Elgg

New versions for Elgg 3.0 and 3.1 are now available in the download section.In Elgg 3.0.6 and 3.1 we introduced a bug which prevented Elgg from working correctly if it's installed in a sub directory (for example: https://example.com/elgg/). This bug ... [More] has been fixed.Release notes for 3.0.7Contributors Jerôme Bakker (2) Jeroen Dalsem (1) Bug Fixes js: improved elgg.normalize_url to handle more site cases (57af9e2b) routes: use absolute url as base for route url generation (244854af) Release notes for 3.1.1No additional changes other than the 3.0.7 fixes. [Less]

It has been more than 3 months ago since we released Elgg 3.0. That means it is time for a new feature release. You can find it in the download section.PHP 7.1 requiredPHP 7.0 has reached end-of-life January 2019. We would like people to use a secure ... [More] and supported version of PHP and therefore we increased the requirement to 7.1.This Elgg release has seen a lot of changes that were on the todo list for a long time. You can find the full release notes below. Here are some noteworthy changes:For users: The navigation tree of pages in the Pages plugin has been revamped to re-use existing styling and now is limited to the navigation tree of the content you are viewing A new icon cropper has been added. You can see it when you update your avatar. Expect to see it used in more locations in the future The text editor (CKeditor) has been updated to a newer version Changing your email now requires you to validate your new address For site administrators: The user management has some improvements There is more information (and also tips/suggestions/warnings) available about the system, performance and security Extra security settings have been added For developers: More HTML5 input views have been added Plugin hooks and events can be registered in elgg-plugin.php Plugin route config options have been added (deprecated route, required plugins) A lot of old/legacy ways of doing things have been deprecated ---------------------------------------Release notes for Elgg 3.1Contributors Jeroen Dalsem (81) Jerôme Bakker (23) Rohit Gupta (9) Ismayil Khayredinov (1) Joe Bordes (1) Features admin: added requirements information about database server (d9c92dab) add email change option to unvalidated users (f09ba7ee) add server requirements page (4e5cd057) moved Elgg release to page header (f55d0f1d) add security recommendations page (e129b307) add performance overview page (f1321a2f) admin user lists now have the ability to search by email (c34789f4) add admins directly from the administrators page (78027dda) basic and advanced settings are merged into one form (aedaa0e1) ckeditor: updated to ckeditor v4.12.x (33b44604) updated ckeditor version to 4.11.x (d6061b3f) core: error resources now have access to the exception (fac3141e) added function to convert large numbers into short form (de9d2ef8) admin notices now have their own class (a627d4ef) manifest.json is now a cacheable simplecache resource (ef98f420) db: allow configuration of the database port number (058db755) developers: wrap input and output views (cafdb455) display view location in view wrapping (e6ba1ecf) added acl information to entity explorer (9c465a1a) entities: added helper function elgg_count_entities (7e00cbc7) gatekeeper: flag to validate user edit access (8becf0ea) groups: support content based on type/subtype in tool module (fa897bcb) icons: add icon cropper (deb5d212) input: add support for more input types (048704e2) menus: added menu param to set a selected menu item (74d50561) notifications: Elgg\Email knows about sender and recipient (539437b0) page_owner: moved page owner logic to a service (bc35cf5a) pages: page navigation now uses default page menu behaviour (89976121) replaced treeview js and css with default menu behaviour (18be2699) phinx: updated phinx version to 0.10.x (52ebe588) plugins: hooks and events can be declared in elgg-plugin.php (c1cc12c4) profile: new input types for custom profile fields (59c1a4ba) router: add SignedRequestGatekeeper middleware (54e050a3) routes: added required plugins param to route config (8f4c1957) added route config to mark route as deprecated (53d8f433) security: request confirmation on email change (53017104) notify the user about a password change (8692ac32) site_notifications: topbar menu item now has a unread count badge (a1d1fddc) upgrades: completed upgrades are sorted by completion time (beebaecd) users: unify set/get/delete profile data functions (906c25b7) added a site setting to allow users to change the username (3e2a476e) views: add additional page menu and owner block controls (5cf80c8c) password inputs now set correct autocomplete behaviour (929f7bc5) show_add_form view var is now supported in responses (7bd0f0da) Performance db: added some extra indexes to the entities table (0395d99b) Documentation core: added a spam guide (2ac20105) added documentation about the usage of elgg_call (8beef28f) added upgrade notices page for 3.0 to 3.x (456e4fba) Bug Fixes admin: different user counters in admin stats (73c86726) core: updated PHP version checks to check correct version (dbb02710) elgg_call will now also restore when an error is thrown (54964f59) css: spacing between profile-field and widgets (a281ac45) prevent jquery-ui bug related to sortables (fa840b53) discussions: no longer call unavailable sidebar views (afe83c96) forms: added missing entity info in widget access input (8f1770d1) pages: no longer register page_nav menu if there is just one item (a7f7359d) removed the pages navigation sidebar from some resources (08f3df26) no longer show history sidebar on revision page (3c91022d) system_log: correctly fetch non default object classes (3f0a10d4) Deprecations access: elgg_set_ignore_access is deprecated (6d0d99ec) access_show_hidden_entities is deprecated (33b3e5ac) actions: replaced several delete actions with entity/delete (192d01ac) core: legacy hook/event callback arguments are deprecated (563f4492) various unused lib functions have been deprecated (792bd362) elgg_instanceof is now deprecated (2602c801) replaced delete_directory with elgg_delete_directory (f61471dc) css: use elgg_require_css instead of elgg_register_css (b0c014f3) js: use elgg_require_js instead of elgg_register_js (e3d4a13c) page_owner: don't set page_owner via elgg_get_page_owner_guid (b1089824) plugins: usage of the views.php file in plugins is deprecated (95592b04) no longer use the (de)activate.php plugin files (d89c2474) plugin screenshots are no longer supported (0f7fe379) tests: the simpletest cli command is deprecated (f17a8cd9) thewire: the route previous:object:thewire is now deprecated (677d9129) [Less]

