Elgg

v7.0.0 Feature

This release adds 3 notable features for engineering teams evaluating rollout.

Published 12d Productivity & Wikis

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

elgg php social-networking-engine

Affected surfaces

auth breaking_upgrade

ReleasePort's take

Light signal

editorial:auto 12d

Elgg 7.0.0 adds client‑IP logging to system_log and hardens security by blocking access to the elgg‑config directory.

Why it matters: Enabling system_log now records IP addresses for audit trails, while install prevents unauthorized access to sensitive configuration files; both changes apply immediately in version 7.0.0.

Summary

AI summary

Updates Bug fixes, Contributors, and https://github.com/Elgg/Elgg/issues/15040 across a mixed release.

Changes in this release

Type	Severity	Summary	CVE
Security	Medium	install prevents access to elgg‑config directory install prevents access to elgg‑config directory Source: llm_adapter@2026-05-22 Confidence: low	—
Feature
Feature	Medium	system_log setting enables client IP address logging system_log setting enables client IP address logging Source: llm_adapter@2026-05-22 Confidence: low	—
Feature	Medium	icons use .fa class for default FontAwesome styling icons use .fa class for default FontAwesome styling Source: llm_adapter@2026-05-22 Confidence: low	—
Feature	Medium	views auto‑detect listing getter in generic listing views auto‑detect listing getter in generic listing Source: llm_adapter@2026-05-22 Confidence: low	—
Bugfix
Bugfix	Medium	plugins improved handling of plugin start issues plugins improved handling of plugin start issues Source: llm_adapter@2026-05-22 Confidence: high	—
Bugfix	Medium	groups search page handles bad input groups search page handles bad input Source: llm_adapter@2026-05-22 Confidence: high	—
Bugfix	Medium	groups use consistent route name for membership requests groups use consistent route name for membership requests Source: llm_adapter@2026-05-22 Confidence: high	—
Bugfix	Medium	images prevent OOM issues when resizing overly large images images prevent OOM issues when resizing overly large images Source: llm_adapter@2026-05-22 Confidence: high	—
Bugfix	Medium	email sets correct sender address email sets correct sender address Source: llm_adapter@2026-05-22 Confidence: low	—
Bugfix	Medium	di improved handling of unknown public services di improved handling of unknown public services Source: llm_adapter@2026-05-22 Confidence: low	—
Bugfix	Medium	forms autocomplete item icons behave consistently forms autocomplete item icons behave consistently Source: llm_adapter@2026-05-22 Confidence: low	—
Bugfix	Medium	system_log handles unknown service during plugin activation system_log handles unknown service during plugin activation Source: llm_adapter@2026-05-22 Confidence: low	—
Bugfix	Medium	profile tightens check for a condition profile tightens check for a condition Source: llm_adapter@2026-05-22 Confidence: low	—
Bugfix	Medium	profile handles null ban_reason in wrapper view profile handles null ban_reason in wrapper view Source: llm_adapter@2026-05-22 Confidence: low	—
Bugfix	Medium	icons no longer map OTF files as FontAwesome zips lack them icons no longer map OTF files as FontAwesome zips lack them Source: llm_adapter@2026-05-22 Confidence: low	—
Bugfix	Medium	css resolves search topbar cancel icon conflict with search icon css resolves search topbar cancel icon conflict with search icon Source: llm_adapter@2026-05-22 Confidence: low	—
Bugfix	Medium	css font awesome toggle icon now uses a before pseudo‑element css font awesome toggle icon now uses a before pseudo‑element Source: llm_adapter@2026-05-22 Confidence: low	—
Bugfix	Medium	css improves various dark mode colors css improves various dark mode colors Source: llm_adapter@2026-05-22 Confidence: low	—
Bugfix	Medium	actions JsonDownloadAction controller always pretty‑prints JSON actions JsonDownloadAction controller always pretty‑prints JSON Source: llm_adapter@2026-05-22 Confidence: low	—

Full changelog

Contributors

Jeroen Dalsem (26)
Jerôme Bakker (25)
Chris Funderburg (2)

Features

system_log: setting to enable client IP address logging 146a923f5
icons: FontAwesome icons use .fa class for default icon styling 2cc0b26c8
views: auto detect listing getter in generic listing 2008c96cb

Bug fixes

plugins: improved handling of plugin start issues b9bbf0875 closes #15040
groups:
- search page handles bad input ec6375239 closes #15047
- use consistent route name for group membership requests aa60f3ebe
email: set correct email sender address fe9050781
di: improved handling of unknown public services b972e044b
forms: autocomplete item icons behave consistently f6a0483de
system_log: handle unknown service during plugin activation 1763d6244
profile:
- tighten up the check a bit 9e6c294bd
- handle null ban_reason in profile/wrapper view 8161d3788
icons: no longer mapping OTF files as font awesome zips do not contain them 5f557ed84
css:
- search topbar cancel icon conflicts with search icon 472042a42
- font awesome toggle icon now uses a before pseudo element 7bbfe11d5 closes #15042
- improved various dark mode colors 9a3b0211a
actions: JsonDownloadAction controller always pretty prints json 55999b4fa
images: prevent OOM issues when images are too large to resize 0580c4c1d
install: prevent access to elgg-config directory 71d0bb571

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Elgg

Get notified when new releases ship.

About Elgg

Powerful open source social networking engine.

All releases →