Version 1.8.1b
(October 11, 2011 from git://github.com/Elgg/Elgg.git)

 Enhancements:
  * New group activity widget for user dashboard.
  * Added more sprites.
  * version.php information cached instead of loaded 100s of times.
  * Added class elgg-autofocus to add focus on inputs when the page loads.
  * Admins can edit user avatars again.
  * Added a filter for non-bundled plugins in plugin admin.
  * Improvements to admin area theme.

 Bugfixes:
  * Fixed site dropdown menu for IE.
  * ElggEntity->deleteMetadata() no longer deletes all metadata ever if
    called on an unsaved entity.
  * Fixed Embed plugin.
  * Fixed activate and deactivate all plugins.
  * Fixed URL for group membership request in notification email.
  * Fixed log browser plugin's admin area display.
  * Fixed RSS icon not showing up on some pages.
  * Fixed river entries for forum posts that were lost if upgrading from 1.7.
  * Better displaying of errors when activating, deactivating, or
    reordering plugins.
  * Fixed Developer Plugin's inspection tool.
  * Fixed avatar cropping on IE 7.
  * Bookmarks plugin accepts URLs with dashes.
  * "More" menu item on site menu hidden if items are manually specified.
  * Fixed hover menu floating if unrestrained.
  * JS init, system fired when DOM and languages are read.
  * Fixed the date picker input view.
  * Fixed stack overflow when calling elgg_view() from a pagesetup
    event.
  * Menu links no longer have empty titles and confirm attributes.
  * Fixed crash when attempting to change password to an invalid value.
  * Fixed "More groups" link for groups widget.
  * Fixed output/confirmlink to use a default question if not specified.
  * Added missing language strings. Also added "new", "add", and "create".
  * Registered security token refresh page as external to avoid token refresh
    problems on Walled Garden sites.
  * Displaying more accurate message if uploading an avatar fails.
  * "Leave group" button doesn't display for group owners.
  * Request group membership button displays only when logged in.
  * Fixed the number of displayed items for Bookmarks widget.
  * Fixed fallback to deprecated views for widgets.

 API changes:
  * Menus names must be unique to the entire menu, not just section.
  * Input views that encode text use the option 'encode_text'.
  * Added ElggPlugin->getFriendlyName().
  * elgg_view_icon() accepts a class.
  * Added hook output:before, page.
  * Added hook output:before, layout.
  * elgg_get_entities() and related functions return false if passed
    valid options with invalid values.
  * Can disable the user hover menu by passing hover => false to
    elgg_view_icon(). Previously it was override => true.
  * Embed plugin uses menu system. See readme for embed plugin.
  * Manifest attributes are no longer translated via elgg_echo().
  * Fixed livesearch ajax endpoint.
  * Fixed site unit test.
  * Unit tests tidy up after themselves better.
  * forward() throws an exception if headers are already sent.
  * Better errors if adding a user through admin area fails.
  * Localized profile fields.
  * Added 'is_trusted' parameter output/url to avoid escaping and filtering.
    Defaults to false.
  * Added elgg_unregister_action()
  * Fixed ElggPriorityList::rewind().
  * Fixed forwarding after login for login-protected pages.
  * get_site_by_url() respects class inheritance for subclassing ElggSite.

 Internal changes:
  * Updated deprecated uses of internalname/id.
  * Using wwwroot instead of www_root because of inconsistencies.


Version 1.8.0 (Jackie)
(September 5th, 2011 from git://github.com/Elgg/Elgg.git)

 Notes:
  Elgg 1.8 contains the most changes in Elgg since the transition from Elgg 
  0.9 to Elgg 1.0. The core team tried to make the transition as smooth as
  possible, but in the interest of following standards and simplifying the
  development process for core and third party developers, we have made
  changes that will require updating plugins. We believe these changes
  will help Elgg development be easier for everyone.

