4.1.7
Security
Critical Security Issue Authorize input before processing. (Thanks Vladimir).
Critical Security Issue Prevent XSS input in messages body.
Profile
Bug Fix Single quote in translations make javascript broken at preference page.
Bug Fix Big profile pages will timeout when visited by guest user.
Improvement Display & symbol properly in custom profile fields.
Bug Fix Validate profiletype selection properly.
Improvement Default custom profile field privacy should be same as profile privacy.
Photos
Bug Fix Fix empty alt attributes.
Bug Fix Fix album paths.
Bug Fix Fix wrong "Back to album" link
Videos
Bug Fix Full screen videos are broken in Chrome.
Bug Fix Fix some S3 videos that can't be played.
Bug Fix Zencoder terms of service checkbox is missing.
Bug Fix Videos on the streem can't be played when using JomSocial's player.
Groups
Bug Fix Fix the minor SEF issue with groups.
Events
Bug Fix Event response options are visible to guest user.
Bug Fix Super Admin should be able to view invitation only events.
Bug Fix Super Admin should be able to create events, even if events creating is disabled in the backend.
Modules and Applications
Bug Fix JS Events module should be translatable
Bug Fix My Google Ads plugin not working at all.
Bug Fix Hello Me module issues with user online status set to false.
Improvement For consistency, replace description with sumarry in the JS Events Calendar module.
Search
Bug Fix Advanced search returns error when seraching within profiletype.
Bug Fix Fix the country search.
Templates
Bug Fix Element ul not allowed as child of element small.
Improvement Make the hovercard smarter and display on the visible area of the screen.
Misc
Improvement Language improvements and hardcoded strings removal