New versions for Elgg 3.0 and 2.3 are now available in the download section.Release notes for Elgg 3.0.6Contributors Jeroen Dalsem (11) Jerôme Bakker (9) Ismayil Khayredinov (1) Documentation code: added note about low-level functions that should ... [More] throw (03417897) composer: document composer autoloader optimization (fee62f05) css: added some best practices about css files and classnaming (daa55646) Bug Fixes cache: improved handling of values (db7c8864) prevent timeout during cache flush (ab8c759b) ckeditor: no need to remove plugins as they are not loaded (55b95e7a) comments: popup menu will close itself when inline editing comments (9a7ecc73) core: literal order by clauses are no longer deprecated (e77e4898) unset on ElggData will always use magic setter (a0b442ad) always show success message when upgrade has finished (0afb29d8) http: request validation now correctly reads payload (c5e18f45) js: validate arguments in elgg.get_simplecache_url (91f7c143) pages: correctly check who can edit (write) access (a87ec78f) routes: route url generation will always return a normalized url (d0b2503a) Release notes for Elgg 2.3.14Contributors Jerôme Bakker (3) Jeroen Dalsem (1) Bug Fixes groups: no error on notification failure during membership request (2bd72ffc) http: check object for toString function (1cd0809e) installer: detect more https scenarios (05648781)   [Less]

A new version for Elgg 3.0 is now available in the download section.Special thanks to Alex Kisak for reporting a small security issue. If you find any security issues please email us at security [at] elgg [dot] org, or use the new GitHub security ... [More] reporting feature https://github.com/Elgg/Elgg/security/advisoriesRelease notes for 3.0.5Contributors Jerôme Bakker (8) Jeroen Dalsem (2) Ismayil Khayredinov (1) Documentation compatibility: explain @Internal implications (5c7b52e5) plugins: document plugin bootstrap usage (02ea7a0d) Bug Fixes core: correctly remove annotations on non saved entities (20af166e) http: non-multipart requests should not fail validation (c59ae7aa, closes #12654) notifications: correctly sort the notifiable users (583fb67f) search: highlighter no longer messes up output when searching ints (e3499498) thewire: full view uses correct entity layout (64143d58) Deprecations groups: group_acl metadata has been deprecated (380cfa24) [Less]

New versions for Elgg 3.0 and 2.3 are now available in the download section.Release notes for Elgg 3.0.4Contributors Jerôme Bakker (6) Jeroen Dalsem (2) Bug Fixes blog: save draft in correct container (b32c6139) email: set default email ... [More] attachment id (ae8fc0a4) install: minification is enabled for fresh installations (ae869441) livesearch: by default no longer include banned users (c059ff11) response: only set error content if provided (518231ab) system_log: prevent fatal exception when constructing objects (5105ca6f) Release notes for Elgg 2.3.13Contributors Jeroen Dalsem (1) Bug Fixes blog: show correct last saved date (b888e7e1) [Less]