  It is unreasonable and unhelpful to list the full details of all changes in
  this file. Instead, we will list the high level, overarching changes to
  systems. If you are interested in the specifics, Elgg 1.8's source code is
  highly documented and serves as a good guide and the git commit log can
  provide excruciating details of what has changed between 1.7 and 1.8.

  Please post your feedback, questions, and comments to the community site
  at http://community.elgg.org. As always, thank you for using Elgg!

  --The Elgg Core Development Team

 A tip about updating plugins:
  It's not difficult to update 1.7 plugins for 1.8. There is a detailed 
  document outlining this process on the wiki:
  http://docs.elgg.org/wiki/Updating_plugins_for_Elgg_1.8

  The basic process is:
  1. Clean up the plugin to make sure it conforms to coding standards,
     official structure, and best practices.
  2. Update any uses of deprecated functions. Functions deprecated in 1.7 will
     produce visible notices in 1.8!
  3. Use the new manifest format.
  4. Use the new menu functions.
  5. Use the new JS features.
  6. Update the views to use core CSS helper functions and classes instead of
     writing your own.

  The documentation directory and the wiki has more information.

 User-visible changes:
  * New default theme.
  * New installation.
  * Separate and updated admin interface.
  * Updated plugin themes.

 Generic API changes:
  * Improved the markup and CSS.
  * Restructured and simplified the views layouts.
  * Added a new menu system.
  * Added new CSS and JS file registration functions.
  * Added a JS engine.
  * Added a breadcrumb system.
  * Added a sticky forms system.

 New plugins:
  * Dashboard - The activity stream is now the default index page. A 1.7-style
    dashboard is provided through the dashboard plugin.
  * Developers Plugins - Developer tools.
  * Likes - Allows users to "like" other users' content.
  * oAuth API - A generic, reusable oAuth library.
  * Tag Cloud - A widget-based tag cloud generator.
  * Twitter API - A generic Twitter library that allows signin with Twitter
    and pushing content to tweets. Replaces twitter_service.

 Deprecated plugins:
  * captcha - Captchas have long since stopped being useful as a deterrent
    against spam.
  * crontrigger - Real cron should be used.
  * default_widgets - This functionality is now part of core.
  * friends - This functionality is now part of core.
  * riverdashboard - Displaying the river (activity stream) is default in
    core. The original dashboard can be restored by the new Dashboard plugin.
  * twitter_service - Replaced by Twitter API.

 Elgg 1.8.0.1 was released immediately after 1.8.0 to correct a problem in
 installation.


Previous and Merged Changes:

Version 1.7.11
(August 15, 2011 from http://github.com/Elgg/elgg)

 Security Enhancements:
  * Fixed possible XSS vector in the embed plugin. Thanks to Aung Khant from YEHG for the report.
  * Fixed possible SQL exposure exploit in the search plugin. Thanks again to Aung Khant.
  * Fixed possible SQL injection vector in the search plugin. Thanks to Lostmon Lords for the report.

 Bugfixes:
  * Filtering by content works in the dashboard again.
  * Dragging widgets works in IE9.

 API Changes:
  * Deleting a container will delete all contained objects regardless of access_id.
  * setLocation() and setLatLong() no longer double escapes strings.
  * Calling elgg_list_entities() with count set no longer breaks the display.


Version 1.7.10
(June 14, 2011 from http://code.elgg.org/branches/1.7)

 Security Enhancements:
  * Changes to prevent numerous reflected cross site scripting vectors. Thanks to Aung Khant for
    the reports!

 Enhancements:
  * Banned users are more apparent in user lists and profiles.

 Bugfixes:
  * TinyMCE: Using Elgg's default font to prevent small font sizes.
  * Files: Optimizations to allow uploading and downloading larger files.
  * Fixed bugs preventing users from adding and removing friends in Friends Collections.
  * $CONFIG->lastcache is correctly set for pages that regenerate the cache.

 API Changes:
  * Added unit tests for access collections.
  * Added can_edit_access_collection().
  * Access collection functions no longer check permissions. Do this in actions instead.


Version 1.7.9
(June 1, 2011 from http://code.elgg.org/branches/1.7)

 Security Enhancements:
  * Blocking possible access to restricted pages if headers are output too early. Thanks to Vazco
    for reporting!

 Bugfixes:
  * Admins can delete Pages again.
  * TinyMCE upgraded to 3.4.2 to fix IE support.
  * Autocomplete input works correctly.
  * Fixed Message Board "all" posts.
  * Fixed deleting internal messages on some non-English sites.
  * Better feedback if an error occurs when saving widgets.
  * Messages from deleted users no longer show the recipient's avatar.
  * Https logins on fully https sites work correctly.

 API Changes:
  * Added "creating", "river" plugin hook.
  * User metadata is registered as independent higher in the boot sequence.
  * Group ACLs are updated correctly when joining a non-logged in user to a group.
  * Can return 0 for plugin hook 'comments', 'count'.


Version 1.7.8
(April 4, 2011 from http://code.elgg.org/branches/1.7)

 Security Enhancements:
  * Properly encoding search queries (Thanks to lord epsylon (of Lorea) for the report!)

 Bugfixes:
  * Blogs - Fixed disappearing blog draft issue.
  * Groups - Editing a topic from discussion list page works now.
  * Search - Group names used in titles.
  * InviteFriends - Invitation link no longer shows up when logged out.
  * Messages - Denormalized the message calculation for better performance.
  * Sorting by time_created in relationship functions supported.
  * Metadata and annotation names can now be updated.
  * Fixed error with deleting a user with disabled entities.
  * Removed unnecessary executable permissions on a number of files. (Thanks to
    pauloortiz for the report!)

 API Changes:
  * Added delete_submenu_item() for removing sidebar menu items.


Version 1.7.7
(January 31, 2011 from http://code.elgg.org/branches/1.7)

 Security Enhancements:
  * Only admins can view the unvalidated users page (Thanks to Manacim
    Medriano for the report!)

 Bugfixes:
  * Fixed deprecation notices for locales that use comma as radix point.
  * Groups - Files can be completely disabled per group.
  * Pages - Deleting and creating subpages is restricted to owner or group member.
  * Groups - group icons deleted when group is deleted.
  * Pagination will not display when all content id displayed.
  * Fixed issue with get_context() when trailing slash is missing.

 API Changes:
  * Added $CONFIG->action_token_timeout.
  * Added callback option to elgg_get_entities().


Version 1.7.6
(December 23, 2010 from http://code.elgg.org/branches/1.7)

 Security Enhancements:
  * Fixed a possible SQL injection attack when using a crafted
    URL.  Thanks to Gerrit Venema from Gol Gol (golgol.nl) for
    the report.

 Bugfixes:
  * Pages - Fixed "All Pages" link on "All Site Pages" page.
  * Messages - Fixed invalid URLs when using old-style
    pg/messages/<username> links.
  * Messages - Fixed redirect after deleting a message.

 API Changes:
  * Added get_entities_from_access_collection() and deprecated it.
  * is_registered_entity_type() returns correctly when requesting
    just a type and not a subtype.


Version 1.7.5
(November 26, 2010 from http://code.elgg.org/branches/1.7)

 Security Enhancements:
  * Fixed a security flaw in the Bookmarks plugin that could
    allow an XSS attack using crafted URLs.  Thanks to Akhilesh
    Gupta for the bug report.
  * Fixed a security flaw in the widgets system that could allow
    an XSS attack using crafted URLs.

 Bugfixes:
  * Checking for mismatched passwords before creating user when
    manually adding users.
  * 'large' size profile icons created when cropped.
  * Fixed menu entry for user's files link.
  * Fixed caching issues with plugin-added view types.
  * Fixed XFN links on profile page and user lists.
  * Fixed PHP warnings about invalid foreaches in plugins.php
  * Fixed problems in elgg_get_entities_*() when using an array
    for owner_guid.
  * Group profile edit action correctly encodes and saves array input.
  * Language string corrections.

 UI/UX Changes:
  * Users must verify their current password before they can changing
    passwords.
  * Using pagehandlers instead of mod/mod_name/ calls in Blogs,
    Bookmarks, Members, Pages, The Wire, Groups, Invite Friends,
    and Messages.
  * Added a page to view Wire posts by user.

 API Changes:
  * Added remove_group_tool_option().
  * Wrapped Twitter Service's vendor's oAuth lib in class_exists().
  * Added elgg_list_entities_from_relationship().
  * Exposed order_by param in list_entities_from_relationship().
  * Added a default annotation view.


Version 1.7.4
(October 14, 2010 from http://code.elgg.org/branches/1.7)

 Bugfixes:
  * Upgrade Twitter Services to use oAuth so The Wire can post
    to Twitter. See http://el.gg/twitteroauth for instructions.
  * WSOD fixed when viewing an invalid profile page.
  * Checking for mismatched passwords earlier in registration to avoid
    creating a user who can never log in and wasting a username/email.
  * POST data in the web services API is correctly quoted on servers
    with magic quotes enabled.
  * WSOD fixed when trying to update an invalid entity.
  * Group file widget only shows when Files are enabled for the group.
  * Fixed misformatting of some group forum posts in the River.
  * Fixed resizing tall non-square images.
  * Non-English languages work when using memcache.
  * User avatar menus work when switching filters on River Dashboard page.
  * CSS is correctly cached for newly enabled plugins.
  * Can no longer add bookmarks without a title. Previous bookmarks with
    out titles can now be deleted.

 UI/UX Changes:
  * Pages: Admin users can edit user-defined "Welcome page."
  * Pages: Group "Welcome page" can be edited.
  * User Validation:  Added an admin section for unvalidated users. An
    admin user can resend validation request, validate, or delete
    unvalidated users.

 API Changes:
  * test_ip() removed.
  * is_ip_in_range() removed.
  * Read/write DB connections can use different credentials.
  * Twitter services plugin allows other plugins to tweet
    if the user authorizes them.  See twitterservice/README.txt


Version 1.7.3
(September 2, 2010 from http://code.elgg.org/branches/1.7)

 Security enhancements:
  * Fixed a security flaw that allowed an SQL injection attack
    using crafted POSTs.  Thanks to Georg-Christian Pranschke of
    www.sensepost.com for the bug report.

 UI/UX Changes:
  * Entering an invalid captcha now forwards to referring page.

 Bugfixes:
  * Multiple owners support fixed for legacy get_entity*() functions.
  * "Edit details" and "Edit profile icon" only show up for user's own
    profile.
  * get_objects_in_group() works correctly.


Version 1.7.2
(August 18, 2010 from http://code.elgg.org/elgg/branches/1.7)

 UI Changes:
  * Group "widgets" have been standardized with new blog and bookmark widgets.
  * New group member listing page.
  * Group forum topics can be edited including title and status.
  * Added a group creation river entry.

 Bugfixes:
  * Fixed preview and draft saving for blog plugin.
  * Page titles are now editable.
  * Fixed several bugs with the new elgg_get* and elgg_list* functions.
  * Groups do not show up as personal friend collections anymore.
  * Fixed an upgrade issue with utf8 usernames.
  * Encoding of & in group forums is fixed.

 API changes:
  * Added elgg_list_entities_from_metadata().
  * Added elgg_send_email().
  * Added remove_from_river_by_id().
  * Added remove_from_register() for removing menu items.
  * Added elgg_get_excerpt().
  * Added elgg_get_friendly_title() and elgg_get_friendly_time().


Version 1.7.1
(April 21, 2010 from http://code.elgg.org/elgg/branches/1.7)

 UI changes:
  * (Unused) tags field removed from external pages.
  * Languages fixes in groups.
  * Installation checks database settings before writing settings.php.
  * Made the widgets more consistent in their UI.

 Bugfixes:
  * Pagination fixed.
  * Profile icons fixed for PHP-CGI users who were seeing incorrect avatars.
  * Tag search works in groups and members.
  * Tag clouds correctly link to tag search.
  * RSS views added to search.
  * Wrapper function for get_entities() correctly rewrites container_guid to
    owner_guid.
  * output/url correctly appends http:// again.
  * full_url() urlencode()'s ' and " to avoid a security problem in IE.

 API changes:
  * Moved admin flag to users_entity table and added ElggUser->isAdmin(),
    ->makeAdmin(), and ->removeAdmin() to replace the metadata.
  * Plugin hook for reported content includes the report object.
  * UTF8 upgrade checks server defaults before running to avoid
    corrupted strings.
  * Tags lib updated to elgg_get_*() interface.
  * Can get entities based upon annotation/metadata owner_guid.
  * Moved friendly time and friendly title into overridable views.
  * Added unregister_notification_handler().
  * Added remove_widget_type().
  * Search supports container_guid.


Version 1.7.0
(March 2, 2010 from http://code.elgg.org/elgg/trunk/)

 User-visible changes:
  * UTF8 now saved correctly in database. #1151
  * Unit tests added to System diagnostics.
  * Debug values output to screen when enabled in admin settings.
  * Users can now log in from multiple computers or browsers concurrently.
  * Misconfigured plugins no longer break the site. #1454
  * User display names cannot have HTML or be longer than 50 characters.
  * New search system.

 Bugfixes:
  * Searching by tag with extended characters now works. #1151, #1231
  * Searching for entities works properly with case-insensitive metadata. #1326
  * Invalid views now default to 'default' view. #1161.
  * Metadata cache now handles a 0 string. #1227
  * ElggPlugin get() now works with 0. #1286
  * Metadata __isset() now works for falsy values (except NULL). #1414
  * clear_plugin_setting() now only clears a single setting.
  * Submenu entries are correctly calculated after a simplecache refresh.

 API changes:
  * New plugin hook system:unit_test for adding files to unit tests.
  * $is_admin global deprecated; use elgg_set_ignore_access() instead.
  * Deprecated get_entities().  Use elgg_get_entities().
  * Deprecated get_entities_from_metadata().  Use elgg_get_entities_from_metadata().
  * Deprecated get_entities_from_relationship() and g_e_f_relationships_and_meta().  Use elgg_get_entities_from_relationship().
  * Deprecated get_entities_from_access_id(). Use elgg_get_entities_from_access_id().
  * Deprecated get_entities_from_annotations().  Use elgg_get_entities_from_annotations().
  * Reorganized directory file path to rely on GUID instead of username.
  * annotation_id column added to the river database table.
  * remove_from_river_by_annotation() added.
  * unregister_elgg_event_handler() and unregister_plugin_hook() added. #1465
  * clear_all_plugin_settings() added.
  * get_entity_relationships() supports inverse relationships. #1472.
  * can_write_to_container() can be overridden with the container_permissions_check hook. #1164 (part 2).
  * Deprecated search_for_*().
  * Deprecated search_list*().
  * Added elgg_deprecated_notice().
  * ElggEntity::countEntitiesFromRelationship() supports inverse relationships. #1325
  * delete_relationship() triggers the hook delete:relationship and passes the relationship object. #1213
  * added ElggEntity::removeRelationship(). #1376.
  * get_entity_dates() supports order by. #1406.
  * Added elgg_http_add_url_query_elements().
  * Added elgg_register_tag_metadata_name() and elgg_get_registered_tag_metadata_names();
  * Added ElggEntity::getTags().
  * Added elgg_add_action_tokens_to_url().

 Services API:
  * Separated user and api authenticate processing
  * hmac signature encoding now compatible with OAuth
  * New plugin hook api_key:use for keeping stats on key usage
  * New plugin hook rest:init so plugins can configure authentication modules
  * Moved auth.gettoken to POST for increased security
  * Fixed REST POST bug #1114
  * Fixed #881, #1214, #1215, #1216, #1217, #1218, #1219, #1220, #1298, #1364