Version 4.4.7 is a maintenance update to fix critical issues reported since 4.4.6.
- Fixed external video URLs being embeddable which could allow htaccess prompts for Firefox users, which could be manipulated for social engineering.
- Fixed SSRF vulnerability if image proxy is enabled.
- Fixed GET data overwriting POST data when submitting a form.
- The gateway files for downloading attachments now issue a Content-Security-Policy header.
- Clarified verbiage on button when resuming a UTF8 conversion.
- Added a message for when REST API test fails due to a path conflict.
- Added the ability to fetch members via the REST API with activity_before/activity_after parameters.
- Added `device_key` cookie information to the cookie page.
- Adjusted Community in the Cloud auto-upgrader interface for future upgrades as the existing progress bar was inaccurate.
- Adjusted the Friendly URL list to allow legacy customised URLs to be reverted.
- Updated 'username' verbiage in some areas to refer to 'display name' instead.
- Users will now be redirected directly to reviews they submit rather than back to the item.
- Fixed individual comments sometimes showing in “Items Only” streams when using Elasticsearch.
- Fixed an issue where content may not be presented in Elasticsearch searches after it is updated.
- Fixed an issue where anonymous state can be lost for sessions when using Redis for session handling.
- Fixed errors viewing and rebuilding the leaderboard, using post before registering and viewing social promotion when MySQL 8.0.17 is used.
- Fixed a duplicate column error that may be logged when upgrading.
- Fixed an error that can occur when tracking email statistics if the email is sent from a task.
- Fixed an issue where uploading a new version of a theme may not immediately reflect changes when using disk caching.
- Fixed an issue where editing some login handlers (Facebook, Microsoft, etc.) can break in some situations when editing their details.
- Fixed unstyled content showing in Firefox on pages containing embeds if lazy-loading is enabled.
- Fixed an issue were re-promoting content may not correctly show the selection state of existing image attachments.
- Fixed a rare niche issue where it's possible for a digest task to get stuck in a loop.
- Fixed an issue with unapproved comment notifications in situations when merging content and retaining a link.
- Fixed an issue where it's possible to cause an uncaught exception by manipulating the URL for a content item that doesn't support reactions.
- Fixed an issue where MySQL search index records were incorrectly deleted.
- Fixed a missing language string on the 'Support Account' AdminCP notification when Commerce isn't present.
- Fixed an issue with the LDAP login handler where error messages during set up may not be descriptive.
- Fixed an issue where the empty BreadcrumbList ld+json tag would be added to the output.
- Fixed an issue where it was possible to bypass profanity filters when using quick title edit.
- Fixed an issue where admin control panel failed mail notifications could show a template error.
- Removed options for content widget feeds to return hidden content added in 4.4.5 which has been unreliable
- Fixed “Reply to this topic” button not working for guests
- Fixed an issue where the ACP - "Popular Now" forum settings couldn't be saved.
- Fixed an issue where the upgrade could fail because of missing database columns.
- Fixed an error when pasting a page link into an editor, it displayed as an embed of the entire site.
- Fixed permissions not synchronizing properly when changing a database from using categories to not using categories.
- Fixed Editor fields pre-populating content from other records when the "Editable when viewing a record" setting is used.
- Fixed an issue where externally embedded blocks do not work if "Allow community to be embedded in an iframe" is not set to "Anywhere".
- Fixed all day event dates showing incorrectly in email notifications in some timezones.
- Fixed an issue with top downloaders/submitters statistics page losing filters when changing pages.
- Fixed an issue with downloads storage handler custom URL when upgrading from 3.x.
- Fixed an issue with top uploads statistics page losing filters when changing pages.
- Improved converted row caching when running multiple conversions back-to-back.
- Conversions will now explicitly strip HTML tags in member titles.
- Attempt to correct corruption of serialized profile field data during conversion from vB.
- Fixed a potential issue that can occur converting vB Blog.
- Fixed certain data not being converted (affects SMF, vB5, Vanilla, phpBB, UBBThreads, Expression Engine).
- Fixed an issue where the 'manage conversions' page may not load if you have legacy conversions.
- Fixed an issue when converting content from vB5 which contains [IMG2] or [USER] BBCode.
- Fixed an issue when converters attempt to convert administrators if the last update time is available.
- Fixed a number of issues converting vB CMS attachments.
- Added permalinks to the Information, Shipping, and Reviews tabs when viewing a package in the store.
- Added a new 'neutral' display for ticket history statistics (i.e. if a statistic matches the 30 days prior).
- Fixed an issue where members could add themselves as an alternative contact.
- Changed the package seo name column length to 255 characters.
- Fixed renewal invoices being generated with the wrong billing address for transferred purchases.
- Fixed an error fetching license key info through the Commerce license key API.
- Fixed an issue where the tax name in invoice emails could be missing.
- Fixed an issue where deleting a support department can result in an error in some circumstances, if that department had custom fields mapped to it.
Third-Party / Developer / Designer Mode
- Applications can no longer be set as the default application if they have no front modules.
- Fixed an error creating a new conversion software library using the AdminCP tools.
- Fixed an issue where content items that have not defined a `$containerNodeClass` property could throw an error during searches.