A new version of Elgg 3.0 is now available in the download section.This release contains some small bug fixes and a lot of code documentation improvements. We use Scrutinizer to analyse our code base and based upon the results we improved the code ... [More] documentation. We went from +/- 1800 issues to less than 50. The remaining issues are a bit more complex and have separate tickets to be solved.Release notesContributors Jerôme Bakker (55) Jeroen Dalsem (21) Rohit Gupta (1) therecluse26 (1) Performance db: improved preloader queries for performance (6ec44b7a) entity: only update private settings if value changes (ee955db4) Bug Fixes ajax: reponseFactory prepares reponse (ff965eab) cache: let cache (un)serialize contents (#12615) (29eeabc5) updated Stash version to 0.15.* (3aa057a8) improved error handling in Stash (79107e3f) core: use correct typehint namespace (aaeacf36) remove unused action hook listener in BootService (01ff862c) report correct duration for non sequential timers (1831589f) db: make sure all queries are tracked and logged (8e6da0c6) email: don't set duplicate content-type header (#12625) (5625412c) gatekeeper: allow access to content of banned users (c7c36082) messages: added missing translation string (5c612c1a) metadata: removed usage of canEditMetadata is MetadataTable::delete (35c39119) removed usage of canEditMetadata (42495a6b) notifications: prevent php warning when no collections selected (6efd8f7b) output: always return string in formatter (b92a6dbd) pages: don't show access fields if no edit rights (33eff4b2) plugins: only reindex plugin priorities with new disabled plugins (9652c77e) plugin details tabs work again (f3c9bb3f) request: upload post max size is now correct validated (#12610) (5b118806) river: restored ignoring access when bulk deleting river items (761dc191) search: no longer set deprecated search_type tags on tag links (#12611) (a639fbba) session: cookie configuration not read from settings file (d43d282c) session close moved to the latest possible moment (16c06fc2) system_log: filtering in logbrowser could result in no results (bdf6ec54) system_log_get_log accepts single array argument (#12607) (9641b008) web_services: fetch correct api user (f857b1ef) widgets: return all widgets in case of duplicate order (e2899cb4) [Less]

New versions for Elgg 3.0 and 2.3 are now available in the download section.Release notes for Elgg 3.0.2Contributors Jeroen Dalsem (9) Jerôme Bakker (6) Performance upgrades: improved speed of friends acl async upgrade (004dcdd4) Bug Fixes core: ... [More] prevent namespace conflict (526ecf72) use webserver timezone for date (f0f16685) css: user hover card is now single column layout (fcff8f90) prevent quick wrapping of title menu items (d0c07dc6) forms: added missing entity info in widget access input (1f92b130) i18n: make sure system translations are loaded before adding custom (48ce7e0c) icons: do not remove uploaded file when saving as icon (e669071c) only fix image orientation when handling icons (4e690386) upgrades: friends acl upgrade will now update all entities (68f12d13) Release notes for Elgg 2.3.12Contributors Jerôme Bakker (1) Bug Fixes widgets: improved stability of widget title (904eefc1) [Less]

This is a hotfix release for Elgg 3.0. A small bug made it's way into the first release which needed to be corrected.You can find the hotfix in the download sectionRelease notesContributors Jerôme Bakker (1) Bug Fixes response: secure correct url (72192b60)

Thanks to the hard work of every contributor Elgg 3.0 is here. For a brief overview of the new features have a look at the Elgg 3.0.0-rc.1 blog. Plugin developers can have a look at the upgrade notes on learn.elgg.orgYou can find the Elgg 3.0 release ... [More] in the download section.Because this is a major update of Elgg some plugins might not yet be compatible with this new release, please give the plugin developers some time to update their plugins.With the release of Elgg 3.0, Elgg 1.12 has reached it's end-of-life and will no longer receive any updates. A detailed article about the Elgg support policy can be found on learn.elgg.org.Release notesContributors Jerôme Bakker (60) Jeroen Dalsem (54) Rohit Gupta (3) iionly (1) Features cache: reset opcache when flushing the system cache (b3c84901) core: added server statistics about OPcache (f48d7b1a) gatekeeper: improved gatekeeper exceptions (d8765071) added a logged out gatekeeper middleware (b9264a93) i18n: output date in locale string (c2ca5da2) livesearch: allow to filter out banned users (c3d631a3) security: added admin setting to set if icons are session bound (07f070de) upgrades: added an information page about the phinx db upgrades (5ce9bced) Performance db: added combined index on entities type/subtype (33b8463c) i18n: improved logic of loading translations (d615165b) cache translations in systemcache only when loaded (ea22727f) plugins: preload private settings when fetching plugins from db (daaab2a2) always set boot plugins (a70787c8) only reset plugin priority if dirty (2d5d8571) upgrades: use direct queries during friends acl upgrade (6a401bc9) disable systemlog during execution of an ElggUpgrade (d94ec941) Documentation icons: document recommended additional options for entity icons (a39bb1c7) Bug Fixes account: don't allow , and : in username (7049923e) ajax: on error response clear system messages (e3ca2b10) blog: use correct route after deleting a blog (6481b93f) excerpt no longer limited during save (f2f1eb7c) ordering of archive menu items not consistent (3ff75438) cache: clear running autoloadermap when flushing the caches (2ea53a3b) comments: show read more in activity for long comments (5cca32bf) core: fallback to generic error code in ErrorResponse (9c81a8bb) make sure constants are available during db migrations (d5c8ff47) directory permissions more usable (5fdf3a86) try to forward to entity collection after deletion (df08d138) css: keep tabs together on smaller screens (ef0b42f7) entity navigation not always correctly aligned in all browsers (64c6a0c0) popped out dropdown always showing (9597d6c4) allow wrapping of elgg-menu-hz menu items if there is no room (2e4292ca) wordbreaking is now allowed everywhere (994663fd) database: support closure group_by clauses (7da86a40) email: set content encoding on magic email attachments (b0ef558a) embed: tabs now working correctly (8a4b80e5) gatekeeper: return http 401 status code when not authorized (4bb770d7) groups: add menu item in correct menu section (436c93a6) icons: increased the default resolution of master icon to 10240px (e39e5d29) input: do not autocomplete input date fields (d55cf07b) invitefriends: route path conflict with friends plugin (9c645ed0) js: clear system messages when submitting ajax submitted form (dbc6a913) check if trigger is set before validation if part of comments (9fdd66d7) provide user feedback when opening user hover menu (bb280605) close popups on window scroll (6fbaf8d4) menus: menu items will recursively sort its children (e979cd69) prevent section output if no items (f7868abb) you can now have a link with toggleable features combined (097b01f7) navigation: always append admin toggle menu item (41021eda) do not require logged in user for filter tab all (570d7721) correctly remove selected state if link item not a tab (8cd7209a) improved breadcrumbs for site containers (578a25c5) entity nav fixed for entities with same time created (4d66fcc1) add default user_hover section items to actions section (387d618b) notifications: validate the notification event (b8e34723) plugins: generateEntities correctly rediscovers disabled plugins (b62238dd) rely on magic translations for widgets (988ec419) request: return expected return type (af805ca1) set_input values override request values (ba1e977d) use same order as in getParam() (9ac24c7a) rss: listings have rss content (07e6338c) register rss link in a more logical way and provide control (9e785825) prevent RSS output if disabled (cf6af267) scripts: transifex script adjustments (0633121c) search: namespace profile fields (3fc2afcb) improved search fields normalization (ec58c6f1) split search field registrations (cae5e906) session: close session early when redirecting repsonses (4149f8d3) site_notifications: site notification link js handling works again (2a62cd6e) system_log: use correct plugin setting for cron jobs (f6c5d109) tags: support documented elgg_get_metadata features (4460f948) tests: pass test independed of loglevel settings (2e22b1df) upgrades: drop site_guid as primary and unique key explicitely before removing site_guid column (ff6f2069) validate database setting before changing (89989f56) don't report Batch errors for completed upgrades (b8e1af6e) don't offer delete link for ElggUpgrades (5b9d1b08) users: set default values (7757fcd5) widgets: check page owner canEdit in can_edit_widget_layout (e40ffbcc) [Less]

Thanks to a detailed report by Jyoti Raval we were able to mitigate an open redirect vulnerability.Please report any security issue to security [at] elgg.orgThe latest version of Elgg can be found in the download section of the website.Elgg 1.12.18 ... [More] release notesContributors Jyoti Raval (1) Wouter van Os (1) Bug Fixes core: revert original libxml_use_internal_errors value after use (bc30e941) Elgg 2.3.11 release notesContributors Jerôme Bakker (4) Ismayil Khayredinov (1) Bug Fixes gatekeeper: more consistency in resource gatekeepers (60a045a3) livesearch: prevent PHP warning in switch statement (44e671d0) notifications: fix faulty subscription list mutations (0edb38d1) walled_garden: allow access to webapp manifest.json (73c36a13) [Less]