  Bugfixes:
+   * Not displaying http:// on profiles when website isn't set
+   * Fixed pagination display issue for small screens
+   * Not hiding subpages of top level pages that have been deleted
+   * Stop corrupting JavaScript views with elgg deprecation messages
+   * Fixed out of memory error due to query cache
+   * Fixed bug preventing users authorizing Twitter account access
+   * Fixed friends access level for editing pages
+   * Fixed uploading files within the embed dialog
+
+  Enhancements:
+   * Added browser caching of language JS files
+   * Adding nofollow on user posted URLs for spam deterrence (thanks to Hellekin)
+   * Auto-registering views for simplecache when their URL is requested
+   * Display helpful message for those who have site URL configuration issues
+   * Can revert to a previous revision with pages plugin
+   * Site owners can turn off posting wire messages to Twitter
+   * Search results are sorted by relevance
+
+  Dropped Plugins:
+   * Twitter widget due to changes in Twitter API and terms of service
+   * OAuth API plugin due to conflicts with the Twitter API plugin
+
+
+Version 1.8.14
+(March 12, 2013 from https://github.com/Elgg/Elgg/tree/1.8)
+  Contributing Developers:
+   * Aday Talavera
+   * Brett Profitt
+   * Cash Costello
+   * Ed Lyons
+   * German Bortoli
+   * Hellekin Wolf
+   * iionly
+   * Jerome Bakker
+   * Luciano Lima
+   * Matt Beckett
+   * Paweł Sroka
+   * Sem
+   * Steve Clay
+
+  Security Fixes:
+   * Fixed a XSS vulnerability when accepting URLs on user profiles
+   * Fixed bug that exposed subject lines of messages in inbox
+   * Added requirement for CSRF token for login
+
+  Bugfixes:
+   * Strip html tags from tag input
+   * Fixed several display issues for IE7
+   * Fixed several issues with blog drafts
+   * Fixed repeated token timeout errors
+   * Fixed JavaScript localization for non-English languages
+
+  Enhancements:
+   * Web services fall back to json if the viewtype is invalid
+
+
 Version 1.8.13
 (January 29, 2013 from https://github.com/Elgg/Elgg/tree/1.8)
   Contributing Developers: