Version 1.8.14 (March 12, 2013 from https://github.com/Elgg/Elgg/tree/1.8) Contributing Developers: * Aday Talavera * Brett Profitt * Cash Costello * Ed Lyons * German Bortoli * Hellekin Wolf * iionly * Jerome Bakker * Luciano Lima * Matt Beckett * Paweł Sroka * Sem * Steve Clay Security Fixes: * Fixed bug that exposed subject lines of messages in inbox * Added requirement for CSRF token for login Bugfixes: * Strip html tags from tag input * Fixed several display issues for IE7 * Fixed several issues with blog drafts * Fixed repeated token timeout errors * Fixed JavaScript localization for non-English languages Enhancements: * Web services fall back to json if the viewtype is invalid Version 1.8.13 (January 29, 2013 from https://github.com/Elgg/Elgg/tree/1.8) Contributing Developers: * Cash Costello * Juho Jaakkola * Kevin Jardine * Krzysztof Różalski * Steve Clay Security Fixes: * Added validation of Twitter usernames in Twitter widget Bugfixes: * CLI usages with walled garden fixed * Upgrading from < 1.8 to 1.8 fixed * Default widgets fixed * Quotes in object titles no longer result in "qout" in URLs * List of my groups is ordered now * Language string river:comment:object:default is defined now * Added language string for comments: generic_comment:on Enhancements: * Added confirm dialog for resetting profile fields (adds language string profile:resetdefault:confirm) Version 1.8.12 (January 4th, 2013 from https://github.com/Elgg/Elgg/tree/1.8) Contributing Developers: * Brett Profitt * Cash Costello * Jerome Bakker * Matt Beckett * Paweł Sroka * Sem * Steve Clay Bugfixes: * Added an AJAX workaround for the rewrite test. * Code cleanup to prevent some notices and warnings. * Removed "original_order" in menu item anchor tags. * Site menu's selected item correctly persists through content pages. * Static caches rewritten and improved to prevent stale data being returned. * Installation: Invalid characters in admin username are handled correctly. * Messages: Fixed inbox link in email notifications. * The Wire: Fixed objects not displaying correctly when upgrading from 1.7. Enhancements: * Performance improvements and improved caching in entity loading. * Added upgrade locking to prevent concurrent upgrade attempts. * Replaced xml_to_object() and autop() with GPL / MIT-compatible code. * Error messages (register_error()) only fade after being clicked. * Groups: Added a sidebar entry to display membership status and a link to group notification settings. * Groups: Added pending membership and invitation requests to the sidebar. * Groups: Better redirection for invisible and closed groups. * Search: User profile fields are searched. * Pages: Subpages can be reassigned to new parent pages. * Twitter: Login with twitter supports persistent login and correctly forwards after login. Version 1.8.11 (December 5th, 2012 from https://github.com/Elgg/Elgg/tree/1.8) Bugfix: * Fixed fatal error in group creation form Version 1.8.10 (December 4th, 2012 from https://github.com/Elgg/Elgg/tree/1.8) Contributing Developers: * Krzysztof Różalski * Lars Hærvig * Paweł Sroka * RiverVanRain * Sem * Steve Clay Security Enhancements: * Cached metadata respects access restrictions to fix problems with profile field display. * Group RSS feeds are restricted to valid entities Enhancements: * UX: Added a list of Administrators in the admin area * UX: Limiting message board activity stream entries to excerpts * Performance: Prefetching river entries * Performance: Plugin entities are cached Bugfixes: * Removed superfluous commas in JS files to fix IE compatibility. * API: Fixed Twitter API. * Performance: Outputting valid ETags and expires headers. Version 1.8.9 (November 11, 2012 from https://github.com/Elgg/Elgg/tree/1.8) Contributing Developers: * Brett Profitt * Cash Costello * Evan Winslow * Jeroen Dalsem * Jerome Bakker * Matt Beckett * Paweł Sroka * Sem * Steve Clay Security Enhancements: * Sample CLI installer cannot break site * Removed XSS vulnerabilities in titles and user profiles Enhancements: * UX: A group's owner can transfer ownership to another member * UX: Search queries persist in the search box * Several (X)HTML validation improvements * Improved performance via more aggressive entity and metadata caching * BC: 1.7 group profile URLs forward correctly Bugfixes: * UX: Titles containing HTML tokens are never mangled * UX: Empty user profile values saved properly * UX: Blog creator always mentioned in activity stream (not user who published it) * UI: Fixed ordering of registered menu items in some cases * UI: Embed dialog does not break file inputs * UI: Datepicker now respects language * UI: More reliable display of access input in widgets * UI: Group edit form is sticky * UI: Site categories are sticky in forms * API: Language fallback works in Javascript * API: Fallback to default viewtype if invalid one given * API: Notices reported for missing language keys * Memcache now safe to use; never bypasses access control * BC: upgrade shows comments consistently in activity stream Version 1.8.8 (July 11, 2012 from https://github.com/Elgg/Elgg/tree/1.8) Contributing Developers: * Cash Costello * Miguel Rodriguez * Sem Enhancements: * Added a delete button on river items for admins Bugfixes: * Fixed the significant bug with htmlawed plugin that caused duplicate tags Version 1.8.7 (July 10, 2012 from https://github.com/Elgg/Elgg/tree/1.8) Contributing Developers: * Cash Costello * Evan Winslow * Ismayil Khayredinov * Jeroen Dalsem * Jerome Bakker * Matt Beckett * Miguel Rodriguez * Paweł Sroka * Sem * Steve Clay Enhancements: * Better support for search engine friendly URLs * Upgraded htmlawed (XSS filtering) * Internationalization support for TinyMCE * Public access not available for walled gardens * Better forwarding and messages when they cannot view content because logged out Bugfixes: * Fatal errors due to type hints downgraded to warnings * Group discussion reply notifications work again * Sending user to inbox when deleting a message * Fixed location profile information when it is an array * Over 30 other bug fixes. Version 1.8.6 (June 18, 2012 from https://github.com/Elgg/Elgg/tree/1.8) Contributing Developers: * Cash Costello * Evan Winslow * Ismayil Khayredinov * Jeff Tilson * Jerome Bakker * Paweł Sroka * Sem * Steve Clay Enhancements: * New ajax spinner * Detecting docx, xlsx, and pptx files in file plugin * Showing ajax spinner when uploading file with embed plugin Bugfixes: * Fixed some language caching issues. * Users can add sub-pages to another user's page in a group. * Over 30 other bug fixes. Version 1.8.5 (May 17, 2012 from https://github.com/Elgg/Elgg/tree/1.8) Contributing Developers: * Brett Profitt * Evan Winslow * Sem * Steve Clay * Jeroen Dalsem * Jerome Bakker Security Enhancements: * Fixed possible XSS vulnerability if using a crafted URL. * Fixed exploit to bypass new user validation if using a crafted form. * Fixed incorrect caching of access lists that could allow plugins to show private entities to non-admin and non-owning users. (Non-exploitable) Bugfixes: * Twitter API: New users are forwarded to the correct page after creating an account with Twitter. * Files: PDF files are downloaded as "inline" to display in the browser. * Fixed possible duplication errors when writing metadata with multiple values. * Fixed possible upgrade issue if using a plugin uses the system_log hooks. * Fixed problems when enabling more than 50 metadata or annotations. API: * River entries' timestamps use elgg_view_friendly_time() and can be overridden with the friendly time output view. Version 1.8.4 (April 24, 2012 from https://github.com/Elgg/Elgg/tree/1.8) Contributing Developers: * Adayth Talavera * Brett Profitt * Cash Costello * Evan Winslow * Ismayil Khayredinov * Janek Lasocki-Biczysko * Jerome Baker * Sem * Steve Clay * Webgalli Security Enhancements: * Fixed an issue in the web services auth.get_token endpoint that would give valid auth tokens to invalid credentials. Thanks to Christian for reporting this! * Fixed an that could show which plugins are loaded on a site. Enhancements: * UI: All bundled plugins' list pages display a no content message if there is nothing to list. * UI: Site default access is limited to core access levels. * UI: Showing a system message to the admin if plugins are disabled with the "disabled" magic file. * UI: Added transparent backgrounds for files and pages icons. * External (Site) Pages: If in Wall Garden mode, Site Pages use the Walled Garden theme when logged out. * UI: Database errors only show the query to admin users. * UI: Cannot set the data path to a relative path in installation or site settings. * UI: Cleaned up notifications for bundled plugins. * UI: Hiding crop button if no avatar is uploaded. * UI: Bundled plugins are displayed with a gold border in the plugin admin area. * UI: Can see all the categories a plugin belongs to. * Web Services: Multiple tokens allowed for users. * API: More efficient entity loading. * API: Added IP address to system log. * API: Languages are cached. * API: ElggBatch supports disabling offsets for callbacks that delete entities. * API: Cleaned up the boot process. * API: Fixed situation in which the cache isn't properly cleared if a file can't be unlinked. Bugfixes: * UI: Tags display in the case they were saved. * UI: Friendly titles keep -s. * UI: Removed pagination in friends widget. * UI: Profile settings actions correctly displays error messages as errors. * UI: Tag search works for tags with spaces. * UI: Fixed river display for friending that happens during registration. * Groups: Link for managing join requests is restored in the sidebar. * Walled Garden: Cron and web services endpoints are exposed as public sites. * The Wire: UTF usernames are correctly linked with @ syntax. * The Wire: No longer selecting the "Mine" tab for users who aren't you. * Blogs: Notifications restored. * Message Board: Fixed delete. * Groups: Forwarding to correct page if trying to access closed group. * API: entities loaded via elgg_get_entities_from_relationship() have the correct time_created. * API: Deleting entities recursively works when code is logged out. * API: Fixed multiple uses of deprecated functions. Version 1.8.3 (January 12, 2012 from https://github.com/Elgg/Elgg/tree/1.8) Enhancements: * Adds a white list for ajax views * Improved navigation tab options * Added group specific search * Added button for reverting avatar * Improved documentation for core class attributes * Adds a server info page under administer -> statistics * Improving caching of icons and js/css * Deprecation notices not displayed to non-admin users Bugfixes: * Fixed upgrade scripts for blog posts and groups forum posts * Can now delete invitations to invisible groups * Fixed several widget bugs * Fixed access level on add to group river item * Fixed recursive entity enabling * Fixed limit on pages in sidebar navigation * Fixed deletion of large numbers of annotations Version 1.8.2 (December 21, 2011 from https://github.com/Elgg/Elgg/tree/1.8) Enhancements: * Added a 404 page * Widgets controls now using the menu system * Admins can edit users' account information * Embed uploader supports uploading into groups * Add a control panel widget for easy access to cache flushing and upgrading * Comments now have a unqiue URL with fragment identifier * JavaScript language files are cacheable * jQuery form script only loaded when required Bugfixes: * Fixed default widgets * Fixed activity filtering * Embedding an image now inserts a medium sized image * Search plugin only uses mbstring extension if enabled * Site pages links returned to footer * Fixed URL creation for users with non-ASCII characters in username * The wire username parsing supports periods in usernames * Returned the posting area to the main wire page * Fixed layout issue on pages with a fragment identifier in URL * Added support for call elgg_load_js() in header and footer * Fixed user picker * Fixed uservalidationbyemail plugin ignoring the actions of other plugins * Fixed bug preventing the creation of admin users * Fixed deleting a widget with JavaScript disabled * Fixed many bugs in the unit/integration tests Version 1.8.1 (November 16, 2011 from https://github.com/Elgg/Elgg/tree/1.8) Enhancements: * Completed styling of user validation admin page * Adding rel=nofollow for non-trusted links * Added direct icon loading for profile avatars in profile plugin * Improved the structure of content views to make styling easier * Updated version of jQuery to 1.6.4 * Added basic support for icon size customization * Added a toggle for gallery/list view in file plugin * Added support for passing CSS classes to icon views * Added support for non http URLs to Elgg's normalize functions * Added better support for the 404 forward if a page handler does handle a request Bugfixes: * Fixed autocomplete and userpicker * Fixed RSS and web service-related view types * Fixed walled garden display issues * Added work around for IE/TinyMCE/embed insert problem * Implemented ElggUser.isAdmin() JavaScript method * Fixed the date views and JavaScript datepicker * Fixed horizontal radio buttons styling * Modules only display header if there is content for it Version 1.8.1b (October 11, 2011 from git://github.com/Elgg/Elgg.git) Enhancements: * New group activity widget for user dashboard. * Added more sprites. * version.php information cached instead of loaded 100s of times. * Added class elgg-autofocus to add focus on inputs when the page loads. * Admins can edit user avatars again. * Added a filter for non-bundled plugins in plugin admin. * Improvements to admin area theme. Bugfixes: * Fixed site dropdown menu for IE. * ElggEntity->deleteMetadata() no longer deletes all metadata ever if called on an unsaved entity. * Fixed Embed plugin. * Fixed activate and deactivate all plugins. * Fixed URL for group membership request in notification email. * Fixed log browser plugin's admin area display. * Fixed RSS icon not showing up on some pages. * Fixed river entries for forum posts that were lost if upgrading from 1.7. * Better displaying of errors when activating, deactivating, or reordering plugins. * Fixed Developer Plugin's inspection tool. * Fixed avatar cropping on IE 7. * Bookmarks plugin accepts URLs with dashes. * "More" menu item on site menu hidden if items are manually specified. * Fixed hover menu floating if unrestrained. * JS init, system fired when DOM and languages are read. * Fixed the date picker input view. * Fixed stack overflow when calling elgg_view() from a pagesetup event. * Menu links no longer have empty titles and confirm attributes. * Fixed crash when attempting to change password to an invalid value. * Fixed "More groups" link for groups widget. * Fixed output/confirmlink to use a default question if not specified. * Added missing language strings. Also added "new", "add", and "create". * Registered security token refresh page as external to avoid token refresh problems on Walled Garden sites. * Displaying more accurate message if uploading an avatar fails. * "Leave group" button doesn't display for group owners. * Request group membership button displays only when logged in. * Fixed the number of displayed items for Bookmarks widget. * Fixed fallback to deprecated views for widgets. API changes: * Menus names must be unique to the entire menu, not just section. * Input views that encode text use the option 'encode_text'. * Added ElggPlugin->getFriendlyName(). * elgg_view_icon() accepts a class. * Added hook output:before, page. * Added hook output:before, layout. * elgg_get_entities() and related functions return false if passed valid options with invalid values. * Can disable the user hover menu by passing hover => false to elgg_view_icon(). Previously it was override => true. * Embed plugin uses menu system. See readme for embed plugin. * Manifest attributes are no longer translated via elgg_echo(). * Fixed livesearch ajax endpoint. * Fixed site unit test. * Unit tests tidy up after themselves better. * forward() throws an exception if headers are already sent. * Better errors if adding a user through admin area fails. * Localized profile fields. * Added 'is_trusted' parameter output/url to avoid escaping and filtering. Defaults to false. * Added elgg_unregister_action() * Fixed ElggPriorityList::rewind(). * Fixed forwarding after login for login-protected pages. * get_site_by_url() respects class inheritance for subclassing ElggSite. Internal changes: * Updated deprecated uses of internalname/id. * Using wwwroot instead of www_root because of inconsistencies. Version 1.8.0 (Jackie) (September 5th, 2011 from git://github.com/Elgg/Elgg.git) Notes: Elgg 1.8 contains the most changes in Elgg since the transition from Elgg 0.9 to Elgg 1.0. The core team tried to make the transition as smooth as possible, but in the interest of following standards and simplifying the development process for core and third party developers, we have made changes that will require updating plugins. We believe these changes will help Elgg development be easier for everyone. It is unreasonable and unhelpful to list the full details of all changes in this file. Instead, we will list the high level, overarching changes to systems. If you are interested in the specifics, Elgg 1.8's source code is highly documented and serves as a good guide and the git commit log can provide excruciating details of what has changed between 1.7 and 1.8. Please post your feedback, questions, and comments to the community site at http://community.elgg.org. As always, thank you for using Elgg! --The Elgg Core Development Team A tip about updating plugins: It's not difficult to update 1.7 plugins for 1.8. There is a detailed document outlining this process on the wiki: http://docs.elgg.org/wiki/Updating_plugins_for_Elgg_1.8 The basic process is: 1. Clean up the plugin to make sure it conforms to coding standards, official structure, and best practices. 2. Update any uses of deprecated functions. Functions deprecated in 1.7 will produce visible notices in 1.8! 3. Use the new manifest format. 4. Use the new menu functions. 5. Use the new JS features. 6. Update the views to use core CSS helper functions and classes instead of writing your own. The documentation directory and the wiki has more information. User-visible changes: * New default theme. * New installation. * Separate and updated admin interface. * Updated plugin themes. Generic API changes: * Improved the markup and CSS. * Restructured and simplified the views layouts. * Added a new menu system. * Added new CSS and JS file registration functions. * Added a JS engine. * Added a breadcrumb system. * Added a sticky forms system. New plugins: * Dashboard - The activity stream is now the default index page. A 1.7-style dashboard is provided through the dashboard plugin. * Developers Plugins - Developer tools. * Likes - Allows users to "like" other users' content. * oAuth API - A generic, reusable oAuth library. * Tag Cloud - A widget-based tag cloud generator. * Twitter API - A generic Twitter library that allows signin with Twitter and pushing content to tweets. Replaces twitter_service. Deprecated plugins: * captcha - Captchas have long since stopped being useful as a deterrent against spam. * crontrigger - Real cron should be used. * default_widgets - This functionality is now part of core. * friends - This functionality is now part of core. * riverdashboard - Displaying the river (activity stream) is default in core. The original dashboard can be restored by the new Dashboard plugin. * twitter_service - Replaced by Twitter API. Elgg 1.8.0.1 was released immediately after 1.8.0 to correct a problem in installation.