This is a maintenance release to resolve the following issues:
- Permission matrix can show incorrect permissions when using the Member > Group permission tool.
- Using Authorize.Net Payment Gateway may result in an error.
- A logged in member without a valid timezone set will trigger exceptions any time another members age is checked.
- Where the upgrader can result in a fatal error due to an invalid class stored for a Pages record comment.
- An upgrade error where reports are loaded for Pages databases that no longer exist.
- Orphaned comments trigger an exception when search index is rebuilding.
- An exception can occur continued upgrades: DateTime::setTimestamp() expects parameter 1 to be long, object given.
- Recursion can occur if the core_log table doesn't exist yet (as happens during auto upgrade).
- An issue where importing a theme can break CSS.
- MySQL strict mode upgrade to 4.1.12 can fail.
- Installing a new plugin via the ACP can fail.
As part of our ongoing internal security audit, this release also improves security in the following areas:
- Possible XSS in the "hovercard" system.
- Further hardening to the insecure file upload code.