Key Changes
This release primarily focuses on stability with many bug fixes from both tickets and the bug tracker. Among dozens of other fixes, important fixes include:
- Multiredirect is changed to use base64-encoded data as upgrader was failing on certain hosts
- Customizable topic/post feed widgets not storing preferences
- Some reports of issues with insert/embed images into posts
- Email notifications do not work for commerce, which also results in purchases not getting marked paid/approved automatically (this only happened when you had extra cc/copy email addresses specified for emails)
We are working on big improvements to our Search system but, until those are ready, we have made two small changes to make search a bit more pleasant: date will be default sort order and words will be searched using AND logic rather than OR logic.
Update
Version 4.0.12.1 released to address issues with form input validation and security updates.
Additional Information
This release contains a security update in Calendar and a resource issue that could be used in a malicious way.
The Calendar issue allowed for a possible XSS event during form input for event location. We extend our thanks to (rabbitz.org) for reporting this issue to us.
A resource issue was fixed whereby a special URL action could create a loop that would use up system memory.